|
2 | 2 | set -eu |
3 | 3 |
|
4 | 4 | # Coder's automatic install script. |
5 | | -# See https://github.com/coder/coder#installing-coder |
| 5 | +# See https://github.com/coder/coder#install |
| 6 | +# |
| 7 | +# To run: |
| 8 | +# curl -L https://coder.com/install.sh | sh |
6 | 9 |
|
7 | 10 | usage() { |
8 | 11 | arg0="$0" |
@@ -61,6 +64,11 @@ Usage: |
61 | 64 | just want it on your base system aswell. |
62 | 65 | This supports most systems, however if you are unsure yours is supported you can check |
63 | 66 | the link above. |
| 67 | + --net-admin |
| 68 | + Adds \`CAP_NET_ADMIN\` to the installed binary. This allows Coder to |
| 69 | + increase network speeds, but has security implications. |
| 70 | + See: https://man7.org/linux/man-pages/man7/capabilities.7.html |
| 71 | + This only works on Linux based systems. |
64 | 72 |
|
65 | 73 |
|
66 | 74 | The detection method works as follows: |
@@ -230,7 +238,8 @@ main() { |
230 | 238 | RSH_ARGS \ |
231 | 239 | EDGE \ |
232 | 240 | RSH \ |
233 | | - WITH_TERRAFORM |
| 241 | + WITH_TERRAFORM \ |
| 242 | + CAP_NET_ADMIN |
234 | 243 |
|
235 | 244 | ALL_FLAGS="" |
236 | 245 |
|
@@ -290,6 +299,9 @@ main() { |
290 | 299 | --with-terraform) |
291 | 300 | WITH_TERRAFORM=1 |
292 | 301 | ;; |
| 302 | + --net-admin) |
| 303 | + CAP_NET_ADMIN=1 |
| 304 | + ;; |
293 | 305 | --) |
294 | 306 | shift |
295 | 307 | # We remove the -- added above. |
@@ -362,7 +374,7 @@ main() { |
362 | 374 | fi |
363 | 375 |
|
364 | 376 | # Start by installing Terraform, if requested |
365 | | - if [ "${WITH_TERRAFORM-}" = 1 ]; then |
| 377 | + if [ "${WITH_TERRAFORM-}" ]; then |
366 | 378 | with_terraform |
367 | 379 | fi |
368 | 380 |
|
@@ -398,6 +410,26 @@ main() { |
398 | 410 | install_standalone |
399 | 411 | ;; |
400 | 412 | esac |
| 413 | + |
| 414 | + if [ "${CAP_NET_ADMIN:-}" ]; then |
| 415 | + cap_net_admin |
| 416 | + fi |
| 417 | +} |
| 418 | + |
| 419 | +cap_net_admin() { |
| 420 | + if ! command_exists setcap && command_exists capsh; then |
| 421 | + echo "Package 'libcap' not found. See install instructions for your distro: https://command-not-found.com/setcap" |
| 422 | + return |
| 423 | + fi |
| 424 | + |
| 425 | + # Make sure we'e allowed to add CAP_NET_ADMIN. |
| 426 | + if sudo_sh_c capsh --has-p=CAP_NET_ADMIN; then |
| 427 | + sudo_sh_c setcap CAP_NET_ADMIN=+ep "$(command -v coder)" || true |
| 428 | + |
| 429 | + # Unable to escalate perms, notify the user. |
| 430 | + else |
| 431 | + echo "Unable to setcap agent binary. Ensure the root user has CAP_NET_ADMIN permissions." |
| 432 | + fi |
401 | 433 | } |
402 | 434 |
|
403 | 435 | parse_arg() { |
@@ -697,10 +729,10 @@ sh_c() { |
697 | 729 | sudo_sh_c() { |
698 | 730 | if [ "$(id -u)" = 0 ]; then |
699 | 731 | sh_c "$@" |
700 | | - elif command_exists doas; then |
701 | | - sh_c "doas $*" |
702 | 732 | elif command_exists sudo; then |
703 | 733 | sh_c "sudo $*" |
| 734 | + elif command_exists doas; then |
| 735 | + sh_c "doas $*" |
704 | 736 | elif command_exists su; then |
705 | 737 | sh_c "su - -c '$*'" |
706 | 738 | else |
|
0 commit comments