diff --git a/Makefile b/Makefile index d4b50f0..5988ef1 100755 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ SYSDDIR:=${SYSDDIR_:/%=%} DESTDIR:= PREFIX:=/usr/local -VERSION=23.21.0 +VERSION=23.24.0 FLAGS:=-modcacherw -trimpath LDFLAGS:= -ldflags "-s -w -X main.version=${VERSION}" -tags osusergo,netgo @@ -32,7 +32,8 @@ install: install -Dm 0644 configs/radio.vars.liq ${DESTDIR}/etc/dwelling/radio.vars.liq install -Dm 0644 configs/logrotate ${DESTDIR}/etc/logrotate.d/${TARGET} - install -Dm 0644 init/systemd.service ${DESTDIR}/${SYSDDIR}/${TARGET}.service + install -Dm 0644 init/radio.service ${DESTDIR}/${SYSDDIR}/${TARGET}.service + install -Dm 0644 init/liquidsoap.service ${DESTDIR}/${SYSDDIR}/${TARGET}-liquidsoap.service uninstall: rm ${DESTDIR}${PREFIX}/bin/${TARGET} diff --git a/build/archlinux/PKGBUILD b/build/archlinux/PKGBUILD index f0ca257..612f427 100644 --- a/build/archlinux/PKGBUILD +++ b/build/archlinux/PKGBUILD @@ -1,6 +1,6 @@ # Maintainer: Alexander "Arav" Andreev pkgname=dwelling-radio -pkgver=23.21.0 +pkgver=23.24.0 pkgrel=1 pkgdesc="Arav's dwelling / Radio" arch=('i686' 'x86_64' 'arm' 'armv6h' 'armv7h' 'aarch64') diff --git a/init/liquidsoap.service b/init/liquidsoap.service new file mode 100644 index 0000000..e18b08f --- /dev/null +++ b/init/liquidsoap.service @@ -0,0 +1,38 @@ +[Unit] +Description=Arav's dwelling / Radio / Liquidsoap +Requires=icecast.service +After=network-online.target icecast.service + +[Service] +Type=simple +Restart=on-failure +User=dwelling-radio +DynamicUser=yes +ExecStart=/opt/opam/4.14.0/bin/liquidsoap /etc/dwelling/radio.liq + +ReadOnlyPaths=/ + +LogsDirectory=dwelling-radio + +AmbientCapabilities= +CapabilityBoundingSet= + +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/init/systemd.service b/init/radio.service similarity index 87% rename from init/systemd.service rename to init/radio.service index 1759142..d7a546d 100755 --- a/init/systemd.service +++ b/init/radio.service @@ -7,12 +7,11 @@ After=network-online.target icecast.service Type=simple Restart=on-failure DynamicUser=yes -ExecStart=/usr/bin/dwelling-radio -conf /etc/dwelling/radio.yaml +ExecStart=/usr/bin/dwelling-radio -no-liquidsoap -conf /etc/dwelling/radio.yaml ReadOnlyPaths=/ LogsDirectory=dwelling-radio -RuntimeDirectory=dwelling-radio AmbientCapabilities= CapabilityBoundingSet=