colin/buffybox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add buffyboard systemd service

Browse Source 
this is an optional feature. systemd distributions wishing to deploy
buffyboard may add `WantedBy=getty.target` to the Install section.
This commit is contained in:
Colin
2024-10-12 05:11:16 +00:00
parent c683350b9f
commit 18a7a1eac0
3 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
buffyboard/buffyboard.service.in Normal file
View File

@@ -0,0 +1,38 @@
[Unit]
Documentation=https://gitlab.postmarketos.org/postmarketOS/buffybox
[Service]
ExecStart=@bindir@/buffyboard
Restart=on-failure
# Allow access to input devices, framebuffer, tty
DevicePolicy=closed
DeviceAllow=/dev/uinput rw
DeviceAllow=char-fb rw
DeviceAllow=char-input rw
DeviceAllow=char-tty rw
# udev requires some limited networking
RestrictAddressFamilies=AF_NETLINK
# Hardening
CapabilityBoundingSet=
NoNewPrivileges=true
RestrictSUIDSGID=true
PrivateMounts=true
PrivateTmp=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RemoveIPC=true
LockPersonality=true
MemoryDenyWriteExecute=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources

14
buffyboard/meson.build
View File

@@ -24,3 +24,17 @@ executable('buffyboard',
install_data('buffyboard.conf', install_dir: get_option('sysconfdir')) install_data('buffyboard.conf', install_dir: get_option('sysconfdir'))
systemd = dependency('systemd', required: get_option('systemd-service'))
if systemd.found()
system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
configure_file(
input : 'buffyboard.service.in',
output : 'buffyboard.service',
install : true,
install_dir : get_option('prefix') / system_unit_dir,
configuration : {
'bindir' : get_option('prefix') / get_option('bindir'),
},
)
endif

1
meson_options.txt
View File

@@ -1,2 +1,3 @@
option('with-drm', type: 'feature', value: 'auto', description: 'Enable DRM backend') option('with-drm', type: 'feature', value: 'auto', description: 'Enable DRM backend')
option('man', type: 'boolean', value: true, description: 'Install manual pages') option('man', type: 'boolean', value: true, description: 'Install manual pages')
option('systemd-buffyboard-service', type: 'bool', value: 'auto', description: 'Install systemd service file for buffyboard')