Add Debian packaging via cargo-deb

* Add the required metadata to `Cargo.toml` * Add a systemd unit file * Use `Rocket.toml.example` as the default configuration
2022-02-21 20:51:40 +01:00 · 2022-02-21 20:51:40 +01:00 · 9e9955fb58
parent 4db8e4ac03
commit 9e9955fb58
2 changed files with 81 additions and 0 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -16,3 +16,39 @@ geocoding = "0.3.1"
 image = "0.24.0"
 reqwest = { version = "0.11.9", features = ["json"] }
 rocket = { version = "0.5.0-rc.1", features = ["json"] }
+
+[package.metadata.deb]
+maintainer = "Paul van Tilburg <paul@luon.net>"
+copyright = "2022, Paul van Tilburg"
+depends = "$auto, systemd"
+extended-description = """\
+Sinoptik is a (REST) API service that provides an API for today's weather
+forecast. It can provide you with a specific set or all available metrics that
+it supports.
+
+Currently supported metrics are:
+
+* Air quality index (per hour, from Luchtmeetnet)
+* NO₂ concentration (per hour, from Luchtmeetnet)
+* O₃ concentration (per hour, from Luchtmeetnet)
+* Particulate matter (PM10) concentration (per hour, from Luchtmeetnet)
+* Pollen (per hour, from Buienradar)
+* Pollen/air quality index (per hour, from Buienradar)
+* Precipitation (per 5 minutes, from Buienradar)
+* UV index (per day, from Buienradar)
+
+Because of the currently supported data providers, only data for The
+Netherlands can be queried.
+"""
+section = "net"
+priority = "optional"
+assets = [
+  ["README.md", "usr/share/doc/sinoptik/", "664"],
+  ["Rocket.toml.example", "/etc/sinoptik.toml", "644"],
+  ["target/release/sinoptik", "usr/sbin/sinoptik", "755"]
+]
+conf-files = [
+  "/etc/sinoptik.toml"
+]
+maintainer-scripts = "debian/"
+systemd-units = { unit-name = "sinoptik" }
--- a/debian/sinoptik.service
+++ b/debian/sinoptik.service
@ -0,0 +1,45 @@
+[Unit]
+Description=Sinoptik API web server
+After=network.target
+ 
+[Service]
+Type=simple
+ 
+AmbientCapabilities=
+CapabilityBoundingSet=
+DynamicUser=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateTmp=yes
+PrivateUsers=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+UMask=0077
+ 
+ExecStart=/usr/sbin/sinoptik
+Restart=on-failure
+RestartSec=10
+StartLimitInterval=1m
+StartLimitBurst=5
+
+Environment="ROCKET_CONFIG=/etc/sinoptik.toml"
+ 
+[Install]
+WantedBy=multi-user.target