Add telegram-bot-calendar

telegram-bot-calendar/PKGBUILD

@@ -0,0 +1,34 @@
+# Maintainer: Manuel Vögele <aur@manuel-voegele.de>
+pkgname=telegram-calendar-bot-git
+pkgver=0
+pkgrel=1
+
+arch=('any')
+makedepends=(
+	'git'
+	'cargo'
+)
+source=(
+	'git+ssh://gitea@git.ccn.li/manuel/telegram-bot-calendar.git'
+	'telegram-bot-calendar.service'
+	'sysusers.d'
+)
+sha256sums=('SKIP'
+            '5e92e1126fa198ce65713fd10219f2d2ad8e87cb916a1b6cc0d5c38171debc29'
+            '128feac33a68097960d3690827c816777482a2ec5b5947a0bcd7a25bdbb93b54')
+
+pkgver() {
+	cd "${srcdir}/telegram-bot-calendar"
+	printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
+}
+
+build() {
+	cd "${srcdir}/telegram-bot-calendar"
+	cargo build --release
+}
+
+package() {
+	install -Dm755 "${srcdir}/telegram-bot-calendar/target/release/calendar-bot" "${pkgdir}/usr/bin/calendar-bot"
+	install -Dm644 "${srcdir}/telegram-bot-calendar.service" "${pkgdir}/usr/lib/systemd/system/telegram-bot-calendar.service"
+	install -Dm644 "${srcdir}/sysusers.d" "${pkgdir}/usr/lib/sysusers.d/telegram-bot-calendar.conf"
+}

telegram-bot-calendar/sysusers.d

@@ -0,0 +1 @@
+u telegram-bots - "Unprivileged user for running telegram bots"

telegram-bot-calendar/telegram-bot-calendar.service

@@ -0,0 +1,42 @@
+[Unit]
+After=network-online.target
+
+[Service]
+User=telegram-bots
+Environment=RUST_LOG=error
+Environment=CALENDAR_BOT_CONFIG_FILE=/etc/telegram-bot-calendar.yaml
+ExecStart=/usr/bin/calendar-bot
+
+Restart=on-failure
+RestartSec=5s
+
+ReadOnlyPaths=/etc/telegram-bot-calendar.json
+ReadWritePaths=/var/lib/telegram-bots/
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateMounts=yes
+DevicePolicy=closed
+ProtectSystem=strict
+ProtectHome=yes
+ProtectClock=yes
+ProtectHostname=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
+CapabilityBoundingSet=
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+ProtectKernelLogs=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+RemoveIPC=yes
+
+
+[Install]
+WantedBy=multi-user.target