add buffyboard systemd service

this is an optional feature. systemd distributions wishing to deploy buffyboard may add `WantedBy=getty.target` to the Install section.
2024-10-12 05:11:16 +00:00
parent c683350b9f
commit 18a7a1eac0
3 changed files with 53 additions and 0 deletions
--- a/buffyboard/buffyboard.service.in
+++ b/buffyboard/buffyboard.service.in
@@ -0,0 +1,38 @@
+[Unit]
+Documentation=https://gitlab.postmarketos.org/postmarketOS/buffybox
+
+[Service]
+ExecStart=@bindir@/buffyboard
+Restart=on-failure
+
+# Allow access to input devices, framebuffer, tty
+DevicePolicy=closed
+DeviceAllow=/dev/uinput rw
+DeviceAllow=char-fb rw
+DeviceAllow=char-input rw
+DeviceAllow=char-tty rw
+# udev requires some limited networking
+RestrictAddressFamilies=AF_NETLINK
+
+# Hardening
+CapabilityBoundingSet=
+NoNewPrivileges=true
+RestrictSUIDSGID=true
+PrivateMounts=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RemoveIPC=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+SystemCallFilter=~@resources
--- a/buffyboard/meson.build
+++ b/buffyboard/meson.build
@@ -24,3 +24,17 @@ executable('buffyboard',

 install_data('buffyboard.conf', install_dir: get_option('sysconfdir'))

+systemd = dependency('systemd', required: get_option('systemd-service'))
+if systemd.found()
+    system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
+
+    configure_file(
+      input : 'buffyboard.service.in',
+      output : 'buffyboard.service',
+      install : true,
+      install_dir : get_option('prefix') / system_unit_dir,
+      configuration : {
+        'bindir' : get_option('prefix') / get_option('bindir'),
+      },
+    )
+endif
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,2 +1,3 @@
 option('with-drm', type: 'feature', value: 'auto', description: 'Enable DRM backend')
 option('man', type: 'boolean', value: true, description: 'Install manual pages')
+option('systemd-buffyboard-service', type: 'bool', value: 'auto', description: 'Install systemd service file for buffyboard')