diff options
author | Gilles Dartiguelongue <eva@gentoo.org> | 2024-11-11 20:33:11 +0100 |
---|---|---|
committer | Gilles Dartiguelongue <eva@gentoo.org> | 2024-11-11 20:33:11 +0100 |
commit | 0236dd1b8e8dfd348d974487986653ba282163ba (patch) | |
tree | a01c45973b4220089e48778e27dc8fb6d05dfcff | |
parent | acct-user/restic-rest-server: new package, add 0 (diff) | |
download | eva-0236dd1b8e8dfd348d974487986653ba282163ba.tar.gz eva-0236dd1b8e8dfd348d974487986653ba282163ba.tar.bz2 eva-0236dd1b8e8dfd348d974487986653ba282163ba.zip |
Signed-off-by: Gilles Dartiguelongue <eva@gentoo.org>
4 files changed, 129 insertions, 0 deletions
diff --git a/app-backup/restic-rest-server/Manifest b/app-backup/restic-rest-server/Manifest index 48e3f97..1d04b74 100644 --- a/app-backup/restic-rest-server/Manifest +++ b/app-backup/restic-rest-server/Manifest @@ -1,2 +1,4 @@ DIST restic-rest-server-0.12.1-deps.tar.xz 11805964 BLAKE2B e3f909ac026bcd2bb869452bd06b8c3a89d25b0a67c32775b742c5907d79a8190f174c4f61ef5d5bcd9ade49366dbf9176deb6bd3e5f59427c9b7f107ed32b4b SHA512 d40fb86604b4440e61dbf1989347537939a64f8b56ba09400763d134f1935e3f7c5e91e4c4d96a9f0a324762845094d6fd02917a542ba9efe276685df442ccdf DIST restic-rest-server-0.12.1.tar.gz 281233 BLAKE2B 52400755fb4986659f529f416588f45ec64e1d546c6a8d07bc239bbf0dc779d4740e28cf99525fb4e1276e49564efe663819b50f4e16b657301c313d13975504 SHA512 113a1b310845bafe92fc4ee60aadd0f0dc8c5f4f1676706c89c48e291937c616ee33b57febd7a41d99dc57adb250e7f34de1c302cf685a44f009585acaccde44 +DIST restic-rest-server-0.13.0-vendor.tar.xz 911512 BLAKE2B de40eb7451f0afa9cd7f13ba01689ba360d44de098c67a038ab3b7d94e0f17fecb1238817934316c299ee101b1d1bf48d239a3597a13a8ae6d48857b848a4c49 SHA512 d92b6614082390e8e9a228ac04b749fd4fc376914eeeaa406858094c6e2fa8cc65e2a2818cb65781b20c9f0cb7c45a9c9271c52796786270aae076a5dfd6baaf +DIST restic-rest-server-0.13.0.tar.gz 265324 BLAKE2B de321975ca889a39c00caeac0a6402dd241faf8e55cf8c949861ddab782524ac8593c8847e14fe53eb7e82f9a912a2288ce35236e2f3f15123164ca90cbf96fe SHA512 145ad2da7838a695c8f076298f741b7b6a5013965741d96d766ed0082a58d8361f2bfcf42f39d775577c9d5ea909134f3a2ba5b2604c33ac6fc39d709b78d79d diff --git a/app-backup/restic-rest-server/files/restic-rest-server.service b/app-backup/restic-rest-server/files/restic-rest-server.service new file mode 100644 index 0000000..2520cc5 --- /dev/null +++ b/app-backup/restic-rest-server/files/restic-rest-server.service @@ -0,0 +1,81 @@ +[Unit] +Description=Restic REST Server +After=syslog.target +After=network.target +Requires=restic-rest-server.socket +After=restic-rest-server.socket + +[Service] +Type=simple +# You may prefer to use a different user or group on your system. +User=restic-rest-server +Group=restic-rest-server +ExecStart=/usr/bin/rest-server --path /var/lib/restic-rest-server +Restart=always +RestartSec=5 + +# The following options are available (in systemd v247) to restrict the +# actions of the rest-server. + +# As a whole, the purpose of these are to provide an additional layer of +# security by mitigating any unknown security vulnerabilities which may exist +# in rest-server or in the libraries, tools and operating system components +# which it relies upon. + +# IMPORTANT! +# The following line must be customised to your individual requirements. +ReadWritePaths=/var/lib/restic-rest-server + +# Makes created files group-readable, but inaccessible by others +UMask=027 + +# If your system doesn't support all of the features below (e.g. because of +# the use of an older version of systemd), you may wish to comment-out +# some of the lines below as appropriate. +CapabilityBoundingSet= +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=yes + +# As the listen socket is created by systemd via the rest-server.socket unit, it is +# no longer necessary for rest-server to have access to the host network namespace. +PrivateNetwork=yes + +PrivateTmp=yes +PrivateDevices=true +PrivateUsers=true +ProtectSystem=strict +ProtectHome=yes +ProtectClock=true +ProtectControlGroups=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectHostname=true +RemoveIPC=true +RestrictNamespaces=true +RestrictAddressFamilies=none +RestrictSUIDSGID=true +RestrictRealtime=true +# if your service crashes with "code=killed, status=31/SYS", you probably tried to run linux_i386 (32bit) binary on a amd64 host +SystemCallArchitectures=native +SystemCallFilter=@system-service + +# Additionally, you may wish to use some of the systemd options documented in +# systemd.resource-control(5) to limit the CPU, memory, file-system I/O and +# network I/O that the rest-server is permitted to consume according to the +# individual requirements of your installation. +#CPUQuota=25% +#MemoryHigh=bytes +#MemoryMax=bytes +#MemorySwapMax=bytes +#TasksMax=N +#IOReadBandwidthMax=device bytes +#IOWriteBandwidthMax=device bytes +#IOReadIOPSMax=device IOPS, IOWriteIOPSMax=device IOPS +#IPAccounting=true +#IPAddressAllow= + +[Install] +WantedBy=multi-user.target diff --git a/app-backup/restic-rest-server/files/restic-rest-server.socket b/app-backup/restic-rest-server/files/restic-rest-server.socket new file mode 100644 index 0000000..3d5a322 --- /dev/null +++ b/app-backup/restic-rest-server/files/restic-rest-server.socket @@ -0,0 +1,5 @@ +[Socket] +ListenStream = 8000 + +[Install] +WantedBy = sockets.target diff --git a/app-backup/restic-rest-server/restic-rest-server-0.13.0.ebuild b/app-backup/restic-rest-server/restic-rest-server-0.13.0.ebuild new file mode 100644 index 0000000..033a062 --- /dev/null +++ b/app-backup/restic-rest-server/restic-rest-server-0.13.0.ebuild @@ -0,0 +1,41 @@ +# Copyright 2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module systemd + +DESCRIPTION="high performance HTTP server that implements restic's REST backend API" +HOMEPAGE="https://github.com/restic/rest-server" +SRC_URI="https://github.com/restic/rest-server/releases/download/v${PV}/${P}.tar.gz + https://www.whyte.ninja/pub/${P}-vendor.tar.xz" +S="${WORKDIR}/rest-server-${PV}" + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="~amd64" + +RDEPEND="${DEPEND} + acct-group/restic-rest-server + acct-user/restic-rest-server +" + +src_compile() { + local mygoargs=( + -tags release + -ldflags "-X main.version=${PV}" + -asmflags "-trimpath=${S}" + -gcflags "-trimpath=${S}" + ) + + ego build "${mygoargs[@]}" -o rest-server ./cmd/rest-server +} + +src_install() { + dobin rest-server + dodoc AUTHORS CHANGELOG.md README.md + + keepdir /var/lib/restic-rest-server + + systemd_dounit "${FILESDIR}"/restic-rest-server.{service,socket} +} |