Skip to content

Commit

Permalink
feat: systemd unit for zia-client in deb package
Browse files Browse the repository at this point in the history
  • Loading branch information
Conni2461 committed Oct 25, 2024
1 parent e21cd04 commit 5d70998
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 1 deletion.
10 changes: 9 additions & 1 deletion zia-client/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "zia-client"
version = "0.0.0-git"
version = "0.2.9-1"
edition = "2021"
authors = ["Marcel <https://m4rc3l.de>"]
license = "AGPL-3.0"
Expand All @@ -25,6 +25,14 @@ anyhow = { version = "1.0", default-features = false }
hyper-util = { version = "0.1", features = ["tokio"] }
hyper = { version = "1.4", default-features = false }

[package.metadata.deb]
maintainer-scripts = "debian/"
systemd-units = { enable = false }
assets = [
["target/release/zia-client", "/usr/bin/zia-client", "755"],
["debian/default", "/etc/zia-client", "644"]
]

[package.metadata.generate-rpm]
assets = [
{ source = "../LICENSE", dest = "/usr/share/doc/zia-client/LICENSE", doc = true, mode = "0644" },
Expand Down
8 changes: 8 additions & 0 deletions zia-client/debian/default
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# public websocket listener (client -> ZIA_UPSTREAM)
ZIA_LISTEN_ADDR=127.0.0.1:8090

# your actual udp service e.g. wireguard listener
#ZIA_UPSTREAM=wss://domain.tld/ws

ZIA_COUNT=4
ZIA_WS_MASKING=true
37 changes: 37 additions & 0 deletions zia-client/debian/service
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
[Unit]
Description=Proxy udp over websocket, zia client
After=network.target

[Service]
Type=simple
Restart=always
ExecStart=/usr/bin/zia-client
EnvironmentFile=/etc/zia-client

ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictSUIDSGID=true
PrivateMounts=true
RemoveIPC=true
UMask=0077
CapabilityBoundingSet=
NoNewPrivileges=true
ProtectKernelModules=true
SystemCallArchitectures=native
ProtectKernelLogs=true
ProtectClock=true
RestrictAddressFamilies=
PrivateNetwork=true
LockPersonality=true
ProtectHostname=true
RestrictRealtime=true
MemoryDenyWriteExecute=true
PrivateUsers=true
RestrictNamespaces=true

[Install]
WantedBy=multi-user.target

0 comments on commit 5d70998

Please sign in to comment.