add systemd service, makefile, improve INSTALL

4 files changed, 83 insertions, 6 deletions

diff --git a/INSTALL b/INSTALL
index 97b0935..9031c27 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,14 +1,43 @@
-First install Haskell's stack tool, the readline and argon2
+## Quick installation
+
+This installs keysafe to ~/.local/bin, and is sufficient to use keysafe
+to back up or restore your private key.
+
+First install Haskell's stack tool, the zlib, g++, readline and argon2
 libraries, and zenity. For example, on a Debian system:
 
-	sudo apt-get install haskell-stack libreadline-dev libargon2-0-dev zenity
+	sudo apt-get install haskell-stack \
+		zlib1g-dev g++ libreadline-dev libargon2-0-dev zenity
 
-Then to build and install keysafe:
+Then to build and install keysafe, run this in the keysafe directory:
 
-	stack install keysafe
+	stack install
 
 Note that there is a manpage, but stack doesn't install it yet.
 
-## Server installation
+## System-wide installation
+
+This installs keysafe in /usr/bin, and includes the man page, systemd
+service file, etc.
+
+Start by installing the dependencies as shown in Quick installation.
+
+Then, in the keysafe directory:
+
+	make
+	sudo make install
+
+## Packaging
+
+You will probably want to use the Makefile.
+Set PREFIX to install to a different location.
+Set BUILDER=cabal to use cabal rather than the default stack to build.
+
+The make install target creates a keysafe user. Use the install-files
+target to avoid doing that at package build time. You may create the
+keysafe user at package install time instead, although it is only used
+by the keysafe server.
 
-useradd --system keysafe
+While keysafe ships with a systemd service file, distributions should 
+not enable it to be started by default. (Or can put it in its own
+keysafe-server package.)
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..f287c2b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,30 @@
+PREFIX?=
+# Can be stack or cabal
+BUILDER?=stack
+
+build: keysafe
+
+keysafe:
+	$(BUILDER) build
+	if [ "$(BUILDER)" = stack ]; then \
+		ln -sf $$(find .stack-work/ -name keysafe -type f | grep build/keysafe/keysafe | tail -n 1) keysafe; \
+	else \
+		ln -sf dist/build/keysafe/keysafe keysafe; \
+	fi
+
+clean:
+	rm -rf keysafe dist .stack-work
+
+install: install-files
+	useradd --system keysafe
+	chmod 700 $(PREFIX)/var/lib/keysafe
+	chown keysafe:keysafe $(PREFIX)/var/lib/keysafe
+
+install-files: keysafe
+	install -d $(PREFIX)/var/lib/keysafe
+	install -d $(PREFIX)/usr/bin
+	install -s -m 0755 keysafe $(PREFIX)/usr/bin/keysafe
+	install -d $(PREFIX)/usr/share/man/man1
+	install -m 0644 keysafe.1 $(PREFIX)/usr/share/man/man1/keysafe.1
+	install -d $(PREFIX)/lib/systemd/system
+	install -m 0644 keysafe.service $(PREFIX)/lib/systemd/system/keysafe.service
diff --git a/keysafe.cabal b/keysafe.cabal
index fa530dd..df7151c 100644
--- a/keysafe.cabal
+++ b/keysafe.cabal
@@ -20,7 +20,10 @@ License-File: AGPL
 Extra-Source-Files:
   CHANGELOG
   TODO
+  INSTALL
   keysafe.1
+  keysafe.service
+  Makefile
 
 Executable keysafe
   Main-Is: keysafe.hs
diff --git a/keysafe.service b/keysafe.service
new file mode 100644
index 0000000..31fa424
--- /dev/null
+++ b/keysafe.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=keysafe server
+
+[Service]
+ExecStart=/usr/bin/keysafe --server --port 4242 --store-directory=/var/lib/keysafe/
+InaccessiblePaths=/home /etc
+ReadWritePaths=/var/lib/keysafe
+User=keysafe
+Group=keysafe
+StandardInput=null
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target