Merge branch 'pr-systemd-service' into 'master'

add buffyboard systemd service See merge request postmarketOS/buffybox!34

Merge branch 'pr-systemd-service' into 'master'
25aa94b5 · Johannes Marbach · 634af596 · edf612ad · 25aa94b5 · 25aa94b5
Commit 25aa94b5 authored 5 months ago by Johannes Marbach
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ If a change only affects particular applications, they are listed in parentheses
 - fix: Prevent logging internal LVGL errors to stdout
 - misc: Make scdoc a native dependency to enable cross-compilation (!30, thanks @uninsane)
 - fix: Use usleep to release CPU when possible (!31, thanks @uninsane)
+- feat(buffyboard): Add a buffyboard.service systemd service (!34, @uninsane)

 ## 3.2.0 (2024-06-03)


--- a/buffyboard/buffyboard.service.in
+++ b/buffyboard/buffyboard.service.in
+[Unit]
+Documentation=https://gitlab.postmarketos.org/postmarketOS/buffybox
+
+[Service]
+ExecStart=@bindir@/buffyboard
+Restart=on-failure
+
+# Allow access to input devices, framebuffer, tty
+DevicePolicy=closed
+DeviceAllow=/dev/uinput rw
+DeviceAllow=char-fb rw
+DeviceAllow=char-input rw
+DeviceAllow=char-tty rw
+# udev requires some limited networking
+RestrictAddressFamilies=AF_NETLINK
+
+# Hardening
+CapabilityBoundingSet=
+NoNewPrivileges=true
+RestrictSUIDSGID=true
+PrivateMounts=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RemoveIPC=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+SystemCallFilter=~@resources
--- a/buffyboard/meson.build
+++ b/buffyboard/meson.build
@@ -24,3 +24,20 @@ executable('buffyboard',

 install_data('buffyboard.conf', install_dir: get_option('sysconfdir'))

+systemd = dependency('systemd', required: get_option('systemd-buffyboard-service'))
+if systemd.found()
+    system_unit_dir = systemd.get_variable(
+        pkgconfig: 'systemd_system_unit_dir',
+        pkgconfig_define: ['prefix', get_option('prefix')],
+    )
+
+    configure_file(
+      input : 'buffyboard.service.in',
+      output : 'buffyboard.service',
+      install : true,
+      install_dir : system_unit_dir,
+      configuration : {
+        'bindir' : get_option('prefix') / get_option('bindir'),
+      },
+    )
+endif
--- a/meson_options.txt
+++ b/meson_options.txt
 option('with-drm', type: 'feature', value: 'auto', description: 'Enable DRM backend')
 option('man', type: 'boolean', value: true, description: 'Install manual pages')
+option('systemd-buffyboard-service', type: 'feature', value: 'auto', description: 'Install systemd service file for buffyboard')