From fbea0c32817aa91aeedd07705931ca36fb911c52 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 24 Feb 2019 21:16:18 +0100
Subject: added sytemd units for forlmetschctl(d)

---
 roles/elevate/dolmetsch-raspi/handlers/main.yml        |  4 ++++
 roles/elevate/dolmetsch-raspi/tasks/main.yml           |  9 +++++++++
 .../dolmetsch-raspi/templates/dolmetschctl.service.j2  | 18 ++++++++++++++++++
 .../dolmetsch-raspi/templates/dolmetschctld.service.j2 | 17 +++++++++++++++++
 4 files changed, 48 insertions(+)
 create mode 100644 roles/elevate/dolmetsch-raspi/handlers/main.yml
 create mode 100644 roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2
 create mode 100644 roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2

(limited to 'roles/elevate')

diff --git a/roles/elevate/dolmetsch-raspi/handlers/main.yml b/roles/elevate/dolmetsch-raspi/handlers/main.yml
new file mode 100644
index 00000000..bb7fde2b
--- /dev/null
+++ b/roles/elevate/dolmetsch-raspi/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+- name: reload systemd
+  systemd:
+    daemon_reload: yes
diff --git a/roles/elevate/dolmetsch-raspi/tasks/main.yml b/roles/elevate/dolmetsch-raspi/tasks/main.yml
index f96c3189..c98b0ff4 100644
--- a/roles/elevate/dolmetsch-raspi/tasks/main.yml
+++ b/roles/elevate/dolmetsch-raspi/tasks/main.yml
@@ -52,3 +52,12 @@
     creates: "/opt/dolmetschctl/bin/{{ item }}"
   environment:
     GOPATH: /opt/dolmetschctl
+
+- name: install dolmetschctl systemd units
+  with_items:
+    - dolmetschctl
+    - dolmetschctld
+  template:
+    src: "{{ item }}.service.j2"
+    dest: "/etc/systemd/system/{{ item }}.service"
+  notify: reload systemd
diff --git a/roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2 b/roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2
new file mode 100644
index 00000000..53ce6734
--- /dev/null
+++ b/roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2
@@ -0,0 +1,18 @@
+[Unit]
+Description=dolmetschctl Client
+
+[Service]
+{# TODO: remove hardcoded IP #}
+ExecStart=/opt/dolmetschctl/bin/dolmetschctl 192.168.48.102:8234
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2 b/roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2
new file mode 100644
index 00000000..d26d1313
--- /dev/null
+++ b/roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=dolmetschctl Server
+
+[Service]
+ExecStart=/opt/dolmetschctl/bin/dolmetschctld
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3