Initial commit

2020-05-18 19:19:59 +02:00 · 2020-05-18 19:19:59 +02:00 · 8e9736435e
commit 8e9736435e
2 changed files with 52 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,23 @@
+- name: Clone darkhttpd
+  git:
+        dest: '{{ darkhttpd.path }}'
+        repo: 'https://git.redxen.eu/RepoMirrors/darkhttpd'
+  tags:
+        - darkhttpd
+        - packages
+- name: Build darkhttpd
+  make:
+        chdir: '{{ darkhttpd.path }}'
+        target: all
+  tags:
+        - darkhttpd
+        - packages
+- name: Copy systemd service file
+  template:
+        follow: yes
+        src: 'darkhttpd.service.j2'
+        dest: '/etc/systemd/system/darkhttpd.service'
+  notify: Run service actions
+  tags:
+        - darkhttpd
+        - systemd
--- a/templates/darkhttpd.service.j2
+++ b/templates/darkhttpd.service.j2
@ -0,0 +1,29 @@
+[Unit]
+Description=DarkHTTP Daemon
+After=network.target
+
+[Service]
+ExecStart=/darkhttpd /data --port {{ darkhttpd.port }} --addr {{ ansible_ens10.ipv4.address }}
+Restart=always
+DynamicUser=true
+ProtectSystem=strict
+TemporaryFileSystem=/:ro
+BindReadOnlyPaths=/usr /lib /lib64 {{ darkhttpd.servepath }}:/data
+RootDirectory={{ darkhttpd.path }}
+ProtectSystem=strict
+PrivateUsers=true
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+PrivateTmp=yes
+PrivateDevices=yes
+
+[Install]
+WantedBy=multi-user.target