diff options
author | nulldev | 2021-10-26 12:24:35 -0400 |
---|---|---|
committer | nulldev | 2021-10-26 12:24:35 -0400 |
commit | 9383aa6a46dc59ea2b6f03d5215d8312a509d31a (patch) | |
tree | e947495572834a09b1662b416a8d3eca0cae2fd1 | |
parent | 92c3a01c6867210c1f550eb66bf489bdd33ff30c (diff) | |
download | aur-9383aa6a46dc59ea2b6f03d5215d8312a509d31a.tar.gz |
Add systemd service
-rw-r--r-- | PKGBUILD | 21 | ||||
-rw-r--r-- | example.conf | 34 | ||||
-rw-r--r-- | onetun.target | 2 | ||||
-rw-r--r-- | onetun@.service | 23 |
4 files changed, 76 insertions, 4 deletions
@@ -7,8 +7,18 @@ arch=('x86_64' 'i686' 'pentium4' 'aarch64' 'armv7h' 'armv6h') url="https://github.com/aramperes/onetun" license=('MIT') makedepends=('cargo') -source=("$url/archive/v$pkgver.tar.gz") -sha256sums=('3e5e025104be2c601a7b4d528adae0b0fc98ff99f098d5b5d8d6a6ae70d61d58') +source=( + "$url/archive/v$pkgver.tar.gz" + "$pkgname@.service" + "$pkgname.target" + "example.conf" +) +sha256sums=( + '3e5e025104be2c601a7b4d528adae0b0fc98ff99f098d5b5d8d6a6ae70d61d58' + 'SKIP' + 'SKIP' + 'SKIP' +) build() { cd "$pkgname-$pkgver" @@ -16,8 +26,11 @@ build() { } package() { - cd "$pkgname-$pkgver" + install -Dm644 "$pkgname@.service" -t "$pkgdir/usr/lib/systemd/system/" + install -Dm644 "$pkgname.target" -t "$pkgdir/usr/lib/systemd/system/" + install -Dm755 "example.conf" -t "$pkgdir/usr/share/$pkgname/" - mkdir -p "$pkgdir/usr/bin/" + cd "$pkgname-$pkgver" + install -dm0700 "$pkgdir/etc/$pkgname/" install -Dm755 "target/release/onetun" "$pkgdir/usr/bin/onetun" } diff --git a/example.conf b/example.conf new file mode 100644 index 000000000000..87cdc8c7cbab --- /dev/null +++ b/example.conf @@ -0,0 +1,34 @@ +# This file configures onetun using environment variables +# See onetun --help for more information + +# The address (IP + port) of the Wireguard endpoint (remote). +ONETUN_ENDPOINT_ADDR=1.2.3.4:51820 + +# The public key of the Wireguard endpoint (remote). +ONETUN_ENDPOINT_PUBLIC_KEY=9Ztnedd1CxaLoWcxCCAusdamG2ag3ZRKtTLEEChnN2g= + +# Configures a persistent keep-alive for the WireGuard tunnel, in seconds. +# ONETUN_KEEP_ALIVE= + +# Configures the log level and format. +# ONETUN_LOG= + +# The private key of this peer. The corresponding public key should be registered in the Wireguard endpoint. +# You can also use 'ONETUN_PRIVATE_KEY_FILE=' to specify a file containing the key instead. +ONETUN_PRIVATE_KEY=uG76ogG4mYlOVe7N9+FEML790Zumecacihitssd/yF0= + +# The path to a file containing the private key of this peer. The corresponding public key should be registered in the Wireguard endpoint. +# ONETUN_PRIVATE_KEY_FILE= + +# The source IP to identify this peer as (local). +ONETUN_SOURCE_PEER_IP=192.168.4.3 + +# Port forward configurations. The format of each argument is +# [src_host:]<src_port>:<dst_host>:<dst_port>[:TCP,UDP,...], where [src_host] is the local IP +# to listen on, <src_port> is the local port to listen on, <dst_host> is the remote peer IP +# to forward to, and <dst_port> is the remote port to forward to. Environment variables must be +# of the form 'ONETUN_PORT_FORWARD_[#]', where [#] starts at 1. +ONETUN_PORT_FORWARD_1=127.0.0.1:80:10.0.0.2:8080:TCP +ONETUN_PORT_FORWARD_2=127.0.0.1:443:10.0.0.2:8443:TCP,UDP +ONETUN_PORT_FORWARD_3=127.0.0.1:1900:10.0.0.2:1900 + diff --git a/onetun.target b/onetun.target new file mode 100644 index 000000000000..f6bf9c012b40 --- /dev/null +++ b/onetun.target @@ -0,0 +1,2 @@ +[Unit] +Description=onetun instances diff --git a/onetun@.service b/onetun@.service new file mode 100644 index 000000000000..5f2881705157 --- /dev/null +++ b/onetun@.service @@ -0,0 +1,23 @@ +[Unit] +Description=onetun %I +After=network-online.target nss-lookup.target +Wants=network-online.target nss-lookup.target +PartOf=onetun.target + +[Service] +Type=simple +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=strict +ProtectHome=yes # Prevent service from reading files in /home +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +MemoryDenyWriteExecute=yes +LockPersonality=yes +ExecStart=/usr/bin/onetun +EnvironmentFile=/etc/onetun/%i.conf + +[Install] +WantedBy=multi-user.target |