http-redirector: New package
This commit is contained in:
34
http-redirector/PKGBUILD
Normal file
34
http-redirector/PKGBUILD
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
# Maintainer: Manuel Vögele <aur@manuel-voegele.de>
|
||||||
|
pkgname=http-redirector-git
|
||||||
|
pkgver=0
|
||||||
|
pkgrel=1
|
||||||
|
|
||||||
|
arch=('any')
|
||||||
|
makedepends=(
|
||||||
|
'git'
|
||||||
|
'cargo'
|
||||||
|
)
|
||||||
|
source=(
|
||||||
|
'git+ssh://gitea@git.ccn.li/manuel/http-redirector'
|
||||||
|
'http-redirector.service'
|
||||||
|
'sysusers.d'
|
||||||
|
)
|
||||||
|
sha256sums=('SKIP'
|
||||||
|
'1d05b6a804de9bedaf27d8a7ee32b5bb2fd29833688dfb49151d231ddf78bcc3'
|
||||||
|
'124c6e88ee76e2b7f364140bec90d1acd7d2173be6b3ff02f34f0c0f6dbc38d4')
|
||||||
|
|
||||||
|
pkgver() {
|
||||||
|
cd "${srcdir}/http-redirector"
|
||||||
|
printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
|
||||||
|
}
|
||||||
|
|
||||||
|
build() {
|
||||||
|
cd "${srcdir}/http-redirector"
|
||||||
|
cargo build --release
|
||||||
|
}
|
||||||
|
|
||||||
|
package() {
|
||||||
|
install -Dm755 "${srcdir}/http-redirector/target/release/http-redirector" "${pkgdir}/usr/bin/http-redirector"
|
||||||
|
install -Dm644 "${srcdir}/http-redirector.service" "${pkgdir}/usr/lib/systemd/system/http-redirector.service"
|
||||||
|
install -Dm644 "${srcdir}/sysusers.d" "${pkgdir}/usr/lib/sysusers.d/http-redirector.conf"
|
||||||
|
}
|
||||||
43
http-redirector/http-redirector.service
Normal file
43
http-redirector/http-redirector.service
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
[Unit]
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=http-redirector
|
||||||
|
Environment=RUST_LOG=info
|
||||||
|
Environment=REDIRECTOR_ROUTES_FILE=/etc/http-redirector-routes.toml
|
||||||
|
Environment=ROCKET_PORT=7567
|
||||||
|
Environment=ROCKET_ADDRESS=127.0.0.1
|
||||||
|
ExecStart=/usr/bin/http-redirector
|
||||||
|
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5s
|
||||||
|
|
||||||
|
ReadOnlyPaths=/etc/http-redirector-routes.toml
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
PrivateUsers=yes
|
||||||
|
PrivateMounts=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=yes
|
||||||
|
ProtectClock=yes
|
||||||
|
ProtectHostname=yes
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=@system-service
|
||||||
|
ProtectKernelLogs=yes
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
RestrictRealtime=yes
|
||||||
|
RestrictSUIDSGID=yes
|
||||||
|
MemoryDenyWriteExecute=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
RemoveIPC=yes
|
||||||
|
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
1
http-redirector/sysusers.d
Normal file
1
http-redirector/sysusers.d
Normal file
@@ -0,0 +1 @@
|
|||||||
|
u http-redirector - "Unprivileged user for running http-redirector"
|
||||||
Reference in New Issue
Block a user