From c1eca93498b3e90946624819725cb6aa59ab6332 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Sat, 4 Dec 2021 11:18:50 +0100
Subject: [PATCH] Add gluebuddy role
---
roles/gluebuddy/files/gluebuddy.service | 25 +++++++++++++++++++++++++
roles/gluebuddy/files/gluebuddy.timer | 10 ++++++++++
roles/gluebuddy/tasks/main.yml | 7 +++++++
3 files changed, 42 insertions(+)
create mode 100644 roles/gluebuddy/files/gluebuddy.service
create mode 100644 roles/gluebuddy/files/gluebuddy.timer
create mode 100644 roles/gluebuddy/tasks/main.yml
diff --git a/roles/gluebuddy/files/gluebuddy.service b/roles/gluebuddy/files/gluebuddy.service
new file mode 100644
index 000000000..4d95f86bf
--- /dev/null
+++ b/roles/gluebuddy/files/gluebuddy.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=gluebuddy service
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/gluebuddy
+
+DynamicUsers=true
+NoNewPrivileges=yes
+ProtectSystem=full
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+ProtectHostname=true
+RestrictRealtime=true
+CapabilityBoundingSet=
+MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/gluebuddy/files/gluebuddy.timer b/roles/gluebuddy/files/gluebuddy.timer
new file mode 100644
index 000000000..dca439fb4
--- /dev/null
+++ b/roles/gluebuddy/files/gluebuddy.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=gluebuddy timer
+
+[Timer]
+OnUnitActiveSec=10min
+OnBootSec=5min
+RandomizedDelaySec=1min
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/gluebuddy/tasks/main.yml b/roles/gluebuddy/tasks/main.yml
new file mode 100644
index 000000000..31f9ec3d6
--- /dev/null
+++ b/roles/gluebuddy/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: install systemd service/timer
+ copy: src={{ item }} dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
+ with_items:
+ - gluebuddy.service
+ - gluebuddy.timer
--
GitLab