From 4252bbda0d9566db601ed68aedd7793897db2301 Mon Sep 17 00:00:00 2001 From: TheK0tYaRa Date: Tue, 24 Feb 2026 13:52:33 +0300 Subject: [PATCH] added service and user/group --- .gear/livekit.service | 50 ++++++++++++++++++++++++++++++++++++++++++ .gear/livekit.sysusers | 2 ++ .gear/rules | 2 ++ livekit.spec | 33 +++++++++++----------------- 4 files changed, 67 insertions(+), 20 deletions(-) create mode 100644 .gear/livekit.service create mode 100644 .gear/livekit.sysusers diff --git a/.gear/livekit.service b/.gear/livekit.service new file mode 100644 index 0000000..c2bfb03 --- /dev/null +++ b/.gear/livekit.service @@ -0,0 +1,50 @@ +[Unit] +Description=LiveKit Server (WebRTC SFU) +Documentation=https://docs.livekit.io/ +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple + +Environment="LIVEKIT_CONFIG=/etc/livekit/livekit.yaml" + +#ExecStartPre=/usr/bin/test -r ${LIVEKIT_CONFIG_FILE} +ExecStart=/usr/bin/livekit-server + +User=livekit +Group=livekit +UMask=0077 +WorkingDirectory=/var/lib/livekit + +Restart=on-failure +RestartSec=2s +TimeoutStopSec=20s +KillMode=mixed + +StateDirectory=livekit +RuntimeDirectory=livekit +LogsDirectory=livekit + +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectClock=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RemoveIPC=yes +DevicePolicy=closed +KeyringMode=private +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/.gear/livekit.sysusers b/.gear/livekit.sysusers new file mode 100644 index 0000000..7281f33 --- /dev/null +++ b/.gear/livekit.sysusers @@ -0,0 +1,2 @@ +g livekit - - +u livekit - "LiveKit Server" /var/lib/livekit - diff --git a/.gear/rules b/.gear/rules index 951ddff..974b0a8 100644 --- a/.gear/rules +++ b/.gear/rules @@ -1,2 +1,4 @@ tar: @name@ name=@name@-@version@ tar: .gear/predownloaded-development name=@name@-development-@version@ base= +copy: livekit.service +copy: livekit.sysusers diff --git a/livekit.spec b/livekit.spec index 2c580a4..1570f93 100644 --- a/livekit.spec +++ b/livekit.spec @@ -4,53 +4,46 @@ Release: alt1 Summary: LiveKit WebRTC SFU media server License: Apache-2.0 Group: System/Servers + Url: https://github.com/livekit/livekit +VCS: https://github.com/livekit/livekit #https://github.com/livekit/livekit/archive/refs/tags/v%{version}.tar.gz Source: %name-%version.tar - -# Vendored Go module deps (must contain ./vendor + vendor/modules.txt) -# Create once per version (outside hasher): -# tarball=v%{version} -# curl -L -o livekit-%{version}.tar.gz https://github.com/livekit/livekit/archive/refs/tags/${tarball}.tar.gz -# tar -xf livekit-%{version}.tar.gz -# cd livekit-%{version} -# GOTOOLCHAIN=local go mod vendor -# tar -cJf livekit-server-vendor-%{version}.tar.xz vendor Source1: %name-development-%version.tar +Source2: %name.service +Source3: %name.sysusers BuildRequires: golang >= 1.24 %description LiveKit is an open-source, scalable multi-user WebRTC SFU (Selective Forwarding Unit). -This package provides the livekit-server daemon. %prep %setup -a1 -#%setup -q -n livekit-%{version} -# unpack vendored deps into the same tree (expects "vendor/" at archive root) -#%setup -q -T -D -a1 %build -# go.mod declares go 1.24.x + toolchain; prevent auto toolchain download #export GOTOOLCHAIN=local #export CGO_ENABLED=0 -# Force offline build from vendor/ export GOFLAGS="-mod=vendor -trimpath" -go build -buildvcs=false -o livekit-server ./cmd/server +go build -buildvcs=false -o %{name} ./cmd/server %install -install -Dpm0755 livekit-server %{buildroot}%{_sbindir}/livekit-server -install -Dpm0644 config-sample.yaml %{buildroot}%{_sysconfdir}/livekit/livekit.yaml +install -Dpm0755 %{name} %{buildroot}%{_sbindir}/%{name} +install -Dpm0644 config-sample.yaml %{buildroot}%{_sysconfdir}/%{name}/%{name}.yaml +install -Dpm0644 %SOURCE2 %{buildroot}%{_unitdir}/%{name}.service +install -Dpm0644 %SOURCE2 %{buildroot}%{_sysusersdir}/%{name}.conf %files #%license LICENSE #%license NOTICE %doc README.md CHANGELOG.md NOTICE LICENSE -%{_sbindir}/livekit-server -%config(noreplace) %{_sysconfdir}/livekit/livekit.yaml +%{_sbindir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/%{name}.yaml +%{_unitdir}/%{name}.service +%{_sysusersdir}/%{name}.conf %changelog * Tue Feb 24 2026 Romenskiy Arseniy 1.9.11-alt1