From 53e57b9dc642a0d155ea79748fcea890425f32af Mon Sep 17 00:00:00 2001
From: 9pfs <9pfs@amcforum.wiki>
Date: Tue, 16 Jul 2024 16:57:42 -0700
Subject: [PATCH] Add init scripts for systemd user, systemd system, and
 freebsd

---
 init-scripts/freebsd-rc             | 13 ++++++++++
 init-scripts/systemd-system.service | 38 +++++++++++++++++++++++++++++
 init-scripts/systemd-user.service   | 38 +++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+)
 create mode 100644 init-scripts/freebsd-rc
 create mode 100644 init-scripts/systemd-system.service
 create mode 100644 init-scripts/systemd-user.service

diff --git a/init-scripts/freebsd-rc b/init-scripts/freebsd-rc
new file mode 100644
index 0000000..d8bc1f2
--- /dev/null
+++ b/init-scripts/freebsd-rc
@@ -0,0 +1,13 @@
+#!/bin/sh
+. /etc/rc.subr
+name="python_talk"
+start_cmd="${name}_start"
+stop_cmd=":"
+rcvar=python_talk_enable
+load_rc_config $name
+: ${python_talk_enable:=no}
+python_talk_start() {
+	cd /usr/src/python-talk
+	(while true; do python3 server.py --link=37.27.51.34:65048 --no-log --no-cache --cwlgd 2>&1 >> /var/log/python-talk.log; done) &
+}
+run_rc_command "$1"
diff --git a/init-scripts/systemd-system.service b/init-scripts/systemd-system.service
new file mode 100644
index 0000000..a46a698
--- /dev/null
+++ b/init-scripts/systemd-system.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=firepup's python-talk
+
+[Service]
+DynamicUser=yes
+WorkingDirectory=/opt/python-talk
+ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
+Restart=always
+RestartSec=5
+NoNewPrivileges=true
+RestrictSUIDSGID=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectProc=ptraceable
+ProcSubset=pid
+PrivateTmp=true
+CapabilityBoundingSet=
+PrivateDevices=true
+ProtectClock=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+SystemCallArchitectures=native
+# python.
+MemoryDenyWriteExecute=false
+RestrictNamespaces=true
+ProtectHostname=true
+LockPersonality=true
+ProtectKernelTunables=true
+RestrictAddressFamilies=AF_INET
+RestrictRealtime=true
+PrivateUsers=true
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target
diff --git a/init-scripts/systemd-user.service b/init-scripts/systemd-user.service
new file mode 100644
index 0000000..a46a698
--- /dev/null
+++ b/init-scripts/systemd-user.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=firepup's python-talk
+
+[Service]
+DynamicUser=yes
+WorkingDirectory=/opt/python-talk
+ExecStart=/usr/bin/python3 server.py --link=37.27.51.34:65048 --no-logs --no-cache --cwlgd
+Restart=always
+RestartSec=5
+NoNewPrivileges=true
+RestrictSUIDSGID=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectProc=ptraceable
+ProcSubset=pid
+PrivateTmp=true
+CapabilityBoundingSet=
+PrivateDevices=true
+ProtectClock=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+SystemCallArchitectures=native
+# python.
+MemoryDenyWriteExecute=false
+RestrictNamespaces=true
+ProtectHostname=true
+LockPersonality=true
+ProtectKernelTunables=true
+RestrictAddressFamilies=AF_INET
+RestrictRealtime=true
+PrivateUsers=true
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target