Enable aurweb-usermaint timer

According to 'doc/maintenance.txt' the usermaint service needs to be
every 2 hours. To remove the last login IP address of all users that did
not login for 7 days.

Closes: #106

roles/aurweb/tasks/main.yml

@@ -263,6 +263,8 @@
       - aurweb-popupdate.timer
       - aurweb-tuvotereminder.service
       - aurweb-tuvotereminder.timer
+      - aurweb-usermaint.service
+      - aurweb-usermaint.timer
 
 - name: start and enable AUR systemd services and timers
   service: name={{ item }} enabled=yes state=started
@@ -274,6 +276,7 @@
        - aurweb-pkgmaint.timer
        - aurweb-popupdate.timer
        - aurweb-tuvotereminder.timer
+       - aurweb-usermaint.timer
 
 - name: configure sshd
   template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'

roles/aurweb/templates/aurweb-usermaint.service.j2

+[Unit]
+Description=Remove last login IP address of users who did not login since 7 days in aurweb
+Requires=mysqld.service
+After=mysqld.service
+
+[Service]
+Type=oneshot
+User={{ aurweb_user }}
+ExecStart=/usr/local/bin/aurweb-usermaint
+
+NoNewPrivileges=true
+LockPersonality=true
+CapabilityBoundingSet=
+
+PrivateDevices=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+
+MemoryDenyWriteExecute=true
+RemoveIPC=true
+RestrictRealtime=true
+RestrictNamespaces=true
+RestrictSUIDSGID=true
+
+RestrictAddressFamilies=AF_UNIX
+
+ProtectHostname=true
+ProtectControlGroups=true
+ProtectKernelLogs=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectClock=true
+ProtectProc=noaccess
+
+SystemCallArchitectures=native

roles/aurweb/templates/aurweb-usermaint.timer.j2

+[Unit]
+Description=Remove last login IP address of users who did not login since 7 days in aurweb
+
+[Timer]
+OnStartupSec=2h
+OnUnitActiveSec=2h
+RandomizedDelaySec=5min
+
+[Install]
+WantedBy=timers.target