Initial commit

6 files changed, 187 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..6dde8d226970
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,29 @@
+pkgbase = sslh-systemd-git
+	pkgdesc = Network port multiplexer. Allows sharing of HTTP, SSL, SSH, OpenVPN, tinc, XMPP, etc. on the same port
+	pkgver = 1.20.r37.g3822352
+	pkgrel = 1
+	url = http://www.rutschle.net/tech/sslh.shtml
+	arch = i686
+	arch = x86_64
+	license = GPL2
+	makedepends = git
+	depends = libcap
+	depends = libconfig
+	depends = libwrap
+	depends = systemd
+	provides = sslh
+	conflicts = sslh
+	backup = etc/sslh/sslh.cfg
+	source = sslh-systemd-git::git+https://github.com/matthewacon/sslh
+	source = sslh.cfg
+	source = sslh.sysusers
+	source = sslh@.service
+	source = sslh-select@.service
+	md5sums = SKIP
+	md5sums = d5405c7ca7e1813e4d49a473e5834640
+	md5sums = f39544277a30595d4b7476b3f87ebbcf
+	md5sums = 59d76639059db542a1ee975cccf8762c
+	md5sums = df50f93f12c4d50dce1b2fa5ec21fe85
+
+pkgname = sslh-systemd-git
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..4dbbf0171e4d
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,68 @@
+# Maintainer: Matthew Barichello <matthewjbarichello@gmail.com>
+
+_pkgname=sslh
+pkgname=$_pkgname-systemd-git
+pkgver=1.20.r37.g3822352
+pkgrel=1
+pkgdesc="Network port multiplexer. Allows sharing of HTTP, SSL, SSH, OpenVPN, tinc, XMPP, etc. on the same port"
+arch=('i686' 'x86_64')
+url='http://www.rutschle.net/tech/sslh.shtml'
+license=('GPL2')
+depends=('libcap' 'libconfig' 'libwrap' 'systemd')
+#makedepends=('git' 'pcre-static')
+makedepends=('git')
+provides=($_pkgname)
+conflicts=($_pkgname)
+backup=('etc/sslh/sslh.cfg')
+source=($pkgname::'git+https://github.com/matthewacon/sslh'
+        'sslh.cfg'
+        'sslh.sysusers'
+        'sslh@.service'
+        'sslh-select@.service')
+md5sums=('SKIP'
+         'd5405c7ca7e1813e4d49a473e5834640'
+         'f39544277a30595d4b7476b3f87ebbcf'
+         '59d76639059db542a1ee975cccf8762c'
+         'df50f93f12c4d50dce1b2fa5ec21fe85')
+
+pkgver() {
+  cd $pkgname
+  git describe --long | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g'
+}
+
+#prepare() {
+#  cd $pkgname
+#  sed -i 's|^\(ExecStart.*\) $DAEMON_OPTS|\1 -F/etc/sslh/sslh.cfg|' sslh\@.service
+#}
+
+build() {
+  cd $pkgname
+  make all
+  make systemd-sslh-generator
+}
+
+package() {
+  # Default config
+  install -Dm644 sslh.cfg "$pkgdir/etc/sslh/sslh.cfg"
+
+  # Systemd
+  install -Dm644 sslh.sysusers "$pkgdir/usr/lib/sysusers.d/sslh.conf"
+  install -Dm644 sslh\@.service "$pkgdir/usr/lib/systemd/system/sslh\@.service"
+  install -Dm644 sslh-select\@.service "$pkgdir/usr/lib/systemd/system/sslh-select\@.service"
+
+  cd $pkgname
+  install -Dm644 scripts/etc.sysconfig.sslh "$pkgdir/etc/conf.d/sslh"
+
+  # Executables
+  install -Dm755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
+  install -Dm755 sslh-select "$pkgdir/usr/bin/sslh-select"
+  ln -s sslh-fork "$pkgdir/usr/bin/sslh"
+  install -Dm755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator" 
+
+  # Manpage
+  install -Dm644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
+
+  # Examples
+  install -Dm644 basic.cfg "$pkgdir/usr/share/doc/$_pkgname/basic.cfg"
+  install -Dm644 example.cfg "$pkgdir/usr/share/doc/$_pkgname/example.cfg"
+ }
diff --git a/sslh-select@.service b/sslh-select@.service
new file mode 100644
index 000000000000..452e8c363d17
--- /dev/null
+++ b/sslh-select@.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=SSL/SSH multiplexer (select mode) for %I
+Conflicts=sslh@%I.service
+Requires=sslh@%I.socket
+PartOf=sslh@%I.socket
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/sslh
+ExecStart=/usr/bin/sslh-select -F/etc/sslh/%I.cfg -f -v 
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sslh.cfg b/sslh.cfg
new file mode 100644
index 000000000000..3a22a6e828e5
--- /dev/null
+++ b/sslh.cfg
@@ -0,0 +1,29 @@
+# Default Arch configuration
+# You can find more examples in /usr/share/doc/sslh
+
+verbose: false;
+foreground: true;
+inetd: false;
+numeric: false;
+transparent: false;
+timeout: 2;
+user: "sslh";
+pidfile: "/run/sslh.pid";
+
+
+listen:
+(
+    { host: "::0"; port: "443"; }
+);
+
+protocols:
+(
+     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
+     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
+     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
+     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+     { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
+     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
+);
+
+# vim:set ts=4 sw=4 et:
diff --git a/sslh.sysusers b/sslh.sysusers
new file mode 100644
index 000000000000..aebff9d6ca77
--- /dev/null
+++ b/sslh.sysusers
@@ -0,0 +1 @@
+u sslh - - -
diff --git a/sslh@.service b/sslh@.service
new file mode 100644
index 000000000000..2273381c1c93
--- /dev/null
+++ b/sslh@.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=SSL/SSH multiplexer (fork mode) for %I
+Conflicts=sslh-select@%I.service
+Requires=sslh@%I.socket
+PartOf=sslh@%I.socket
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/conf.d/sslh
+ExecStart=/usr/bin/sslh-fork -F/etc/sslh/%I.cfg -f -v 
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target