Systemd Unit Files in Deb packages (#1119)

* Adding systemd unit files for DEB packages, closes #1093

examples/systemd/kanidm-unixd-tasks.service

@@ -0,0 +1,31 @@
+# You should not need to edit this file. Instead, use a drop-in file:
+#   systemctl edit kanidm-unixd-tasks.service
+
+[Unit]
+Description=Kanidm Local Tasks
+After=chronyd.service ntpd.service network-online.target kanidm-unixd.service
+
+[Service]
+User=root
+Type=simple
+ExecStart=/usr/local/sbin/kanidm_unixd_tasks
+
+ReadWritePaths=/home /var/run/kanidm-unixd
+
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateNetwork=true
+PrivateTmp=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX
+
+[Install]
+WantedBy=multi-user.target

examples/systemd/kanidm-unixd.service

@@ -0,0 +1,18 @@
+# You should not need to edit this file. Instead, use a drop-in file by running:
+#   systemctl edit kanidm-unixd-tasks.service
+
+[Unit]
+Description=Kanidm Local Client Resolver
+After=chronyd.service ntpd.service network-online.target
+
+[Service]
+DynamicUser=yes
+Type=simple
+ExecStart=/usr/local/sbin/kanidm_unixd
+
+CacheDirectory=kanidm-unixd
+RuntimeDirectory=kanidm-unixd
+UMask=0027
+
+[Install]
+WantedBy=multi-user.target

examples/systemd/kanidmd.service

@@ -0,0 +1,20 @@
+# You should not need to edit this file. Instead, use a drop-in file by running:
+#   systemctl edit kanidm-unixd-tasks.service
+
+[Unit]
+Description=Kanidm, the IDM for rustaceans
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+ExecStart=/usr/local/sbin/kanidmd server --config=/etc/kanidm/server.toml
+Restart=on-failure
+RestartSec=15s
+WorkingDirectory=/var/lib/kanidm
+DynamicUser=yes
+StateDirectory=kanidm
+
+[Install]
+WantedBy=multi-user.target

platform/debian/kanidm-unixd/rules

@@ -12,7 +12,7 @@ BINDIR=${PKGDIR}/usr/sbin/
 SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
 
 %:
-	dh $@
+	dh $@ --with systemd
 
 override_dh_auto_clean:
 
@@ -25,6 +25,25 @@ override_dh_auto_test:
 override_dh_shlibdeps:
 override_dh_strip:
 
+# Do the systemd things
+override_dh_installinit:
+	install -g root -o root \
+		examples/systemd/${PACKAGE}.service \
+		debian/
+	dh_systemd_enable -p${PACKAGE} --name=${PACKAGE} ${PACKAGE}.service
+	dh_installinit -p${PACKAGE} --no-start --noscripts
+	dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade
+
+	install -g root -o root \
+		examples/systemd/${PACKAGE}-tasks.service \
+		debian/
+	dh_systemd_enable -p${PACKAGE} --name=${PACKAGE}-tasks ${PACKAGE}-tasks.service
+	dh_installinit -p${PACKAGE} --no-start --noscripts
+	dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade
+
+override_dh_systemd_start:
+	echo "Not running dh_systemd_start"
+
 override_dh_auto_install:
 	mkdir -p ${BINDIR}
 	install \

platform/debian/kanidmd/rules

@@ -14,7 +14,7 @@ BINDIR=${PKGDIR}/usr/sbin/
 SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE}
 
 %:
-	dh $@
+	dh $@ --with systemd
 
 override_dh_auto_clean:
 # cargo clean
@@ -31,6 +31,19 @@ override_dh_auto_test:
 override_dh_shlibdeps:
 override_dh_strip:
 
+
+# Do the systemd things
+override_dh_installinit:
+	install -g root -o root \
+		examples/systemd/${PACKAGE}.service \
+		debian/
+	dh_systemd_enable -p${PACKAGE} --name=${PACKAGE} ${PACKAGE}.service
+	dh_installinit -p${PACKAGE} --no-start --noscripts
+	dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade
+
+override_dh_systemd_start:
+	echo "Not running dh_systemd_start"
+
 override_dh_auto_install:
 	mkdir -p ${BINDIR}
 	install \