Add initial systemd service/timer units

5 files changed, 94 insertions, 4 deletions

diff --git a/.SRCINFO b/.SRCINFO
index e85d22c251f3..43c220992ee4 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,14 +1,20 @@
 pkgbase = scrutiny
 	pkgdesc = Hard Drive S.M.A.R.T Monitoring, Historical Trends & Real World Failure Thresholds
 	pkgver = 0.3.5
-	pkgrel = 1
+	pkgrel = 2
 	url = https://github.com/AnalogJ/scrutiny
 	arch = x86_64
 	license = MIT
 	makedepends = go
 	depends = glibc
 	source = https://github.com/AnalogJ/scrutiny/archive/0.3.5.tar.gz
+	source = scrutiny.service
+	source = scrutiny-collector-metrics.service
+	source = scrutiny-collector-metrics.timer
 	sha512sums = 815842576ca2126c9c53ece283a9c9c30eba14a0d3727331b1634bcdebaeb2a086a9bfe8a68ec2f8c82549bb673a147b4760118437b982489d4a63ee73fdd29c
+	sha512sums = 189b4fe46ed0e4dfab63cebe4c94cbdc24894b7cb59cded3d659f2741d33733eda36487912f2f5534eb45665b5f9916dbdb03626eb5e1eb0ed46981985ba69c7
+	sha512sums = eb48dac311ecfd25b0a2e06d2168319e5616d0f18dcbb3014db8b7b3d224ce7c82f206c90f714ff8e58353990b1c7c3848f885d223357873abd70ec74df00c07
+	sha512sums = 2108d3d619e3e6188162beb05648d436a73a3c63e526222f6037a701e8368c45395b60e2668fe8625b713d2a6a30812013c14dcb3c5de321f4d2bc153f01c5cc
 
 pkgname = scrutiny
 	depends = glibc
diff --git a/PKGBUILD b/PKGBUILD
index ed5170561a04..470da8155c0e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,15 +3,25 @@
 pkgbase="scrutiny"
 pkgname=("scrutiny" "scrutiny-collector")
 pkgver=0.3.5
-pkgrel=1
+pkgrel=2
 pkgdesc="Hard Drive S.M.A.R.T Monitoring, Historical Trends & Real World Failure Thresholds"
 url="https://github.com/AnalogJ/scrutiny"
 license=("MIT")
 arch=("x86_64")
 depends=("glibc")
 makedepends=("go")
-source=("https://github.com/AnalogJ/scrutiny/archive/${pkgver}.tar.gz")
-sha512sums=("815842576ca2126c9c53ece283a9c9c30eba14a0d3727331b1634bcdebaeb2a086a9bfe8a68ec2f8c82549bb673a147b4760118437b982489d4a63ee73fdd29c")
+source=(
+    "https://github.com/AnalogJ/scrutiny/archive/${pkgver}.tar.gz"
+    "scrutiny.service"
+    "scrutiny-collector-metrics.service"
+    "scrutiny-collector-metrics.timer"
+)
+sha512sums=(
+    "815842576ca2126c9c53ece283a9c9c30eba14a0d3727331b1634bcdebaeb2a086a9bfe8a68ec2f8c82549bb673a147b4760118437b982489d4a63ee73fdd29c"
+    "189b4fe46ed0e4dfab63cebe4c94cbdc24894b7cb59cded3d659f2741d33733eda36487912f2f5534eb45665b5f9916dbdb03626eb5e1eb0ed46981985ba69c7"
+    "eb48dac311ecfd25b0a2e06d2168319e5616d0f18dcbb3014db8b7b3d224ce7c82f206c90f714ff8e58353990b1c7c3848f885d223357873abd70ec74df00c07"
+    "2108d3d619e3e6188162beb05648d436a73a3c63e526222f6037a701e8368c45395b60e2668fe8625b713d2a6a30812013c14dcb3c5de321f4d2bc153f01c5cc"
+)
 
 build() {
     cd "scrutiny-${pkgver}"
@@ -36,6 +46,9 @@ package_scrutiny-collector() {
     install -Dm755 scrutiny-collector-selftest "${pkgdir}/usr/bin/scrutiny-collector-selftest"
     install -Dm755 scrutiny-collector-metrics "${pkgdir}/usr/bin/scrutiny-collector-metrics"
 
+    install -Dm644 "${srcdir}/scrutiny-collector-metrics.service" "${pkgdir}/usr/lib/systemd/system/scrutiny-collector-metrics.service"
+    install -Dm644 "${srcdir}/scrutiny-collector-metrics.timer" "${pkgdir}/usr/lib/systemd/system/scrutiny-collector-metrics.timer"
+
     install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/scrutiny-collector/LICENSE"
     install -Dm644 example.collector.yaml "${pkgdir}/usr/share/doc/scrutiny-collector/config.example.yaml"
 }
@@ -47,6 +60,8 @@ package_scrutiny() {
 
     install -Dm755 scrutiny "${pkgdir}/usr/bin/scrutiny"
 
+    install -Dm644 "${srcdir}/scrutiny.service" "${pkgdir}/usr/lib/systemd/system/scrutiny.service"
+
     install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/scrutiny/LICENSE"
     install -Dm644 example.scrutiny.yaml "${pkgdir}/usr/share/doc/scrutiny/config.example.yaml"
 }
diff --git a/scrutiny-collector-metrics.service b/scrutiny-collector-metrics.service
new file mode 100644
index 000000000000..84a7ce7a0ba8
--- /dev/null
+++ b/scrutiny-collector-metrics.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=Scrutiny Collector - Metrics
+After=network-online.target
+
+[Service]
+Type=oneshot
+DynamicUser=yes
+ExecStart=/usr/bin/scrutiny-collector-metrics --config /etc/scrutiny/scrutiny-collector-metrics.yaml
+
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+ProtectHostname=yes
+ProtectClock=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+# These capabilities are necessary for smartctl
+CapabilityBoundingSet=SYS_RAWIO SYS_ADMIN
+AmbientCapabilities=SYS_RAWIO SYS_ADMIN
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scrutiny-collector-metrics.timer b/scrutiny-collector-metrics.timer
new file mode 100644
index 000000000000..10b8dbe70e7c
--- /dev/null
+++ b/scrutiny-collector-metrics.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Timer for Scrutiny Collector - Metrics
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=15min
+
+[Install]
+WantedBy=timers.target
diff --git a/scrutiny.service b/scrutiny.service
new file mode 100644
index 000000000000..294d213f2459
--- /dev/null
+++ b/scrutiny.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=Scrutiny Server
+After=network-online.target
+
+[Service]
+Type=simple
+User=scrutiny
+Group=scrutiny
+ExecStart=/usr/bin/scrutiny --config /etc/scrutiny/scrutiny.yaml
+Restart=always
+RestartSec=10s
+
+NoNewPrivileges=yes
+ProtectHome=yes
+ProtectSystem=strict
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+ProtectHostname=yes
+ProtectClock=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+CapabilityBoundingSet=
+
+[Install]
+WantedBy=multi-user.target