Projects/muscl
12
3
Fork 0
Code Issues 77 Pull Requests Actions 1 Packages Releases Activity
Files
54f794acb680791af2db6952033d444a4a4ea6dc
muscl/docs/installation.md
h7x4 54f794acb6
Some checks failed
Build and test / check (push) Successful in 1m25s
Details
Build and test / build (push) Successful in 3m38s
Details
Build and test / test (push) Successful in 2m52s
Details
Build and test / check-license (push) Successful in 5m33s
Details
Build and test / docs (push) Has been cancelled
Details
README: split up into docs
2025-12-02 17:18:54 +09:00

2.2 KiB
Raw Blame History

Installation and configuration

Installing with deb on Debian/Ubuntu

TODO: write this section once the package has been pushed to the gitea package repository.

Creating a database user

In order for the daemon to be able to do anything interesting on the mysql server, it needs a database user with sufficient privileges. You can create such a user by running the following commands on the mysql server as root (or another user with sufficient privileges):

CREATE USER `muscl`@`%` IDENTIFIED BY '<strong_password_here>';
GRANT SELECT, INSERT, UPDATE, DELETE ON `mysql`.* TO `muscl`@`%`;
GRANT GRANT OPTION, CREATE, DROP ON *.* TO 'muscl'@'%';
FLUSH PRIVILEGES;

Now you should add the login credentials to the muscl configuration file, typically located at /etc/muscl/config.toml.

Setting the myscl password with systemd-creds

The debian package assumes that you will provide the password for muscl's database user with systemd-creds.

You can add the password like this (run as root):

# Unless you already have a working credential store, you need to set it up first
mkdir -p /etc/credstore.encrypted
systemd-creds setup

# Now set the muscl mysql password
# Be careful not to leave the password in your shell history!
systemd-creds encrypt --name=muscl_mysql_password <(echo "<strong_password_here>") /etc/credstore.encrypted/muscl_mysql_password

If you are running systemd older than version 254 (see systemctl --version), you might have to override the service to point to the path of the credential manually, because ImportCredential= is not supported. Run systemctl edit muscl.service and add the following lines:

[Service]
LoadCredentialEncrypted=muscl_mysql_password:/etc/credstore.encrypted/muscl_mysql_password

SUID/SGID mode

For backwards compatibility reasons, it is possible to run the program without a daemon by utilizing SUID/SGID. In order to do this, you should set either the SUID/SGID bit and preferably make the executable owned by a non-privileged user. If the database is running on the same machine, the user/group will need access to write and read from the database socket. Otherwise, the only requirement is that the user/group is able to read the config file (typically /etc/muscl/config.toml).

Reference in New Issue View Git Blame Copy Permalink