summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO10
-rw-r--r--PKGBUILD20
-rw-r--r--config.yml41
-rw-r--r--default-port.patch12
-rw-r--r--gotify-server.service28
-rw-r--r--tmpfiles.d4
6 files changed, 60 insertions, 55 deletions
diff --git a/.SRCINFO b/.SRCINFO
index f2cf4132dcc2..d24b576f4bbd 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = gotify-server
pkgdesc = A simple server for sending and receiving messages in real-time per WebSocket.
pkgver = 2.0.14
- pkgrel = 3
+ pkgrel = 4
url = https://gotify.net/
arch = x86_64
arch = i686
@@ -15,13 +15,13 @@ pkgbase = gotify-server
source = gotify-server-2.0.14.tar.gz::https://github.com/gotify/server/archive/v2.0.14.tar.gz
source = sysusers.d
source = tmpfiles.d
- source = config.yml
source = gotify-server.service
+ source = default-port.patch
sha256sums = 986125b92192e404a2f3af5db510d2d651c6301d218cbb66edd6013f8e8153b0
sha256sums = 2052ac82ceb607701bd505c9df4170bb65c14601a4c8dda3c4ee36fd399c3dfa
- sha256sums = 6d90cb466122331b983fac2d20a53f82c96db3e340297ec218cf296d0083dbc5
- sha256sums = 4023cd8e241accc8e650dd5a93fbad0c3f9c3ca87b1a83d1fd39c83178216dfa
- sha256sums = 9c187715b12269ff4bf6768b1e7813daafb5812df1f3bc010c894c7b736743fa
+ sha256sums = 6993561f2c31860e7a59850ba5c3aac9a061420f72961fd6488e7608d3e68ff5
+ sha256sums = 6220ae0a14147401785c54737f75bd90627cb51cea272e7662d65a63ef5399ca
+ sha256sums = 7366c858a766b926c3d698bd31194ef1bab32de2668c9279a56c445f810a5984
pkgname = gotify-server
diff --git a/PKGBUILD b/PKGBUILD
index a1f3d4f31d2b..4dab87a8c3ea 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,9 +1,9 @@
-# Maintainer: ml <ml@visu.li>
-# @TODO systemd service optimization, systemd socket, ui
+# Maintainer: jmattheis <contact AT jmattheis DOT de>
+# Contributor: ml <ml@visu.li>
pkgname=gotify-server
pkgver=2.0.14
_commit=e56f7bc4c7efdb61fea88a0b65d501277604cefa
-pkgrel=3
+pkgrel=4
pkgdesc='A simple server for sending and receiving messages in real-time per WebSocket.'
arch=('x86_64' 'i686' 'aarch64' 'armv7')
url='https://gotify.net/'
@@ -14,14 +14,18 @@ source=(
"$pkgname-$pkgver.tar.gz::https://github.com/gotify/server/archive/v${pkgver}.tar.gz"
'sysusers.d'
'tmpfiles.d'
- 'config.yml'
'gotify-server.service'
+ 'default-port.patch'
)
sha256sums=('986125b92192e404a2f3af5db510d2d651c6301d218cbb66edd6013f8e8153b0'
'2052ac82ceb607701bd505c9df4170bb65c14601a4c8dda3c4ee36fd399c3dfa'
- '6d90cb466122331b983fac2d20a53f82c96db3e340297ec218cf296d0083dbc5'
- '4023cd8e241accc8e650dd5a93fbad0c3f9c3ca87b1a83d1fd39c83178216dfa'
- '9c187715b12269ff4bf6768b1e7813daafb5812df1f3bc010c894c7b736743fa')
+ '6993561f2c31860e7a59850ba5c3aac9a061420f72961fd6488e7608d3e68ff5'
+ '05b3edff049ad5600c2515279a6e1167dd8e62c2525e3916d807aba35a33362f'
+ '7366c858a766b926c3d698bd31194ef1bab32de2668c9279a56c445f810a5984')
+
+prepare() {
+ patch -N -p1 -d "server-$pkgver" <default-port.patch
+}
build() {
cd "server-$pkgver"
@@ -51,10 +55,10 @@ check() {
package() {
install -Dm644 sysusers.d "$pkgdir/usr/lib/sysusers.d/gotify.conf"
install -Dm644 tmpfiles.d "$pkgdir/usr/lib/tmpfiles.d/gotify.conf"
- install -Dm644 config.yml "$pkgdir/etc/gotify/config.yml"
install -Dm644 gotify-server.service "$pkgdir/usr/lib/systemd/system/gotify-server.service"
cd "server-$pkgver"
install -Dm755 "$pkgname" "$pkgdir/usr/bin/$pkgname"
+ install -Dm640 config.example.yml "$pkgdir/etc/gotify/config.yml"
install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
}
diff --git a/config.yml b/config.yml
deleted file mode 100644
index 4cbcca432ff6..000000000000
--- a/config.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-# Example configuration file for the server.
-# Save it to `config.yml` when edited
-
-server:
- listenaddr: "" # the address to bind on, leave empty to bind on all addresses
- port: 8080 # the port the HTTP server will listen on
-
- ssl:
- enabled: false # if https should be enabled
- redirecttohttps: true # redirect to https if site is accessed by http
- listenaddr: "" # the address to bind on, leave empty to bind on all addresses
- port: 443 # the https port
- certfile: # the cert file (leave empty when using letsencrypt)
- certkey: # the cert key (leave empty when using letsencrypt)
- letsencrypt:
- enabled: false # if the certificate should be requested from letsencrypt
- accepttos: false # if you accept the tos from letsencrypt
- cache: /var/lib/gotify-server/certs # the directory of the cache from letsencrypt
- hosts: # the hosts for which letsencrypt should request certificates
-# - mydomain.tld
-# - myotherdomain.tld
-
- responseheaders: # response headers are added to every response (default: none)
-# Access-Control-Allow-Origin: "*"
-# Access-Control-Allow-Methods: "GET,POST"
-
- stream:
- allowedorigins: # allowed origins for websocket connections (same origin is always allowed)
-# - ".+.example.com"
-# - "otherdomain.com"
-
-database: # for database see (configure database section)
- dialect: sqlite3
- connection: /var/lib/gotify-server/gotify.db
-
-defaultuser: # on database creation, gotify creates an admin user
- name: admin # the username of the default user
- pass: admin # the password of the default user
-passstrength: 10 # the bcrypt password strength (higher = better but also slower)
-uploadedimagesdir: /var/lib/gotify-server/images # the directory for storing uploaded images
-pluginsdir: /var/lib/gotify-server/plugins # the directory where plugin resides
diff --git a/default-port.patch b/default-port.patch
new file mode 100644
index 000000000000..6f4eda05fdbb
--- /dev/null
+++ b/default-port.patch
@@ -0,0 +1,12 @@
+diff -ura package.orig/config.example.yml package.new/config.example.yml
+--- package.orig/config.example.yml 2020-03-08 14:59:02.828681120 +0100
++++ package.new/config.example.yml 2020-03-08 15:00:09.321068531 +0100
+@@ -3,7 +3,7 @@
+
+ server:
+ listenaddr: "" # the address to bind on, leave empty to bind on all addresses
+- port: 80 # the port the HTTP server will listen on
++ port: 8080 # the port the HTTP server will listen on
+
+ ssl:
+ enabled: false # if https should be enabled
diff --git a/gotify-server.service b/gotify-server.service
index 4e87bab05dc1..eaafa54f9ca1 100644
--- a/gotify-server.service
+++ b/gotify-server.service
@@ -7,6 +7,34 @@ Type=simple
User=gotify
Group=gotify
ExecStart=/usr/bin/gotify-server
+WorkingDirectory=~
+ReadOnlyPaths=/etc/gotify/config.yml
+ReadWritePaths=/var/lib/gotify
+UMask=0077
+CapabilityBoundingSet=
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RemoveIPC=true
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
[Install]
WantedBy=multi-user.target
diff --git a/tmpfiles.d b/tmpfiles.d
index 11858fdd7896..10636d675302 100644
--- a/tmpfiles.d
+++ b/tmpfiles.d
@@ -1 +1,3 @@
-d /var/lib/gotify-server 0700 gotify gotify
+d /var/lib/gotify/data 0700 gotify gotify
+z /var/lib/gotify 0700 gotify gotify
+z /etc/gotify/config.yml 0640 root gotify