diff options
-rw-r--r-- | .SRCINFO | 2 | ||||
-rw-r--r-- | PKGBUILD | 13 | ||||
-rwxr-xr-x | matrix-media-repo.service | 58 |
3 files changed, 67 insertions, 6 deletions
@@ -13,6 +13,8 @@ pkgbase = matrix-media-repo depends = imagemagick provides = matrix-media-repo source = git+https://github.com/t2bot/matrix-media-repo.git#tag=v1.3.4 + source = matrix-media-repo.service + sha256sums = SKIP sha256sums = SKIP pkgname = matrix-media-repo @@ -9,12 +9,8 @@ depends=("glibc" "libheif" "libde265" "imagemagick") makedepends=("go" "git") backup=() provides=("matrix-media-repo") -source=("git+https://github.com/t2bot/matrix-media-repo.git#tag=v${pkgver}") -sha256sums=('SKIP') - -function prepare() { - cd "${srcdir}/matrix-media-repo" -} +source=("git+https://github.com/t2bot/matrix-media-repo.git#tag=v${pkgver}" "matrix-media-repo.service") +sha256sums=("SKIP" "SKIP") function build() { cd "${srcdir}/matrix-media-repo" @@ -37,4 +33,9 @@ function package() { mkdir -p "${pkgdir}/usr/lib/matrix-media-repo" cp "${srcdir}/matrix-media-repo/bin"/* "${pkgdir}/usr/lib/matrix-media-repo" chmod 755 -R "${pkgdir}/usr/lib/matrix-media-repo" + install -Dm644 "${srcdir}/matrix-media-repo.service" "${pkgdir}/usr/lib/systemd/system/matrix-media-repo.service" + echo "Home directory for Matrix Media Repo is at: /var/lib/matrix-media-repo" + echo "Configure MMR in /etc/matrix-media-repo.yaml" + install -d "${pkgdir}/etc" + touch "${pkgdir}/etc/matrix-media-repo.yaml" } diff --git a/matrix-media-repo.service b/matrix-media-repo.service new file mode 100755 index 000000000000..629017d53d9e --- /dev/null +++ b/matrix-media-repo.service @@ -0,0 +1,58 @@ +[Unit] +Description=Matrix Media Repo +RequiresMountsFor=/var/lib/private/matrix-media-repo +After=network.target + +[Service] +OOMPolicy=stop +OOMScoreAdjust=10 + +DynamicUser=yes +ExecStartPre=/usr/bin/cp "/etc/matrix-media-repo.yaml" "/var/lib/private/matrix-media-repo/config.yaml" +ExecStart=/usr/lib/matrix-media-repo/media_repo -config /var/lib/private/matrix-media-repo/config.yaml +Restart=always +StateDirectory=matrix-media-repo +WorkingDirectory=/var/lib/private/matrix-media-repo +#CPUQuota=35% +CPUWeight=80 +RestartSec=1s + +ProtectProc=invisible +PrivateUsers=yes +RestrictNamespaces=yes +UMask=077 + +SystemCallFilter=~@clock +SystemCallFilter=~@cpu-emulation +SystemCallFilter=~@debug +SystemCallFilter=~@module +#SystemCallFilter=~@mount +SystemCallFilter=~@obsolete +SystemCallFilter=~@raw-io +SystemCallFilter=~@reboot +SystemCallFilter=~@swap + +CapabilityBoundingSet= +AmbientCapabilities= + +ProtectSystem=strict +ProtectHome=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectHostname=yes +ProtectClock=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RemoveIPC=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target |