Add telegram amplifier bot
This commit is contained in:
34
telegram-bot-amplifier/PKGBUILD
Normal file
34
telegram-bot-amplifier/PKGBUILD
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
# Maintainer: Manuel Vögele <aur@manuel-voegele.de>
|
||||||
|
pkgname=telegram-amplifier-bot-git
|
||||||
|
pkgver=r2.5285eac
|
||||||
|
pkgrel=1
|
||||||
|
|
||||||
|
arch=('any')
|
||||||
|
makedepends=(
|
||||||
|
'git'
|
||||||
|
'cargo'
|
||||||
|
)
|
||||||
|
source=(
|
||||||
|
'git+ssh://gitea@git.ccn.li/manuel/telegram-bot-amplifier.git'
|
||||||
|
'telegram-bot-amplifier.service'
|
||||||
|
'sysusers.d'
|
||||||
|
)
|
||||||
|
sha256sums=('SKIP'
|
||||||
|
'0338604f8d793e209d7744d96c4c07dcbd90e06218a7d1d17a6e5611bf48fd07'
|
||||||
|
'128feac33a68097960d3690827c816777482a2ec5b5947a0bcd7a25bdbb93b54')
|
||||||
|
|
||||||
|
pkgver() {
|
||||||
|
cd "${srcdir}/telegram-bot-amplifier"
|
||||||
|
printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
|
||||||
|
}
|
||||||
|
|
||||||
|
build() {
|
||||||
|
cd "${srcdir}/telegram-bot-amplifier"
|
||||||
|
cargo build --release
|
||||||
|
}
|
||||||
|
|
||||||
|
package() {
|
||||||
|
install -Dm755 "${srcdir}/telegram-bot-amplifier/target/release/amplifier-bot" "${pkgdir}/usr/bin/amplifier-bot"
|
||||||
|
install -Dm644 "${srcdir}/telegram-bot-amplifier.service" "${pkgdir}/usr/lib/systemd/system/telegram-bot-amplifier.service"
|
||||||
|
install -Dm644 "${srcdir}/sysusers.d" "${pkgdir}/usr/lib/sysusers.d/telegram-bot-amplifier.conf"
|
||||||
|
}
|
||||||
1
telegram-bot-amplifier/sysusers.d
Normal file
1
telegram-bot-amplifier/sysusers.d
Normal file
@@ -0,0 +1 @@
|
|||||||
|
u telegram-bots - "Unprivileged user for running telegram bots"
|
||||||
41
telegram-bot-amplifier/telegram-bot-amplifier.service
Normal file
41
telegram-bot-amplifier/telegram-bot-amplifier.service
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
[Unit]
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=telegram-bots
|
||||||
|
Environment=RUST_LOG=info
|
||||||
|
Environment=AMPLIFIER_BOT_CONFIG_FILE=/etc/telegram-bot-amplifier.json
|
||||||
|
ExecStart=/usr/bin/amplifier-bot
|
||||||
|
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5s
|
||||||
|
|
||||||
|
ReadOnlyPaths=/etc/telegram-bot-amplifier.json
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
PrivateUsers=yes
|
||||||
|
PrivateMounts=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=yes
|
||||||
|
ProtectClock=yes
|
||||||
|
ProtectHostname=yes
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=@system-service
|
||||||
|
ProtectKernelLogs=yes
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
RestrictRealtime=yes
|
||||||
|
RestrictSUIDSGID=yes
|
||||||
|
MemoryDenyWriteExecute=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
RemoveIPC=yes
|
||||||
|
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
Reference in New Issue
Block a user