From db3076e34cc9c516e6ca8380d3bac4ad831df43d Mon Sep 17 00:00:00 2001
From: rrr-marble <rrr@marble.lan>
Date: Sun, 17 Oct 2021 01:00:48 +0300
Subject: [PATCH] add: systemd service config

---
 systemd/allow-uinput.rules |  4 ++++
 systemd/dpk.service        | 42 ++++++++++++++++++++++++++++++++++++++
 systemd/uinput.conf        |  5 +++++
 3 files changed, 51 insertions(+)
 create mode 100644 systemd/allow-uinput.rules
 create mode 100644 systemd/dpk.service
 create mode 100644 systemd/uinput.conf

diff --git a/systemd/allow-uinput.rules b/systemd/allow-uinput.rules
new file mode 100644
index 0000000..dd28170
--- /dev/null
+++ b/systemd/allow-uinput.rules
@@ -0,0 +1,4 @@
+## configuration for systemd-udev.service, a daemon that manages  permissions of devices nodes
+
+# allow users from uinput group access to kernel uinput facilities
+KERNEL=="uinput", GROUP="uinput", MODE="0660", OPTIONS+="static_node=uinput"
diff --git a/systemd/dpk.service b/systemd/dpk.service
new file mode 100644
index 0000000..176d34e
--- /dev/null
+++ b/systemd/dpk.service
@@ -0,0 +1,42 @@
+[Unit]
+Description=Drum Pedal Keyboard simple keyboard macros dispatcher
+After=multi-user.target
+
+[Service]
+# Add your device here. Example:
+# Environment="DPK_INPUT_DEVICE=/dev/input/by-id/mouse"
+
+ExecStart=/usr/local/bin/dpk
+RuntimeDirectory=dpk
+SupplementaryGroups=input uinput
+DeviceAllow=char-input r
+DeviceAllow=/dev/uinput rw
+
+SystemCallFilter=@system-service
+ProtectProc=invisible
+DynamicUser=true
+NoNewPrivileges=true
+MemoryDenyWriteExecute=true
+LockPersonality=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+SystemCallFilter=~@mount
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateNetwork=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+SystemCallArchitectures=native
+RestrictAddressFamilies=AF_UNIX AF_NETLINK 
+CapabilityBoundingSet=
+
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/systemd/uinput.conf b/systemd/uinput.conf
new file mode 100644
index 0000000..eb396a3
--- /dev/null
+++ b/systemd/uinput.conf
@@ -0,0 +1,5 @@
+## sysusers.d file - Declarative allocation of system users and groups
+#Type Name    ID   GECOS         Home directory
+
+# Kernel facilities to emulate input devices from userspace access group
+g     uinput  -     -            -
\ No newline at end of file