Verified Commit d851bfba authored by David Runge's avatar David Runge
Browse files

Merge branch 'issues/16'

* issues/16:
  Set project version to 0.2.1
  Add documentation for systemd and sysusers.d integration
  Add example for systemd integration
  Add example for sysusers.d integration
  Set default sync dir to /var/lib/arch-release-sync
parents 270fda4e 64f59ed2
Pipeline #11062 passed with stages
in 1 minute and 13 seconds
...@@ -293,6 +293,16 @@ synchronization action), it is possible to write a Unix timestamp to a file ...@@ -293,6 +293,16 @@ synchronization action), it is possible to write a Unix timestamp to a file
that is configurable globally or per project (the directory in which the file that is configurable globally or per project (the directory in which the file
resides in has to exist). resides in has to exist).
System integration
------------------
For systemd based systems there are example systemd system service and timer
files that are provided in `examples/systemd/ <examples/systemd/>`_.
The provided service file relies on the user ``arch-release-sync`` which may be
created using the `sysusers.d
<https://man.archlinux.org/man/core/systemd/sysusers.d.5.en>`_ integration
provided in `examples/sysusers.d/ <examples/sysusers.d/>`_.
License License
======= =======
......
...@@ -20,7 +20,7 @@ PROJECTS_CONFIGS = [ ...@@ -20,7 +20,7 @@ PROJECTS_CONFIGS = [
Path(f"{xdg_config_home}/arch-release-promotion/projects.toml"), Path(f"{xdg_config_home}/arch-release-promotion/projects.toml"),
] ]
PROJECTS_SYNC_DIR = Path("/var/lib/arch-release-promotion/") PROJECTS_SYNC_DIR = Path("/var/lib/arch-release-sync/")
PROJECTS_SYNC_BACKLOG = 3 PROJECTS_SYNC_BACKLOG = 3
......
[Unit]
Description=Synchronize promoted releases from gitlab.archlinux.org
Documentation=https://gitlab.archlinux.org/archlinux/arch-release-promotion
Wants=network-online.target
After=network-online.target nss-lookup.target
[Service]
CapabilityBoundingSet=
Environment=GPGKEY=1234567890123456789012345678901234567890 PACKAGER="Not Relevant <not@archlinux.org>"
ExecStart=/usr/bin/arch-release-sync
Group=arch-release-sync
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectProc=invisible
ProtectSystem=strict
ReadOnlyPaths=/etc/arch-release-promotion/projects.toml
ReadWritePaths=/var/lib/arch-release-sync/
RemoveIPC=true
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
StateDirectory=arch-release-sync
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
User=arch-release-sync
[Unit]
Description=Synchronize promoted releases from gitlab.archlinux.org hourly
[Timer]
OnCalendar=hourly
Persistent=true
RandomizedDelaySec=10min
[Install]
WantedBy=timers.target
u arch-release-sync - "Arch Release Synchronization User" -
[tool.poetry] [tool.poetry]
name = "arch-release-promotion" name = "arch-release-promotion"
version = "0.2.0" version = "0.2.1"
description = "Promote official Arch Linux releases and synchronize them" description = "Promote official Arch Linux releases and synchronize them"
authors = ["David Runge <dvzrv@archlinux.org>"] authors = ["David Runge <dvzrv@archlinux.org>"]
license = "GPL-3.0-or-later" license = "GPL-3.0-or-later"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment