diff --git a/Cargo.lock b/Cargo.lock index 6910481..68e6d0e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1064,7 +1064,7 @@ checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" [[package]] name = "zia-client" -version = "0.0.0-git" +version = "0.2.9-helsinki" dependencies = [ "anyhow", "async-http-proxy", diff --git a/zia-client/Cargo.toml b/zia-client/Cargo.toml index 3be16a8..3716240 100644 --- a/zia-client/Cargo.toml +++ b/zia-client/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "zia-client" -version = "0.0.0-git" +version = "0.2.9-helsinki" edition = "2021" authors = ["Marcel "] license = "AGPL-3.0" @@ -25,6 +25,14 @@ anyhow = { version = "1.0", default-features = false } hyper-util = { version = "0.1", features = ["tokio"] } hyper = { version = "1.4", default-features = false } +[package.metadata.deb] +maintainer-scripts = "debian/" +systemd-units = { enable = false } +assets = [ + ["target/release/zia-client", "/usr/bin/zia-client", "755"], + ["debian/default", "/etc/zia-client", "644"] +] + [package.metadata.generate-rpm] assets = [ { source = "../LICENSE", dest = "/usr/share/doc/zia-client/LICENSE", doc = true, mode = "0644" }, diff --git a/zia-client/debian/default b/zia-client/debian/default new file mode 100644 index 0000000..1b1a38f --- /dev/null +++ b/zia-client/debian/default @@ -0,0 +1,8 @@ +# public websocket listener (client -> ZIA_UPSTREAM) +ZIA_LISTEN_ADDR=127.0.0.1:8090 + +# your actual udp service e.g. wireguard listener +#ZIA_UPSTREAM=wss://domain.tld/ws + +ZIA_COUNT=4 +ZIA_WS_MASKING=true diff --git a/zia-client/debian/service b/zia-client/debian/service new file mode 100644 index 0000000..80f51c1 --- /dev/null +++ b/zia-client/debian/service @@ -0,0 +1,37 @@ +[Unit] +Description=Proxy udp over websocket, zia client +After=network.target + +[Service] +Type=simple +Restart=always +ExecStart=/usr/bin/zia-client +EnvironmentFile=/etc/zia-client + +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectControlGroups=true +RestrictSUIDSGID=true +PrivateMounts=true +RemoveIPC=true +UMask=0077 +CapabilityBoundingSet= +NoNewPrivileges=true +ProtectKernelModules=true +SystemCallArchitectures=native +ProtectKernelLogs=true +ProtectClock=true +RestrictAddressFamilies= +PrivateNetwork=false +LockPersonality=true +ProtectHostname=true +RestrictRealtime=true +MemoryDenyWriteExecute=true +PrivateUsers=true +RestrictNamespaces=true + +[Install] +WantedBy=multi-user.target