feat(packaging): add goreleaser recipe

misc/packaging/common/postinstall-rebound.sh

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+use_systemctl="True"
+systemd_version=0
+if ! command -V systemctl >/dev/null 2>&1; then
+  use_systemctl="False"
+else
+  systemd_version=$(systemctl --version | head -1 | cut -d ' ' -f 2)
+fi
+
+service_name=rebound
+
+cleanup() {
+  if [ "${use_systemctl}" = "False" ]; then
+    rm -f /usr/lib/systemd/system/${service_name}.service
+  else
+    rm -f /etc/chkconfig/${service_name}
+    rm -f /etc/init.d/${service_name}
+  fi
+}
+
+cleanInstall() {
+  printf "\033[32m Post Install of an clean install\033[0m\n"
+  if [ "${use_systemctl}" = "False" ]; then
+    if command -V chkconfig >/dev/null 2>&1; then
+      chkconfig --add ${service_name}
+    fi
+
+    service ${service_name} restart || :
+  else
+    if [[ "${systemd_version}" -lt 231 ]]; then
+      printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
+      sed -i "s/=+/=/g" /usr/lib/systemd/system/${service_name}.service
+    fi
+    printf "\033[32m Reload the service unit from disk\033[0m\n"
+    systemctl daemon-reload || :
+    printf "\033[32m Unmask the service\033[0m\n"
+    systemctl unmask ${service_name} || :
+    printf "\033[32m Set the preset flag for the service unit\033[0m\n"
+    systemctl preset ${service_name} || :
+    printf "\033[32m Set the enabled flag for the service unit\033[0m\n"
+    systemctl enable ${service_name} || :
+    systemctl restart ${service_name} || :
+  fi
+}
+
+upgrade() {
+  printf "\033[32m Post Install of an upgrade\033[0m\n"
+  systemctl daemon-reload || :
+  systemctl restart ${service_name} || :
+}
+
+# Step 2, check if this is a clean install or an upgrade
+action="$1"
+if [ "$1" = "configure" ] && [ -z "$2" ]; then
+  action="install"
+elif [ "$1" = "configure" ] && [ -n "$2" ]; then
+  action="upgrade"
+fi
+
+case "$action" in
+"1" | "install")
+  cleanInstall
+  ;;
+"2" | "upgrade")
+  printf "\033[32m Post Install of an upgrade\033[0m\n"
+  upgrade
+  ;;
+*)
+  printf "\033[32m Alpine\033[0m"
+  cleanInstall
+  ;;
+esac
+
+cleanup

misc/packaging/openrc/rebound.conf

@@ -0,0 +1,6 @@
+export REBOUND_ADDRESS=:2222
+export REBOUND_HTTP_CUSTOM_DIR=/etc/rebound/custom
+export REBOUND_SSH_PUBLIC_HOST=rebound
+export REBOUND_SSH_PUBLIC_PORT=2222
+export REBOUND_SSH_SOCK_DIR=/var/lib/rebound/socks
+export REBOUND_SSH_HOST_KEY=/etc/rebound/host.key

misc/packaging/openrc/rebound.openrc.sh

@@ -0,0 +1,11 @@
+#!/sbin/openrc-run
+  
+command="/usr/bin/rebound"
+command_args=""
+supervisor=supervise-daemon
+output_log="/var/log/rebound.log"
+error_log="$output_log"
+
+depend() {
+    need net
+}

misc/packaging/systemd/rebound.env

@@ -0,0 +1,6 @@
+REBOUND_ADDRESS=:8080
+REBOUND_HTTP_CUSTOM_DIR=/var/lib/rebound/custom
+REBOUND_SSH_PUBLIC_HOST=rebound
+REBOUND_SSH_PUBLIC_PORT=8080
+REBOUND_SSH_SOCK_DIR=/var/lib/rebound/socks
+REBOUND_SSH_HOST_KEY=/var/lib/rebound/host.key

misc/packaging/systemd/rebound.systemd.service

@@ -0,0 +1,35 @@
+[Unit]
+Description=rebound service
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+EnvironmentFile=/etc/rebound/environ
+ExecStart=/usr/bin/rebound
+EnvironmentFile=/etc/rebound/environ
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateUsers=yes
+DynamicUser=yes
+StateDirectory=rebound
+DevicePolicy=closed
+ProtectSystem=true
+ProtectHome=read-only
+ProtectKernelLogs=yes
+ProtectProc=invisible
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH  CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_WAKE_ALARM CAP_SYS_TTY_CONFIG 
+
+[Install]
+WantedBy=multi-user.target