summaryrefslogtreecommitdiff
path: root/gnix
diff options
context:
space:
mode:
Diffstat (limited to 'gnix')
-rw-r--r--gnix/PKGBUILD36
-rw-r--r--gnix/config.yaml7
-rw-r--r--gnix/gnix.service34
-rw-r--r--gnix/sysusers.conf1
4 files changed, 78 insertions, 0 deletions
diff --git a/gnix/PKGBUILD b/gnix/PKGBUILD
new file mode 100644
index 0000000..d4bd744
--- /dev/null
+++ b/gnix/PKGBUILD
@@ -0,0 +1,36 @@
+# Maintainer: metamuffin <metamuffin@disroot.org>
+
+pkgname=gnix
+pkgver=2.2.0
+pkgrel=1
+pkgdesc="a simple stupid http reverse proxy"
+arch=('i686' 'x86_64' 'armv6h' 'armv7h' 'aarch64')
+url="https://codeberg.org/metamuffin/gnix"
+license=('AGPL3')
+makedepends=('rustup')
+backup=('etc/gnix.yaml')
+source=("$pkgname-$pkgver.tar.gz::https://codeberg.org/metamuffin/gnix/archive/v$pkgver.tar.gz"
+ "gnix.service"
+ "config.yaml"
+ "sysusers.conf")
+sha256sums=('9ff1ebbf496c7c1df613fc46820091b92775816785d0026ddced6012204e8b1c'
+ 'a80df54a4e44960decf43ad618dc1afef9cc498370460362e91646ac3f95358e'
+ 'dae3df7d0d521b075d16ab518bc321a63bc0ca7822b814aed6e00402577d380b'
+ '9e03be16b1b3dd4c0d0e5feb5c31221758b68a54bad5ba7232e8565d766ea620')
+
+prepare() {
+ cd "gnix"
+ cargo +nightly fetch --locked --target "$CHOST"
+}
+build() {
+ cd "gnix"
+ cargo +nightly build --frozen --release --target "$CHOST"
+}
+package() {
+ install -Dm755 gnix/target/$CHOST/release/gnix "$pkgdir/usr/bin/gnix"
+ install -Dm644 gnix/src/modules/auth/login.html "$pkgdir/usr/share/gnix/login.html"
+ install -Dm644 config.yaml "$pkgdir/etc/gnix.yaml"
+ install -Dm644 sysusers.conf "$pkgdir/usr/lib/sysusers.d/gnix.conf"
+ install -Dm644 gnix.service "$pkgdir/usr/lib/systemd/system/gnix.service"
+ install -Dm644 gnix/COPYING "$pkgdir/usr/share/licenses/gnix/COPYING"
+}
diff --git a/gnix/config.yaml b/gnix/config.yaml
new file mode 100644
index 0000000..85dc121
--- /dev/null
+++ b/gnix/config.yaml
@@ -0,0 +1,7 @@
+http:
+ bind: "0.0.0.0:80"
+
+handler: !hosts
+ "example.org": !files
+ root: "/srv/http"
+ index: true
diff --git a/gnix/gnix.service b/gnix/gnix.service
new file mode 100644
index 0000000..95593f5
--- /dev/null
+++ b/gnix/gnix.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=gnix http reverse proxy
+After=network.target
+Wants=network-online.target
+
+[Service]
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ExecStart=/usr/bin/gnix /etc/gnix.yaml
+User=gnix
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=true
+PrivateTmp=true
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=true
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK
+RestrictNamespaces=yes
+RestrictSUIDSGID=yes
+RestrictRealtime=yes
+Restart=always
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+Type=simple
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gnix/sysusers.conf b/gnix/sysusers.conf
new file mode 100644
index 0000000..f452f5d
--- /dev/null
+++ b/gnix/sysusers.conf
@@ -0,0 +1 @@
+u gnix - "gnix http reverse proxy" - -
generated by cgit v1.2.3-70-g09d2 (git 2.51.0) at 2025-10-08 02:25:55 +0000