renich/OpenRC ipfs

## install.sh
#!/usr/bin/env bash

# NOT A SCRIPT
# more of a recipe! ;)

# as root
## settings
ipfs_version='0.4.14'
ipfs_user='ipfs'

## install go
emerge go sys-fs/fuse

### setup go
cat << 'EOF' > /etc/profile.d/go.sh
export GOPATH="${HOME}/.go"
export PATH="${GOPATH}/bin:${PATH}"

EOF

. /etc/profile

## firewall
cat << 'EOF' > /var/lib/iptables/rules-save
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:TCP - [0:0]
:UDP - [0:0]

# related
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# truested
-A INPUT -i lo -j ACCEPT

# tracking
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP

# allow
# CHECKME!!
-A TCP -p tcp -m multiport --dports 22,80,443,4001,8080 -j ACCEPT

# drops
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
COMMIT

EOF

rc-update add iptables
rc-service iptables reload

## create user
useradd -d /srv/ipfs -m -r $ipfs_user
su - $ipfs_user


# as user
## settings
ipfs_version='0.4.14'
ipfs_user='ipfs'

## install ipfs-update
go get -u github.com/ipfs/ipfs-update

## install ipfs
ipfs-update install $ipfs_version

### init
ipfs init

### create dirs
mkdir -m 2770 ${HOME}/ipfs
mkdir -m 2770 ${HOME}/ipns

### configure
ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080
ipfs config Mounts.IPFS ${HOME}/ipfs
ipfs config Mounts.IPNS ${HOME}/ipns


# as root
## OpenRC
cat << 'EOF' > /etc/init.d/ipfs
#!/sbin/openrc-run
# Distributed under the terms of the GNU General Public License v2

command=/srv/ipfs/.go/bin/ipfs
name="ipfs"
description="InterPlanetary FileSystem"
pidfile=${pidfile:-/run/ipfs.pid}
user=${user:-ipfs}
group=${group:-ipfs}
app_path='/srv/ipfs'

depend() {
	need net
	use logger
}

start() {
	ebegin "Starting ipfs"
	start-stop-daemon -S -b -u $user:$group -d $app_path -p $pidfile -m -n $name -x $command -- daemon --migrate &>> /var/log/ipfs.log
	eend $?
}

stop() {
	ebegin "Stopping ipfs"
	start-stop-daemon -K -u $user:$group -d $app_path -p $pidfile -n $name -x $command -- shutdown &>> /var/log/ipfs.log
	eend $?
}

EOF

### enable and start
rc-update add ipfs
rc-service start ipfs

## OpenRC ipfs
#!/sbin/openrc-run
# Distributed under the terms of the GNU General Public License v2

command=/srv/ipfs/.go/bin/ipfs
name="ipfs"
description="InterPlanetary FileSystem"
pidfile=${pidfile:-/run/ipfs.pid}
user=${user:-ipfs}
group=${group:-ipfs}
app_path='/srv/ipfs'

depend() {
	need net
	use logger
}

start() {
	ebegin "Starting ipfs"
	start-stop-daemon -S -b -u $user:$group -d $app_path -p $pidfile -m -n $name -x $command -- daemon --migrate
	eend $?
}

stop() {
	ebegin "Stopping ipfs"
	start-stop-daemon -K -u $user:$group -d $app_path -p $pidfile -n $name -x $command -- shutdown
	eend $?
}
	#!/usr/bin/env bash

	# NOT A SCRIPT
	# more of a recipe! ;)

	# as root
	## settings
	ipfs_version='0.4.14'
	ipfs_user='ipfs'

	## install go
	emerge go sys-fs/fuse

	### setup go
	cat << 'EOF' > /etc/profile.d/go.sh
	export GOPATH="${HOME}/.go"
	export PATH="${GOPATH}/bin:${PATH}"

	EOF

	. /etc/profile

	## firewall
	cat << 'EOF' > /var/lib/iptables/rules-save
	*filter
	:INPUT DROP [0:0]
	:FORWARD DROP [0:0]
	:OUTPUT ACCEPT [0:0]
	:TCP - [0:0]
	:UDP - [0:0]

	# related
	-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

	# truested
	-A INPUT -i lo -j ACCEPT

	# tracking
	-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
	-A INPUT -p udp -m conntrack --ctstate NEW -j UDP

	# allow
	# CHECKME!!
	-A TCP -p tcp -m multiport --dports 22,80,443,4001,8080 -j ACCEPT

	# drops
	-A INPUT -m conntrack --ctstate INVALID -j DROP
	-A INPUT -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
	-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
	-A INPUT -p tcp -j REJECT --reject-with tcp-reset
	-A INPUT -j REJECT --reject-with icmp-proto-unreachable
	COMMIT

	EOF

	rc-update add iptables
	rc-service iptables reload

	## create user
	useradd -d /srv/ipfs -m -r $ipfs_user
	su - $ipfs_user


	# as user
	## settings
	ipfs_version='0.4.14'
	ipfs_user='ipfs'

	## install ipfs-update
	go get -u github.com/ipfs/ipfs-update

	## install ipfs
	ipfs-update install $ipfs_version

	### init
	ipfs init

	### create dirs
	mkdir -m 2770 ${HOME}/ipfs
	mkdir -m 2770 ${HOME}/ipns

	### configure
	ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080
	ipfs config Mounts.IPFS ${HOME}/ipfs
	ipfs config Mounts.IPNS ${HOME}/ipns


	# as root
	## OpenRC
	cat << 'EOF' > /etc/init.d/ipfs
	#!/sbin/openrc-run
	# Distributed under the terms of the GNU General Public License v2

	command=/srv/ipfs/.go/bin/ipfs
	name="ipfs"
	description="InterPlanetary FileSystem"
	pidfile=${pidfile:-/run/ipfs.pid}
	user=${user:-ipfs}
	group=${group:-ipfs}
	app_path='/srv/ipfs'

	depend() {
	need net
	use logger
	}

	start() {
	ebegin "Starting ipfs"
	start-stop-daemon -S -b -u $user:$group -d $app_path -p $pidfile -m -n $name -x $command -- daemon --migrate &>> /var/log/ipfs.log
	eend $?
	}

	stop() {
	ebegin "Stopping ipfs"
	start-stop-daemon -K -u $user:$group -d $app_path -p $pidfile -n $name -x $command -- shutdown &>> /var/log/ipfs.log
	eend $?
	}

	EOF

	### enable and start
	rc-update add ipfs
	rc-service start ipfs