http-redirector: New package
This commit is contained in:
34
http-redirector/PKGBUILD
Normal file
34
http-redirector/PKGBUILD
Normal file
@@ -0,0 +1,34 @@
|
||||
# Maintainer: Manuel Vögele <aur@manuel-voegele.de>
|
||||
pkgname=http-redirector-git
|
||||
pkgver=0
|
||||
pkgrel=1
|
||||
|
||||
arch=('any')
|
||||
makedepends=(
|
||||
'git'
|
||||
'cargo'
|
||||
)
|
||||
source=(
|
||||
'git+ssh://gitea@git.ccn.li/manuel/http-redirector'
|
||||
'http-redirector.service'
|
||||
'sysusers.d'
|
||||
)
|
||||
sha256sums=('SKIP'
|
||||
'1d05b6a804de9bedaf27d8a7ee32b5bb2fd29833688dfb49151d231ddf78bcc3'
|
||||
'124c6e88ee76e2b7f364140bec90d1acd7d2173be6b3ff02f34f0c0f6dbc38d4')
|
||||
|
||||
pkgver() {
|
||||
cd "${srcdir}/http-redirector"
|
||||
printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
|
||||
}
|
||||
|
||||
build() {
|
||||
cd "${srcdir}/http-redirector"
|
||||
cargo build --release
|
||||
}
|
||||
|
||||
package() {
|
||||
install -Dm755 "${srcdir}/http-redirector/target/release/http-redirector" "${pkgdir}/usr/bin/http-redirector"
|
||||
install -Dm644 "${srcdir}/http-redirector.service" "${pkgdir}/usr/lib/systemd/system/http-redirector.service"
|
||||
install -Dm644 "${srcdir}/sysusers.d" "${pkgdir}/usr/lib/sysusers.d/http-redirector.conf"
|
||||
}
|
||||
43
http-redirector/http-redirector.service
Normal file
43
http-redirector/http-redirector.service
Normal file
@@ -0,0 +1,43 @@
|
||||
[Unit]
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
User=http-redirector
|
||||
Environment=RUST_LOG=info
|
||||
Environment=REDIRECTOR_ROUTES_FILE=/etc/http-redirector-routes.toml
|
||||
Environment=ROCKET_PORT=7567
|
||||
Environment=ROCKET_ADDRESS=127.0.0.1
|
||||
ExecStart=/usr/bin/http-redirector
|
||||
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
|
||||
ReadOnlyPaths=/etc/http-redirector-routes.toml
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
PrivateUsers=yes
|
||||
PrivateMounts=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
ProtectClock=yes
|
||||
ProtectHostname=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
|
||||
CapabilityBoundingSet=
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
ProtectKernelLogs=yes
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
LockPersonality=yes
|
||||
RemoveIPC=yes
|
||||
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
1
http-redirector/sysusers.d
Normal file
1
http-redirector/sysusers.d
Normal file
@@ -0,0 +1 @@
|
||||
u http-redirector - "Unprivileged user for running http-redirector"
|
||||
Reference in New Issue
Block a user