From 9e9955fb58e72a28ed08ef88ba78dfdbe0c9b40c Mon Sep 17 00:00:00 2001 From: Paul van Tilburg Date: Mon, 21 Feb 2022 20:51:40 +0100 Subject: [PATCH] Add Debian packaging via cargo-deb * Add the required metadata to `Cargo.toml` * Add a systemd unit file * Use `Rocket.toml.example` as the default configuration --- Cargo.toml | 36 +++++++++++++++++++++++++++++++++ debian/sinoptik.service | 45 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 debian/sinoptik.service diff --git a/Cargo.toml b/Cargo.toml index a04bfb2..91ce6c2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,3 +16,39 @@ geocoding = "0.3.1" image = "0.24.0" reqwest = { version = "0.11.9", features = ["json"] } rocket = { version = "0.5.0-rc.1", features = ["json"] } + +[package.metadata.deb] +maintainer = "Paul van Tilburg " +copyright = "2022, Paul van Tilburg" +depends = "$auto, systemd" +extended-description = """\ +Sinoptik is a (REST) API service that provides an API for today's weather +forecast. It can provide you with a specific set or all available metrics that +it supports. + +Currently supported metrics are: + +* Air quality index (per hour, from Luchtmeetnet) +* NO₂ concentration (per hour, from Luchtmeetnet) +* O₃ concentration (per hour, from Luchtmeetnet) +* Particulate matter (PM10) concentration (per hour, from Luchtmeetnet) +* Pollen (per hour, from Buienradar) +* Pollen/air quality index (per hour, from Buienradar) +* Precipitation (per 5 minutes, from Buienradar) +* UV index (per day, from Buienradar) + +Because of the currently supported data providers, only data for The +Netherlands can be queried. +""" +section = "net" +priority = "optional" +assets = [ + ["README.md", "usr/share/doc/sinoptik/", "664"], + ["Rocket.toml.example", "/etc/sinoptik.toml", "644"], + ["target/release/sinoptik", "usr/sbin/sinoptik", "755"] +] +conf-files = [ + "/etc/sinoptik.toml" +] +maintainer-scripts = "debian/" +systemd-units = { unit-name = "sinoptik" } diff --git a/debian/sinoptik.service b/debian/sinoptik.service new file mode 100644 index 0000000..66309ab --- /dev/null +++ b/debian/sinoptik.service @@ -0,0 +1,45 @@ +[Unit] +Description=Sinoptik API web server +After=network.target + +[Service] +Type=simple + +AmbientCapabilities= +CapabilityBoundingSet= +DynamicUser=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +PrivateDevices=yes +PrivateMounts=yes +PrivateTmp=yes +PrivateUsers=yes +RemoveIPC=yes +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM +UMask=0077 + +ExecStart=/usr/sbin/sinoptik +Restart=on-failure +RestartSec=10 +StartLimitInterval=1m +StartLimitBurst=5 + +Environment="ROCKET_CONFIG=/etc/sinoptik.toml" + +[Install] +WantedBy=multi-user.target