feat: package systemd unit

Carlos Alexandro Becker created 

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

Change summary

.nfpm/postinstall.sh | 14 ++++++++++++++
.nfpm/postremove.sh  |  6 ++++++
.nfpm/soft.conf      |  6 ++++++
.nfpm/soft.service   | 45 +++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 71 insertions(+)

Detailed changes

.nfpm/postinstall.sh 🔗 

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+if ! command -V systemctl >/dev/null 2>&1; then
+    echo "Not running SystemD, ignoring"
+	exit 0
+fi
+
+echo "Enabling and starting soft.service"
+systemctl daemon-reload
+systemctl unmask soft.service
+systemctl preset soft.service
+systemctl enable soft.service
+systemctl restart soft.service

.nfpm/postremove.sh 🔗 

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+systemctl stop soft.service
+systemctl disable soft.service
+systemctl daemon-reload

.nfpm/soft.conf 🔗 

@@ -0,0 +1,6 @@
+#SOFT_SERVE_PORT=23231
+#SOFT_SERVE_HOST=domain.tld
+#SOFT_SERVE_BIND_ADDRESS=0.0.0.0
+#SOFT_SERVE_KEY_PATH=.ssh/soft_serve_server_ed25519
+#SOFT_SERVE_INITIAL_ADMIN_KEYS='ssh-ed25519 AAAAC3NzaC1lZDI1...'
+SOFT_SERVE_DATA_PATH=/var/local/lib/soft-serve

.nfpm/soft.service 🔗 

@@ -0,0 +1,45 @@
+[Unit]
+Description=Soft Serve git server 🍦
+Documentation=https://github.com/charmbracelet/soft-serve
+Requires=network-online.target
+After=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+# Hardening
+ReadWritePaths=/var/lib/soft-serve
+UMask=0027
+NoNewPrivileges=true
+LimitNOFILE=1048576
+ProtectSystem=strict
+ProtectHome=true
+PrivateUsers=yes
+PrivateTmp=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+CapabilityBoundingSet=
+AmbientCapabilities=
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+SystemCallArchitectures=native
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=1
+ExecStartPre=mkdir -p /var/local/lib/soft-serve
+ExecStart=/usr/bin/soft serve
+EnvironmentFile=-/etc/soft.conf