[net-vpn/cloudflared] Version bump to 2021.4.0

Signed-off-by: Chen, Chih-Chia <pigfoot@gmail.com>

7 files changed, 151 insertions, 0 deletions

diff --git a/net-vpn/cloudflared/Manifest b/net-vpn/cloudflared/Manifest
new file mode 100644
index 0000000..d3bf2db
--- /dev/null
+++ b/net-vpn/cloudflared/Manifest
@@ -0,0 +1 @@
+DIST cloudflared-2021.4.0.tar.gz 7471792 BLAKE2B 79272928f3bd13082e609f5cade0d9e56edbccad1d7b81fc48474b1f366339ba4fff45941a88d632997920208081957290ce461cca6440bacba46efcc16fad4f SHA512 d39147af96b9f3a96a22a40e8a654c967131402e3843709469625e79398481cd5faf27f1da323d1c778a338aa62abb3a864aa95cad291859f35ba03e6160b33f
diff --git a/net-vpn/cloudflared/cloudflared-2021.4.0.ebuild b/net-vpn/cloudflared/cloudflared-2021.4.0.ebuild
new file mode 100644
index 0000000..b8a283b
--- /dev/null
+++ b/net-vpn/cloudflared/cloudflared-2021.4.0.ebuild
@@ -0,0 +1,49 @@
+# Copyright 2019-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit go-module systemd
+
+EGO_PN="github.com/cloudflare/${PN}"
+
+EGO_SUM=(
+)
+
+go-module_set_globals
+
+DESCRIPTION="Argo Tunnel client, written in GoLang"
+SRC_URI="https://${EGO_PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI+="${EGO_SUM_SRC_URI}"
+RESTRICT="mirror"
+
+LICENSE="Cloudflare"
+SLOT="0/${PVR}"
+KEYWORDS="~amd64 ~x86 ~arm"
+IUSE="+pie"
+
+src_compile() {
+	# -buildmode=pie forces external linking mode, even CGO_ENABLED=0
+	# https://github.com/golang/go/issues/18968
+	use pie && local build_pie="-buildmode=pie"
+
+	local build_flags="$( echo ${EGO_BUILD_FLAGS} ) $( echo ${build_pie} )"
+
+	set -- env \
+		GOCACHE="${T}/go-cache" \
+		CGO_ENABLED=0 \
+		go build -o "bin/${PN}" -mod=vendor -v -work -x ${build_flags} \
+			-ldflags "-X \"main.Version=${PV}\" -X \"main.BuildTime=$(date -u '+%Y-%m-%d-%H%M UTC')\"" \
+			${EGO_PN}/cmd/${PN}
+	echo "$@"
+	"$@" || die
+}
+
+src_install() {
+	dobin bin/${PN}
+	insinto /etc/cloudflared
+	doins "${FILESDIR}"/config.yml
+	newinitd "${FILESDIR}"/cloudflared.initd cloudflared
+	newconfd "${FILESDIR}"/cloudflared.confd cloudflared
+	systemd_dounit "${FILESDIR}"/cloudflared.service
+}
diff --git a/net-vpn/cloudflared/files/cloudflared.confd b/net-vpn/cloudflared/files/cloudflared.confd
new file mode 100644
index 0000000..d837906
--- /dev/null
+++ b/net-vpn/cloudflared/files/cloudflared.confd
@@ -0,0 +1,4 @@
+# Config file for /etc/init.d/cloudflared
+
+# extra options (run cloudflared -h for a list of supported options)
+CLOUDFLARED_OPTS="--config /etc/cloudflared/config.yml"
diff --git a/net-vpn/cloudflared/files/cloudflared.initd b/net-vpn/cloudflared/files/cloudflared.initd
new file mode 100644
index 0000000..b778201
--- /dev/null
+++ b/net-vpn/cloudflared/files/cloudflared.initd
@@ -0,0 +1,15 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/bin/cloudflared"
+command_args="${CLOUDFLARED_OPTS} --no-autoupdate"
+command_background="yes"
+command_user="${USER:-cloudflared}:${GROUP:-cloudflared}"
+description="Argo Tunnel client"
+name="Argo Tunnel client"
+pidfile="/run/${RC_SVCNAME}.pid"
+
+depend() {
+	need net
+}
diff --git a/net-vpn/cloudflared/files/cloudflared.service b/net-vpn/cloudflared/files/cloudflared.service
new file mode 100644
index 0000000..08dc895
--- /dev/null
+++ b/net-vpn/cloudflared/files/cloudflared.service
@@ -0,0 +1,56 @@
+[Unit]
+Description=Argo Tunnel client daemon for Cloudflared
+After=network.target
+Wants=network.target
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/cloudflared --config /etc/cloudflared/config.yml --no-autoupdate
+User=cloudflared
+Group=cloudflared
+Restart=on-failure
+RestartSec=5s
+TimeoutStartSec=0
+
+# Allow cloudflared access to logfile
+ReadWritePaths=/var/log/cloudflared.log
+
+# Allow cloudflared to bind ports in the range of 0-1024 and restrict it to
+# that capability
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# If cloudflared is run at ports >1024, you should apply these options via a
+# drop-in file
+#CapabilityBoundingSet=
+#AmbientCapabilities=
+#PrivateUsers=yes
+
+NoNewPrivileges=true
+LimitNOFILE=1048576
+UMask=0077
+
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+SystemCallArchitectures=native
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-vpn/cloudflared/files/config.yml b/net-vpn/cloudflared/files/config.yml
new file mode 100644
index 0000000..530151f
--- /dev/null
+++ b/net-vpn/cloudflared/files/config.yml
@@ -0,0 +1,8 @@
+---
+logfile: /var/log/cloudflared.log
+proxy-dns: true
+proxy-dns-address: 127.0.0.1
+proxy-dns-port: 5300
+proxy-dns-upstream:
+    - https://1.1.1.1/dns-query
+    - https://1.0.0.1/dns-query
diff --git a/net-vpn/cloudflared/metadata.xml b/net-vpn/cloudflared/metadata.xml
new file mode 100644
index 0000000..9f56e87
--- /dev/null
+++ b/net-vpn/cloudflared/metadata.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>pigfoot@gmail.com</email>
+		<name>Chen, Chih-Chia</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">cloudflare/cloudflared</remote-id>
+		<bugs-to>https://github.com/cloudflare/cloudflared/issues</bugs-to>
+		<doc>https://developers.cloudflare.com/argo-tunnel/</doc>
+	</upstream>
+	<longdescription lang="en">
+		Contains the command-line client and its libraries for
+		Argo Tunnel, a tunneling daemon that proxies any local
+		webserver through the Cloudflare network.
+	</longdescription>
+</pkgmetadata>