add: systemd service config

systemd/allow-uinput.rules

@@ -0,0 +1,4 @@
+## configuration for systemd-udev.service, a daemon that manages  permissions of devices nodes
+
+# allow users from uinput group access to kernel uinput facilities
+KERNEL=="uinput", GROUP="uinput", MODE="0660", OPTIONS+="static_node=uinput"

systemd/dpk.service

@@ -0,0 +1,42 @@
+[Unit]
+Description=Drum Pedal Keyboard simple keyboard macros dispatcher
+After=multi-user.target
+
+[Service]
+# Add your device here. Example:
+# Environment="DPK_INPUT_DEVICE=/dev/input/by-id/mouse"
+
+ExecStart=/usr/local/bin/dpk
+RuntimeDirectory=dpk
+SupplementaryGroups=input uinput
+DeviceAllow=char-input r
+DeviceAllow=/dev/uinput rw
+
+SystemCallFilter=@system-service
+ProtectProc=invisible
+DynamicUser=true
+NoNewPrivileges=true
+MemoryDenyWriteExecute=true
+LockPersonality=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+SystemCallFilter=~@mount
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateNetwork=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+SystemCallArchitectures=native
+RestrictAddressFamilies=AF_UNIX AF_NETLINK 
+CapabilityBoundingSet=
+
+
+[Install]
+WantedBy=multi-user.target

systemd/uinput.conf

@@ -0,0 +1,5 @@
+## sysusers.d file - Declarative allocation of system users and groups
+#Type Name    ID   GECOS         Home directory
+
+# Kernel facilities to emulate input devices from userspace access group
+g     uinput  -     -            -