zerogravity/scripts/setup-linux.sh

#!/usr/bin/env bash
# ZeroGravity — Linux setup
# Creates the zerogravity-ls system user for UID-scoped iptables isolation,
# installs the systemd user service, and builds the dns_redirect.so preload lib.
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")"

# ── 1. System user for UID isolation ──
echo "→ Creating zerogravity-ls system user…"
if id -u zerogravity-ls &>/dev/null; then
    echo "  Already exists."
else
    sudo useradd --system --no-create-home --shell /usr/sbin/nologin zerogravity-ls
    echo "  Created."
fi

# ── 2. Sudoers rule (run commands as zerogravity-ls without password) ──
SUDOERS="/etc/sudoers.d/zerogravity"
echo "→ Installing sudoers rule…"
if [ -f "$SUDOERS" ]; then
    echo "  Already exists."
else
    echo "$USER ALL=(zerogravity-ls) NOPASSWD: ALL" | sudo tee "$SUDOERS" > /dev/null
    sudo chmod 0440 "$SUDOERS"
    echo "  Installed: $SUDOERS"
fi

# ── 3. Data directory permissions ──
echo "→ Setting up /tmp/zerogravity-standalone…"
sudo mkdir -p /tmp/zerogravity-standalone
sudo chmod 1777 /tmp/zerogravity-standalone

# ── 4. Config directory ──
echo "→ Setting up ~/.config/zerogravity…"
mkdir -p "$HOME/.config/zerogravity"

# ── 5. Systemd user service ──
echo "→ Installing systemd user service…"
UNIT_DIR="$HOME/.config/systemd/user"
mkdir -p "$UNIT_DIR"
cat > "$UNIT_DIR/zerogravity.service" << EOF
[Unit]
Description=ZeroGravity Proxy
After=network.target

[Service]
Type=simple
ExecStart=$PROJECT_DIR/target/release/zerogravity
WorkingDirectory=$PROJECT_DIR
Environment=RUST_LOG=info
Restart=on-failure
RestartSec=3
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=default.target
EOF
systemctl --user daemon-reload
echo "  Installed: $UNIT_DIR/zerogravity.service"
echo "  Enable with: systemctl --user enable zerogravity"

# ── 6. Build ──
echo "→ Building release binary…"
cd "$PROJECT_DIR"
cargo build --release 2>&1 | tail -1
echo ""
echo "✓ Setup complete. Start with: zg start"