summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGilles Dartiguelongue <eva@gentoo.org>2024-11-11 20:33:11 +0100
committerGilles Dartiguelongue <eva@gentoo.org>2024-11-11 20:33:11 +0100
commit0236dd1b8e8dfd348d974487986653ba282163ba (patch)
treea01c45973b4220089e48778e27dc8fb6d05dfcff
parentacct-user/restic-rest-server: new package, add 0 (diff)
downloadeva-0236dd1b8e8dfd348d974487986653ba282163ba.tar.gz
eva-0236dd1b8e8dfd348d974487986653ba282163ba.tar.bz2
eva-0236dd1b8e8dfd348d974487986653ba282163ba.zip
app-backup/restic-rest-server: add 0.13.0HEADmaster
Signed-off-by: Gilles Dartiguelongue <eva@gentoo.org>
-rw-r--r--app-backup/restic-rest-server/Manifest2
-rw-r--r--app-backup/restic-rest-server/files/restic-rest-server.service81
-rw-r--r--app-backup/restic-rest-server/files/restic-rest-server.socket5
-rw-r--r--app-backup/restic-rest-server/restic-rest-server-0.13.0.ebuild41
4 files changed, 129 insertions, 0 deletions
diff --git a/app-backup/restic-rest-server/Manifest b/app-backup/restic-rest-server/Manifest
index 48e3f97..1d04b74 100644
--- a/app-backup/restic-rest-server/Manifest
+++ b/app-backup/restic-rest-server/Manifest
@@ -1,2 +1,4 @@
DIST restic-rest-server-0.12.1-deps.tar.xz 11805964 BLAKE2B e3f909ac026bcd2bb869452bd06b8c3a89d25b0a67c32775b742c5907d79a8190f174c4f61ef5d5bcd9ade49366dbf9176deb6bd3e5f59427c9b7f107ed32b4b SHA512 d40fb86604b4440e61dbf1989347537939a64f8b56ba09400763d134f1935e3f7c5e91e4c4d96a9f0a324762845094d6fd02917a542ba9efe276685df442ccdf
DIST restic-rest-server-0.12.1.tar.gz 281233 BLAKE2B 52400755fb4986659f529f416588f45ec64e1d546c6a8d07bc239bbf0dc779d4740e28cf99525fb4e1276e49564efe663819b50f4e16b657301c313d13975504 SHA512 113a1b310845bafe92fc4ee60aadd0f0dc8c5f4f1676706c89c48e291937c616ee33b57febd7a41d99dc57adb250e7f34de1c302cf685a44f009585acaccde44
+DIST restic-rest-server-0.13.0-vendor.tar.xz 911512 BLAKE2B de40eb7451f0afa9cd7f13ba01689ba360d44de098c67a038ab3b7d94e0f17fecb1238817934316c299ee101b1d1bf48d239a3597a13a8ae6d48857b848a4c49 SHA512 d92b6614082390e8e9a228ac04b749fd4fc376914eeeaa406858094c6e2fa8cc65e2a2818cb65781b20c9f0cb7c45a9c9271c52796786270aae076a5dfd6baaf
+DIST restic-rest-server-0.13.0.tar.gz 265324 BLAKE2B de321975ca889a39c00caeac0a6402dd241faf8e55cf8c949861ddab782524ac8593c8847e14fe53eb7e82f9a912a2288ce35236e2f3f15123164ca90cbf96fe SHA512 145ad2da7838a695c8f076298f741b7b6a5013965741d96d766ed0082a58d8361f2bfcf42f39d775577c9d5ea909134f3a2ba5b2604c33ac6fc39d709b78d79d
diff --git a/app-backup/restic-rest-server/files/restic-rest-server.service b/app-backup/restic-rest-server/files/restic-rest-server.service
new file mode 100644
index 0000000..2520cc5
--- /dev/null
+++ b/app-backup/restic-rest-server/files/restic-rest-server.service
@@ -0,0 +1,81 @@
+[Unit]
+Description=Restic REST Server
+After=syslog.target
+After=network.target
+Requires=restic-rest-server.socket
+After=restic-rest-server.socket
+
+[Service]
+Type=simple
+# You may prefer to use a different user or group on your system.
+User=restic-rest-server
+Group=restic-rest-server
+ExecStart=/usr/bin/rest-server --path /var/lib/restic-rest-server
+Restart=always
+RestartSec=5
+
+# The following options are available (in systemd v247) to restrict the
+# actions of the rest-server.
+
+# As a whole, the purpose of these are to provide an additional layer of
+# security by mitigating any unknown security vulnerabilities which may exist
+# in rest-server or in the libraries, tools and operating system components
+# which it relies upon.
+
+# IMPORTANT!
+# The following line must be customised to your individual requirements.
+ReadWritePaths=/var/lib/restic-rest-server
+
+# Makes created files group-readable, but inaccessible by others
+UMask=027
+
+# If your system doesn't support all of the features below (e.g. because of
+# the use of an older version of systemd), you may wish to comment-out
+# some of the lines below as appropriate.
+CapabilityBoundingSet=
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=yes
+
+# As the listen socket is created by systemd via the rest-server.socket unit, it is
+# no longer necessary for rest-server to have access to the host network namespace.
+PrivateNetwork=yes
+
+PrivateTmp=yes
+PrivateDevices=true
+PrivateUsers=true
+ProtectSystem=strict
+ProtectHome=yes
+ProtectClock=true
+ProtectControlGroups=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectHostname=true
+RemoveIPC=true
+RestrictNamespaces=true
+RestrictAddressFamilies=none
+RestrictSUIDSGID=true
+RestrictRealtime=true
+# if your service crashes with "code=killed, status=31/SYS", you probably tried to run linux_i386 (32bit) binary on a amd64 host
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+# Additionally, you may wish to use some of the systemd options documented in
+# systemd.resource-control(5) to limit the CPU, memory, file-system I/O and
+# network I/O that the rest-server is permitted to consume according to the
+# individual requirements of your installation.
+#CPUQuota=25%
+#MemoryHigh=bytes
+#MemoryMax=bytes
+#MemorySwapMax=bytes
+#TasksMax=N
+#IOReadBandwidthMax=device bytes
+#IOWriteBandwidthMax=device bytes
+#IOReadIOPSMax=device IOPS, IOWriteIOPSMax=device IOPS
+#IPAccounting=true
+#IPAddressAllow=
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-backup/restic-rest-server/files/restic-rest-server.socket b/app-backup/restic-rest-server/files/restic-rest-server.socket
new file mode 100644
index 0000000..3d5a322
--- /dev/null
+++ b/app-backup/restic-rest-server/files/restic-rest-server.socket
@@ -0,0 +1,5 @@
+[Socket]
+ListenStream = 8000
+
+[Install]
+WantedBy = sockets.target
diff --git a/app-backup/restic-rest-server/restic-rest-server-0.13.0.ebuild b/app-backup/restic-rest-server/restic-rest-server-0.13.0.ebuild
new file mode 100644
index 0000000..033a062
--- /dev/null
+++ b/app-backup/restic-rest-server/restic-rest-server-0.13.0.ebuild
@@ -0,0 +1,41 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module systemd
+
+DESCRIPTION="high performance HTTP server that implements restic's REST backend API"
+HOMEPAGE="https://github.com/restic/rest-server"
+SRC_URI="https://github.com/restic/rest-server/releases/download/v${PV}/${P}.tar.gz
+ https://www.whyte.ninja/pub/${P}-vendor.tar.xz"
+S="${WORKDIR}/rest-server-${PV}"
+
+LICENSE="BSD-2"
+SLOT="0"
+KEYWORDS="~amd64"
+
+RDEPEND="${DEPEND}
+ acct-group/restic-rest-server
+ acct-user/restic-rest-server
+"
+
+src_compile() {
+ local mygoargs=(
+ -tags release
+ -ldflags "-X main.version=${PV}"
+ -asmflags "-trimpath=${S}"
+ -gcflags "-trimpath=${S}"
+ )
+
+ ego build "${mygoargs[@]}" -o rest-server ./cmd/rest-server
+}
+
+src_install() {
+ dobin rest-server
+ dodoc AUTHORS CHANGELOG.md README.md
+
+ keepdir /var/lib/restic-rest-server
+
+ systemd_dounit "${FILESDIR}"/restic-rest-server.{service,socket}
+}