deployment: Generate deb and rpm packages (#1458)

2025-08-03 16:59:22 +02:00 · 2020-09-28 13:33:35 -04:00 · 2020-09-28 13:33:35 -04:00 · cef1449458
commit cef1449458
parent 1a9ac2fef5
6 changed files with 130 additions and 0 deletions
--- a/ospkg/conf/config.yaml
+++ b/ospkg/conf/config.yaml
@ -0,0 +1,22 @@
+# Required settings below.  See complete documentation at https://www.pomerium.com/reference/
+
+# To run on :443 set AmbientCapabilities=CAP_NET_BIND_SERVICE
+# in a systemd override
+address: :8443
+
+authenticate_service_url: https://authenticate.localhost.pomerium.io
+certificates:
+  - cert: /etc/pomerium/cert.pem
+    key: /etc/pomerium/key.pem
+shared_secret: XXXXXX
+cookie_secret: YYYYY
+idp_provider: "google"
+idp_client_id: XXXX
+idp_client_secret: YYYY
+idp_service_account: XXXXXX
+
+policy:
+  - from: https://yoursite.localhost.pomerium.io
+    to: https://yoursite.local
+    allowed_users:
+      - user@domain.com
--- a/ospkg/pomerium.service
+++ b/ospkg/pomerium.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Pomerium
+
+[Service]
+ExecStart=/usr/sbin/pomerium -config /etc/pomerium/config.yaml
+User=pomerium
+Group=pomerium
+Environment=AUTOCERT_DIR=/etc/pomerium/
+
+[Install]
+WantedBy=multi-user.target
--- a/ospkg/postinstall.sh
+++ b/ospkg/postinstall.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+chown pomerium:pomerium -R /etc/pomerium
+chmod 750 /etc/pomerium
--- a/ospkg/preinstall.sh
+++ b/ospkg/preinstall.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+if ! getent passwd pomerium >/dev/null; then
+    useradd --system -d / -s /sbin/nologin pomerium
+fi