Compare commits

...

1 commit

Author SHA1 Message Date
Ada
be25ecc018
📦 Make packaging 2024-03-10 01:19:19 +01:00
3 changed files with 113 additions and 0 deletions

2
.gitignore vendored
View file

@ -22,3 +22,5 @@ plakken
# Go workspace file # Go workspace file
go.work go.work
.idea/discord.xml .idea/discord.xml
dist/

78
.goreleaser.yaml Normal file
View file

@ -0,0 +1,78 @@
# This is an example .goreleaser.yml file with some sensible defaults.
# Make sure to check the documentation at https://goreleaser.com
# The lines below are called `modelines`. See `:help modeline`
# Feel free to remove those if you don't want/need to use them.
# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
# vim: set ts=2 sw=2 tw=0 fo=cnqoj
version: 1
before:
hooks:
# You may remove this if you don't use go modules.
- go mod tidy
builds:
-
env:
- CGO_ENABLED=0
goos:
- linux
- windows
- darwin
goarch:
- amd64
- arm
- arm64
archives:
- format: tar.gz
# this name template makes the OS and Arch compatible with the results of `uname`.
name_template: >-
{{ .ProjectName }}_
{{- title .Os }}_
{{- if eq .Arch "amd64" }}x86_64
{{- else if eq .Arch "386" }}i386
{{- else }}{{ .Arch }}{{ end }}
{{- if .Arm }}v{{ .Arm }}{{ end }}
# use zip for windows archives
format_overrides:
- goos: windows
format: zip
nfpms:
-
id: plakken
package_name: plakken
file_name_template: "{{ .ConventionalFileName }}"
vendor: GnousEU
homepage: https://git.gnous.eu/plakken/
maintainer: Ada <ada@gnous.eu>
description: A light paste server
license: AGPLv3
formats:
- apk
- deb
- rpm
- archlinux
umask: 0o002
provides:
- plakken
suggests:
- redis
contents:
- src: .env
dst: /etc/plakken/env
- src: plakken.service
dst: /usr/lib/systemd/system/plakken.service
checksum:
algorithm: sha256
changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"

33
plakken.service Normal file
View file

@ -0,0 +1,33 @@
[Unit]
Description=A paste server
After=network.target
[Service]
Type=simple
User=plakken
ExecStart=/usr/bin/plakken
EnvironmentFile=/etc/plakken/env
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=true
RestrictNamespaces=true
PrivateTmp=true
PrivateDevices=true
ProtectClock=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectKernelModules=true
LockPersonality=true
RestrictSUIDSGID=true
RemoveIPC=true
RestrictRealtime=true
SystemCallFilter=@system-service
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target