New package: tempreceiver

2022-01-19 17:52:17 +01:00
parent 4890350210
commit 08baf8c2ae
3 changed files with 76 additions and 0 deletions
--- a/temprature-receiver/PKGBUILD
+++ b/temprature-receiver/PKGBUILD
@@ -0,0 +1,34 @@
+# Maintainer: Manuel Vögele <aur@manuel-voegele.de>
+pkgname=tempreceiver
+pkgver=r3.13eea45
+pkgrel=1
+
+arch=('any')
+makedepends=(
+	'git'
+	'cargo'
+)
+source=(
+	'git+ssh://gitea@git.ccn.li/manuel/tempreceiver.git'
+	'tempreceiver.service'
+	'sysusers.d'
+)
+sha256sums=('SKIP'
+            'b75e31993bc930d7ebde0f6e335f9cc60f22387e2951383cb66bd980bd79d6cc'
+            'dd146ca489347e2f66ae1fc0c4260b87e071fc6c84d5d221b0b1347edf07bc01')
+
+pkgver() {
+	cd "${srcdir}/tempreceiver"
+	printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
+}
+
+build() {
+	cd "${srcdir}/tempreceiver"
+	cargo build --release
+}
+
+package() {
+	install -Dm755 "${srcdir}/tempreceiver/target/release/tempreceiver" "${pkgdir}/usr/bin/tempreceiver"
+	install -Dm644 "${srcdir}/tempreceiver.service" "${pkgdir}/usr/lib/systemd/system/tempreceiver.service"
+	install -Dm644 "${srcdir}/sysusers.d" "${pkgdir}/usr/lib/sysusers.d/tempreceiver.conf"
+}
--- a/temprature-receiver/sysusers.d
+++ b/temprature-receiver/sysusers.d
@@ -0,0 +1 @@
+u tempreceiver - "Unprivileged user for running the temprature receiver service" /var/lib/tempreceiver
--- a/temprature-receiver/tempreceiver.service
+++ b/temprature-receiver/tempreceiver.service
@@ -0,0 +1,41 @@
+[Unit]
+After=network-online.target
+
+[Service]
+User=tempreceiver
+Environment=RUST_LOG=info
+Environment=TEMPRECEIVER_DB_FILE=/var/lib/tempreceiver/db.sqlite3
+ExecStart=/usr/bin/tempreceiver
+
+Restart=on-failure
+RestartSec=5s
+
+ReadWritePaths=/var/lib/tempreceiver/
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateMounts=yes
+DevicePolicy=closed
+ProtectSystem=strict
+ProtectHome=yes
+ProtectClock=yes
+ProtectHostname=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+ProtectKernelLogs=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+RemoveIPC=yes
+
+
+[Install]
+WantedBy=multi-user.target
				`@@ -0,0 +1 @@`
				`u tempreceiver - "Unprivileged user for running the temprature receiver service" /var/lib/tempreceiver`