fix(init): thread --user / --group through systemd unit templates

Every decnet-*.service.j2 hardcoded User=decnet / Group=decnet. The init CLI accepted --user / --group and used them for useradd, chown, /etc/decnet ownership and ReadWritePaths — but the Jinja context omitted them entirely, so sudo decnet init --install-dir $PWD --user anti --group anti rendered User=decnet Group=decnet into every unit, which at best ran the workers as a user that didn't match the files (fails to read the venv / config), and at worst spun a parallel system user the operator never asked for. Swap the hardcoded lines to {{ user }} / {{ group }} across all 13 templates and add both to the Jinja context in _install_units.
2026-04-24 00:36:23 -04:00
parent 51012eaa67
commit 38832d87d5
14 changed files with 35 additions and 27 deletions
--- a/deploy/decnet-agent.service.j2
+++ b/deploy/decnet-agent.service.j2
@@ -7,8 +7,8 @@ Requires=docker.service

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 # docker.sock is group-readable by 'docker'; the agent needs it for compose.
 SupplementaryGroups=docker
 WorkingDirectory={{ install_dir }}
--- a/deploy/decnet-api.service.j2
+++ b/deploy/decnet-api.service.j2
@@ -7,8 +7,8 @@ Requires=docker.service

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 # docker.sock is group-readable by 'docker'; the API ingester tails container logs.
 SupplementaryGroups=docker
 WorkingDirectory={{ install_dir }}
--- a/deploy/decnet-bus.service.j2
+++ b/deploy/decnet-bus.service.j2
@@ -6,8 +6,8 @@ Wants=network-online.target

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 # /run/decnet is created automatically with the RuntimeDirectory= directive
--- a/deploy/decnet-collector.service.j2
+++ b/deploy/decnet-collector.service.j2
@@ -7,8 +7,8 @@ Requires=docker.service

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 # docker.sock is group-readable by 'docker'; the collector tails container logs.
 SupplementaryGroups=docker
 WorkingDirectory={{ install_dir }}
--- a/deploy/decnet-forwarder.service.j2
+++ b/deploy/decnet-forwarder.service.j2
@@ -8,8 +8,8 @@ Wants=network-online.target

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 # Replace <master-host> with the master's LAN address or hostname. The agent
--- a/deploy/decnet-listener.service.j2
+++ b/deploy/decnet-listener.service.j2
@@ -6,8 +6,8 @@ Wants=network-online.target

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 # Binds 0.0.0.0:6514 so workers across the LAN can connect. 6514 is not a
--- a/deploy/decnet-mutator.service.j2
+++ b/deploy/decnet-mutator.service.j2
@@ -7,8 +7,8 @@ Requires=docker.service

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 # Mutator recomposes decky services via docker compose.
 SupplementaryGroups=docker
 WorkingDirectory={{ install_dir }}
--- a/deploy/decnet-prober.service.j2
+++ b/deploy/decnet-prober.service.j2
@@ -6,8 +6,8 @@ Wants=network-online.target decnet-bus.service

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 ExecStart={{ venv_dir }}/bin/decnet probe
--- a/deploy/decnet-profiler.service.j2
+++ b/deploy/decnet-profiler.service.j2
@@ -6,8 +6,8 @@ Wants=network-online.target decnet-bus.service

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 ExecStart={{ venv_dir }}/bin/decnet profiler
--- a/deploy/decnet-sniffer.service.j2
+++ b/deploy/decnet-sniffer.service.j2
@@ -6,8 +6,8 @@ Wants=network-online.target decnet-bus.service

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 ExecStart={{ venv_dir }}/bin/decnet sniffer
--- a/deploy/decnet-swarmctl.service.j2
+++ b/deploy/decnet-swarmctl.service.j2
@@ -6,8 +6,8 @@ Wants=network-online.target

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 # Default bind is loopback — the controller is a master-local orchestrator
--- a/deploy/decnet-updater.service.j2
+++ b/deploy/decnet-updater.service.j2
@@ -8,8 +8,8 @@ Wants=network-online.target

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 ExecStart={{ venv_dir }}/bin/decnet updater \
--- a/deploy/decnet-web.service.j2
+++ b/deploy/decnet-web.service.j2
@@ -6,8 +6,8 @@ Wants=network-online.target

 [Service]
 Type=simple
-User=decnet
-Group=decnet
+User={{ user }}
+Group={{ group }}
 WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 ExecStart={{ venv_dir }}/bin/decnet web