Import matterbridge.service from Arch Linux community repository

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

2 files changed, 49 insertions, 6 deletions

diff --git a/Makefile b/Makefile
index 5c4a734..c859205 100644
--- a/Makefile
+++ b/Makefile
@@ -1,11 +1,18 @@
-.PHONY: all matterbridge
+.PHONY: all matterbridge.tar.xz
 
-all: matterbridge
+all: matterbridge.tar.xz
 
-matterbridge:
-	guix pack \
+matterbridge.tar.xz:
+	rm -f $@
+	cp `guix pack \
 		-L ./ \
-		--compression=xz \
 		--save-provenance -RR \
+		--compression=xz \
 		matterbridge \
-		--symlink=/usr/bin/matterbridge=bin/matterbridge \
+		--symlink=/usr/bin/matterbridge=bin/matterbridge` $@
+	unxz $@
+	chmod +x matterbridge.tar
+	tar -rf matterbridge.tar \
+		matterbridge.service \
+		--transform="s/^\.\//.\/etc\/systemd\/system\//"
+	xz -9e -T 2 --verbose matterbridge.tar
diff --git a/matterbridge.service b/matterbridge.service
new file mode 100644
index 0000000..51d6365
--- /dev/null
+++ b/matterbridge.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=Multi-protocols bridge for online communications
+After=network.target
+
+[Service]
+User=matterbridge
+DynamicUser=yes
+ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge.toml
+Type=simple
+CapabilityBoundingSet=
+AmbientCapabilities=
+NoNewPrivileges=true
+#SecureBits=
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+PrivateNetwork=false
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+MemoryDenyWriteExecute=true
+LockPersonality=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallFilter=@system-service
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target