From 08baf8c2ae9ce0927e090fd803618694dfd9ada5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20V=C3=B6gele?= <develop@manuel-voegele.de>
Date: Wed, 19 Jan 2022 17:52:17 +0100
Subject: [PATCH] New package: tempreceiver

---
 temprature-receiver/PKGBUILD             | 34 ++++++++++++++++++++
 temprature-receiver/sysusers.d           |  1 +
 temprature-receiver/tempreceiver.service | 41 ++++++++++++++++++++++++
 3 files changed, 76 insertions(+)
 create mode 100644 temprature-receiver/PKGBUILD
 create mode 100644 temprature-receiver/sysusers.d
 create mode 100644 temprature-receiver/tempreceiver.service

diff --git a/temprature-receiver/PKGBUILD b/temprature-receiver/PKGBUILD
new file mode 100644
index 0000000..365bb1b
--- /dev/null
+++ b/temprature-receiver/PKGBUILD
@@ -0,0 +1,34 @@
+# Maintainer: Manuel Vögele <aur@manuel-voegele.de>
+pkgname=tempreceiver
+pkgver=r3.13eea45
+pkgrel=1
+
+arch=('any')
+makedepends=(
+	'git'
+	'cargo'
+)
+source=(
+	'git+ssh://gitea@git.ccn.li/manuel/tempreceiver.git'
+	'tempreceiver.service'
+	'sysusers.d'
+)
+sha256sums=('SKIP'
+            'b75e31993bc930d7ebde0f6e335f9cc60f22387e2951383cb66bd980bd79d6cc'
+            'dd146ca489347e2f66ae1fc0c4260b87e071fc6c84d5d221b0b1347edf07bc01')
+
+pkgver() {
+	cd "${srcdir}/tempreceiver"
+	printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
+}
+
+build() {
+	cd "${srcdir}/tempreceiver"
+	cargo build --release
+}
+
+package() {
+	install -Dm755 "${srcdir}/tempreceiver/target/release/tempreceiver" "${pkgdir}/usr/bin/tempreceiver"
+	install -Dm644 "${srcdir}/tempreceiver.service" "${pkgdir}/usr/lib/systemd/system/tempreceiver.service"
+	install -Dm644 "${srcdir}/sysusers.d" "${pkgdir}/usr/lib/sysusers.d/tempreceiver.conf"
+}
diff --git a/temprature-receiver/sysusers.d b/temprature-receiver/sysusers.d
new file mode 100644
index 0000000..8848e15
--- /dev/null
+++ b/temprature-receiver/sysusers.d
@@ -0,0 +1 @@
+u tempreceiver - "Unprivileged user for running the temprature receiver service" /var/lib/tempreceiver
diff --git a/temprature-receiver/tempreceiver.service b/temprature-receiver/tempreceiver.service
new file mode 100644
index 0000000..0dac88c
--- /dev/null
+++ b/temprature-receiver/tempreceiver.service
@@ -0,0 +1,41 @@
+[Unit]
+After=network-online.target
+
+[Service]
+User=tempreceiver
+Environment=RUST_LOG=info
+Environment=TEMPRECEIVER_DB_FILE=/var/lib/tempreceiver/db.sqlite3
+ExecStart=/usr/bin/tempreceiver
+
+Restart=on-failure
+RestartSec=5s
+
+ReadWritePaths=/var/lib/tempreceiver/
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateMounts=yes
+DevicePolicy=closed
+ProtectSystem=strict
+ProtectHome=yes
+ProtectClock=yes
+ProtectHostname=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+ProtectKernelLogs=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+RemoveIPC=yes
+
+
+[Install]
+WantedBy=multi-user.target