From 69f34e32432ca3249983ac4c3ddefca597e1ead8 Mon Sep 17 00:00:00 2001 From: Paul van Tilburg Date: Tue, 10 Jan 2023 16:59:20 +0100 Subject: [PATCH] Add Debian packaging via cargo-deb (closes: #4) * Add the required metadata to `Cargo.toml` * Add a systemd service unit file * Use `Rocket.toml.example` as the default configuration --- Cargo.toml | 26 ++++++++++++++++++++ debian/solar-grabber.service | 47 ++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 debian/solar-grabber.service diff --git a/Cargo.toml b/Cargo.toml index b5f6cc4..92e001b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,3 +21,29 @@ rocket = { version = "0.5.0-rc.2", features = ["json"] } serde = "1.0.116" toml = "0.5.6" url = "2.2.2" + +[package.metadata.deb] +maintainer = "Paul van Tilburg " +copyright = "2022, Paul van Tilburg" +depends = "$auto, systemd" +extended-description = """\ +Solar Grabber is web service that provides a REST API layer over various cloud +sites/services/APIs to get statistical data of your solar panels. + +It currently supports the following services: + +* Hoymiles: https://global.hoymiles.com +* My Autarco: https://my.autarco.com +""" +section = "net" +priority = "optional" +assets = [ + ["README.md", "usr/share/doc/solar-grabber/", "664"], + ["Rocket.toml.example", "/etc/solar-grabber.toml", "600"], + ["target/release/solar-grabber", "usr/sbin/solar-grabber", "755"] +] +conf-files = [ + "/etc/solar-grabber.toml" +] +maintainer-scripts = "debian/" +systemd-units = { unit-name = "solar-grabber" } diff --git a/debian/solar-grabber.service b/debian/solar-grabber.service new file mode 100644 index 0000000..c5d5671 --- /dev/null +++ b/debian/solar-grabber.service @@ -0,0 +1,47 @@ +[Unit] +Description=Solar Grabber API web server +After=network.target + +[Service] +Type=simple + +AmbientCapabilities= +CapabilityBoundingSet= +DynamicUser=yes +LoadCredential=solar-grabber.toml:/etc/solar-grabber.toml +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=noaccess +ProtectSystem=strict +PrivateDevices=yes +PrivateMounts=yes +PrivateTmp=yes +PrivateUsers=yes +RemoveIPC=yes +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM +UMask=0077 + +ExecStart=/usr/sbin/solar-grabber +Restart=on-failure +RestartSec=10 +StartLimitInterval=1m +StartLimitBurst=5 + +Environment="ROCKET_CONFIG=%d/solar-grabber.toml" + +[Install] +WantedBy=multi-user.target