add existing pkgbuilds

4 files changed, 83 insertions, 0 deletions

diff --git a/gnix-git/PKGBUILD b/gnix-git/PKGBUILD
new file mode 100644
index 0000000..decaa4e
--- /dev/null
+++ b/gnix-git/PKGBUILD
@@ -0,0 +1,41 @@
+# Maintainer: metamuffin <metamuffin@disroot.org>
+
+pkgname=gnix-git
+pkgver=r87.2a576e6
+pkgrel=1
+pkgdesc="a simple stupid http reverse proxy"
+arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64')
+url="https://codeberg.org/metamuffin/gnix"
+license=('AGPL3')
+makedepends=('rustup')
+conflics=('gnix')
+provides=('gnix')
+backup=('etc/gnix.yaml')
+source=("git+https://codeberg.org/metamuffin/gnix.git"
+        "gnix.service"
+        "config.yaml"
+        "sysusers.conf")
+sha256sums=("SKIP"
+            "SKIP"
+            "SKIP"
+            "SKIP")
+pkgver() {
+    cd "gnix"
+    printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
+}
+prepare() {
+    cd "gnix"
+    cargo +nightly fetch --locked --target "$CHOST"
+}
+build() {
+    cd "gnix"
+    cargo +nightly build --frozen --release --target "$CHOST"
+}
+package() {
+    install -Dm755 gnix/target/$CHOST/release/gnix "$pkgdir/usr/bin/gnix"
+    install -Dm644 gnix/src/modules/auth/login.html "$pkgdir/usr/share/gnix/login.html"
+    install -Dm644 config.yaml "$pkgdir/etc/gnix.yaml"
+    install -Dm644 sysusers.conf "$pkgdir/usr/lib/sysusers.d/gnix.conf"
+    install -Dm644 gnix.service "$pkgdir/usr/lib/systemd/system/gnix.service"
+    install -Dm644 gnix/COPYING "$pkgdir/usr/share/licenses/gnix/COPYING"
+}
diff --git a/gnix-git/config.yaml b/gnix-git/config.yaml
new file mode 100644
index 0000000..85dc121
--- /dev/null
+++ b/gnix-git/config.yaml
@@ -0,0 +1,7 @@
+http:
+    bind: "0.0.0.0:80"
+
+handler: !hosts
+    "example.org": !files
+        root: "/srv/http"
+        index: true
diff --git a/gnix-git/gnix.service b/gnix-git/gnix.service
new file mode 100644
index 0000000..95593f5
--- /dev/null
+++ b/gnix-git/gnix.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=gnix http reverse proxy
+After=network.target
+Wants=network-online.target
+
+[Service]
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ExecStart=/usr/bin/gnix /etc/gnix.yaml
+User=gnix
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=true
+PrivateTmp=true
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=true
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK
+RestrictNamespaces=yes
+RestrictSUIDSGID=yes
+RestrictRealtime=yes
+Restart=always
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+Type=simple
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gnix-git/sysusers.conf b/gnix-git/sysusers.conf
new file mode 100644
index 0000000..f452f5d
--- /dev/null
+++ b/gnix-git/sysusers.conf
@@ -0,0 +1 @@
+u gnix - "gnix http reverse proxy" - -