commit 8e9736435e7270b843384be581f9844027d543a6
Author: Alex <caskd@420blaze.it>
Date:   Mon May 18 19:19:59 2020 +0200

    Initial commit

diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..b3b402d
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: Clone darkhttpd
+  git:
+        dest: '{{ darkhttpd.path }}'
+        repo: 'https://git.redxen.eu/RepoMirrors/darkhttpd'
+  tags:
+        - darkhttpd
+        - packages
+- name: Build darkhttpd
+  make:
+        chdir: '{{ darkhttpd.path }}'
+        target: all
+  tags:
+        - darkhttpd
+        - packages
+- name: Copy systemd service file
+  template:
+        follow: yes
+        src: 'darkhttpd.service.j2'
+        dest: '/etc/systemd/system/darkhttpd.service'
+  notify: Run service actions
+  tags:
+        - darkhttpd
+        - systemd
diff --git a/templates/darkhttpd.service.j2 b/templates/darkhttpd.service.j2
new file mode 100644
index 0000000..37b5c28
--- /dev/null
+++ b/templates/darkhttpd.service.j2
@@ -0,0 +1,29 @@
+[Unit]
+Description=DarkHTTP Daemon
+After=network.target
+
+[Service]
+ExecStart=/darkhttpd /data --port {{ darkhttpd.port }} --addr {{ ansible_ens10.ipv4.address }}
+Restart=always
+DynamicUser=true
+ProtectSystem=strict
+TemporaryFileSystem=/:ro
+BindReadOnlyPaths=/usr /lib /lib64 {{ darkhttpd.servepath }}:/data
+RootDirectory={{ darkhttpd.path }}
+ProtectSystem=strict
+PrivateUsers=true
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+PrivateTmp=yes
+PrivateDevices=yes
+
+[Install]
+WantedBy=multi-user.target