first commit

xxx/deb/DEBIAN/conffiles

@@ -0,0 +1 @@
+/opt/xxx/app/xxx_app.conf

xxx/deb/DEBIAN/control

@@ -0,0 +1,10 @@
+Package: steffen-xxx
+Version: __VERSION__
+Section: unknown
+Priority: optional
+Architecture: all
+Depends: libmojolicious-perl >= (9.39), libev-perl, libsteffen-mojoplug-authorization-perl, libsteffen-mojoplug-navhelper-perl, libsteffen-mojoplug-syslog-perl, libmojolicious-plugin-openapi-perl, libsteffen-mojoplug-swaggerui-perl
+Installed-Size: __VERSION__
+Maintainer: Steffen Junge <steffen.junge@gmx.de>
+Description: wofuer
+  A HTTP Daemon for the steffen xxx Webservice.

xxx/deb/DEBIAN/postinst

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Startskript aktivieren
+systemctl daemon-reload
+/bin/systemd-sysusers
+/bin/systemd-tmpfiles --create
+systemctl enable --now steffen-xxx.service

xxx/deb/DEBIAN/prerm

@@ -0,0 +1,6 @@
+#!/bin/sh
+# $Id$
+
+# Daemon stoppen und deaktivieren
+systemctl stop steffen-xxx.service || true
+systemctl disable steffen-xxx.service || true

xxx/deb/pbuild.sh

@@ -0,0 +1,52 @@
+#! /bin/sh
+cd "${0%/*}" || exit
+SCRIPTPATH=$(pwd)
+cd ../app || exit
+rc=0
+prove -l -v t/*.t
+rc=$?
+cd "$SCRIPTPATH" || exit
+
+if [ $rc -eq 0 ]  ; then
+    # Jahr in dem das Programm begonnen wurde
+    createyear=mojocreateyear
+    currentyear=$(date +'%Y')
+    major=$((currentyear-createyear))
+    minor=$(date +'%m')
+
+    progpfad="opt/xxx/"
+    apppfad="app/lib/XxxApp.pm"
+    workdir=/tmp/$USER_$(pwd | sed 's/^.*\///')
+    rm -Rf "${workdir:?}/*"
+    mkdir -p "$workdir"
+    # Daten in workdir sysnchronisieren
+    rsync -Ca ./DEBIAN "$workdir/"
+    rsync -Ca ./usr "$workdir/"
+    mkdir -p "$workdir/opt"
+    rsync -Ca ../app "$workdir/$progpfad"
+
+    # Test entfernen
+    rm -r "$workdir/$progpfad/app/t"
+    rm "$workdir/$progpfad/app/test.sh"
+
+    # config aus prod ordner kopieren
+    cp -ar ./prod/* "$workdir/$progpfad/app"
+
+    # Revision holen
+    REV=$(git rev-list --count --all)
+    VER="$major.$minor.$REV"
+
+    # Version in die startup app.pm und control eintragen
+    sed -i "s@__VERSION__@$VER@g" "$workdir/DEBIAN/control"
+    sed -i "s@__VERSION__@$VER@g" "$workdir/$progpfad/$apppfad"
+
+    SIZE=$(du -h -k --max-depth=0 "$workdir"  | cut -d '/' -f1)
+    sed -i "s@__SIZE__@$SIZE@g" "$workdir/DEBIAN/control"
+    echo "Version: $VER, Size: $SIZE"
+
+    chmod -R g-s "$workdir"
+    #  paket erstellen
+    fakeroot dpkg-deb -b "$workdir" ./
+else
+    echo "TESTs failed no package created"
+fi

xxx/deb/prod/xxx_app.conf

@@ -0,0 +1,40 @@
+{
+    # zus_config      => '/etc/mlands/configs/xxx.conf', # um externe konfigs mit Passwörtern zu laden
+
+    htlib           => '/var/local/htlib',
+
+    secret => 'mojoappsecret',
+
+    # dieser Teil wandert in die Datei unter zus_config
+    # DB Pools
+    # db => {
+    #     xxx => {
+    #         dsn         => 'DBI:mysql:test:ares',
+    #         username    => '',
+    #         password    => '',
+    #         verbose     => 0,
+    #     },
+    # },
+
+    hypnotoad   => {
+        listen      => ['http://*:hypnotoadport'],
+        workers     => 4,
+        pid_file    => '/run/xxx.pid',
+        proxy       => 1
+    },
+
+    privileges => {
+        # user => wird bei erfolgreicher Anmeldung den Privs hinzugefügt
+        # admin => 'xxx_admin::xgroups',
+    },
+
+    logging  =>  {
+        level => 'info',
+        facility => 'local7',
+        enable => 1,
+        only_syslog => 1,
+        #access_log => 'v1', #bisher nicht änderbar
+        ident => 'xxx',
+        #color => 1, #erst ab Mojolicious 9.01
+    }
+}

xxx/deb/usr/lib/systemd/system/steffen-xxx.service

@@ -0,0 +1,41 @@
+[Unit]
+Description=steffen Xxx/Rfs Webservice
+After=network.target syslog.socket
+StartLimitBurst=5
+StartLimitIntervalSec=10
+
+[Service]
+Type=forking
+User=steffen-xxx
+Group=webapps
+WorkingDirectory=/opt/xxx/app
+ExecStart=/usr/bin/hypnotoad ./script/XxxApp
+ExecReload=/usr/bin/hypnotoad ./script/XxxApp
+Restart=on-failure
+PIDFile=/run/xxx.pid
+KillMode=process
+
+# Optional hardening to improve security
+ReadWritePaths=/opt/xxx
+NoNewPrivileges=yes
+MemoryDenyWriteExecute=true
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+#ProtectSystem=strict
+ProtectControlGroups=true
+#RestrictSUIDSGID=true
+RestrictRealtime=true
+LockPersonality=true
+#ProtectKernelLogs=true
+ProtectKernelTunables=true
+#ProtectHostname=true
+ProtectKernelModules=true
+PrivateUsers=true
+#ProtectClock=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target

xxx/deb/usr/lib/sysusers.d/steffen-xxx.conf

@@ -0,0 +1,5 @@
+# see https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html
+# Type Name    ID      GECOS                              Home                    Shell
+g webapps      -       -
+u steffen-xxx  -       "steffen Xxx"                        /opt/xxx               -
+m steffen-xxx  webapps

xxx/deb/usr/lib/tmpfiles.d/steffen-xxx.conf

@@ -0,0 +1,3 @@
+# see https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html
+# Type Path                       Mode User           Group          Age    Argument
+Z /opt/xxx                        -    steffen-xxx    steffen-xxx