Setup installation

examples/systemd-services/README.md

@@ -0,0 +1,287 @@
+# Systemd Service Templates
+
+## Übersicht
+
+Diese Verzeichnis enthält Systemd-Service-Templates für die automatische Integration des USB-SSD Management Systems in die Linux-Systemd-Infrastruktur.
+
+## Verfügbare Services
+
+### `ssd-detection.service`
+**Zweck**: Kontinuierliche USB-C SSD Erkennung und Überwachung
+
+**Funktionen**:
+- Automatische Erkennung neu angeschlossener SSDs
+- Kontinuierliche Überwachung im 5-Sekunden-Intervall
+- Integration mit udev-Events
+- Systemd-Journal Logging
+- Automatischer Restart bei Fehlern
+
+**Installation**:
+```bash
+sudo cp ssd-detection.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable ssd-detection.service
+sudo systemctl start ssd-detection.service
+```
+
+### `ssd-automount.service`
+**Zweck**: Automatisches Mounting erkannter SSDs
+
+**Funktionen**:
+- Automatisches Mounting auf `/mnt/ssd-storage`
+- Abhängigkeit von `ssd-detection.service`
+- Graceful Shutdown mit Safe-Eject
+- Remount-Funktionalität
+- PID-File Management
+
+**Installation**:
+```bash
+sudo cp ssd-automount.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable ssd-automount.service
+sudo systemctl start ssd-automount.service
+```
+
+### `ssd-mount@.service`
+**Zweck**: Template-Service für spezifische Device-Mounting
+
+**Funktionen**:
+- Template-basiertes Mounting für spezifische Devices
+- Device-Binding mit `BindsTo=`
+- Oneshot-Service mit `RemainAfterExit=yes`
+- Automatisches Cleanup bei Device-Entfernung
+
+**Verwendung**:
+```bash
+# Service für spezifisches Device starten
+sudo systemctl start ssd-mount@sdb1.service
+
+# Service für spezifisches Device aktivieren
+sudo systemctl enable ssd-mount@sdb1.service
+
+# Status prüfen
+sudo systemctl status ssd-mount@sdb1.service
+```
+
+## Service-Konfiguration
+
+### Anpassung der Services
+
+#### Environment-Variables
+```bash
+# Service-Konfiguration bearbeiten
+sudo systemctl edit ssd-detection.service
+
+# Beispiel-Konfiguration:
+[Service]
+Environment=SSD_LOG_LEVEL=DEBUG
+Environment=SSD_MONITOR_INTERVAL=10
+Environment=SSD_USE_SYSLOG=true
+```
+
+#### Mount-Point anpassen
+```bash
+# Automount-Service anpassen
+sudo systemctl edit ssd-automount.service
+
+[Service]
+Environment=SSD_MOUNT_POINT=/custom/mount/point
+```
+
+#### Security-Einstellungen
+```bash
+# Zusätzliche Security-Optionen
+sudo systemctl edit ssd-detection.service
+
+[Service]
+# Zusätzliche Device-Zugriffe
+DeviceAllow=/dev/nvme* rw
+DeviceAllow=/dev/mmcblk* rw
+
+# Zusätzliche Pfad-Zugriffe
+ReadWritePaths=/custom/path
+```
+
+## Service-Management
+
+### Standard-Operationen
+```bash
+# Services aktivieren
+sudo systemctl enable ssd-detection.service ssd-automount.service
+
+# Services starten
+sudo systemctl start ssd-detection.service ssd-automount.service
+
+# Status prüfen
+sudo systemctl status ssd-detection.service
+sudo systemctl status ssd-automount.service
+
+# Services stoppen
+sudo systemctl stop ssd-detection.service ssd-automount.service
+
+# Services deaktivieren
+sudo systemctl disable ssd-detection.service ssd-automount.service
+```
+
+### Logs und Monitoring
+```bash
+# Service-Logs anzeigen
+sudo journalctl -u ssd-detection.service -f
+sudo journalctl -u ssd-automount.service --since "1 hour ago"
+
+# Alle SSD-Services
+sudo journalctl -u "ssd-*" --since today
+
+# Service-Status überwachen
+watch -n 5 'systemctl status ssd-detection.service ssd-automount.service'
+```
+
+### Troubleshooting
+```bash
+# Service-Konfiguration validieren
+sudo systemd-analyze verify /etc/systemd/system/ssd-detection.service
+
+# Service-Dependencies anzeigen
+sudo systemctl list-dependencies ssd-automount.service
+
+# Failed-Services anzeigen
+sudo systemctl --failed | grep ssd
+
+# Service neu starten
+sudo systemctl restart ssd-detection.service
+```
+
+## Erweiterte Konfiguration
+
+### Custom-Service erstellen
+```bash
+# Basis-Template kopieren
+sudo cp ssd-detection.service /etc/systemd/system/ssd-custom.service
+
+# Service anpassen
+sudo nano /etc/systemd/system/ssd-custom.service
+
+# Service aktivieren
+sudo systemctl daemon-reload
+sudo systemctl enable ssd-custom.service
+```
+
+### Multi-Device Support
+```bash
+# Template-Service für mehrere Devices
+sudo systemctl enable ssd-mount@sdb1.service
+sudo systemctl enable ssd-mount@sdc1.service
+sudo systemctl enable ssd-mount@sdd1.service
+
+# Alle Template-Services starten
+sudo systemctl start ssd-mount@*.service
+```
+
+### Timer-basierte Services
+```bash
+# Timer für regelmäßige Tests erstellen
+sudo nano /etc/systemd/system/ssd-test.service
+sudo nano /etc/systemd/system/ssd-test.timer
+
+# Timer aktivieren
+sudo systemctl enable ssd-test.timer
+sudo systemctl start ssd-test.timer
+```
+
+## Security-Konfiguration
+
+### Hardening-Optionen
+```ini
+[Service]
+# Zusätzliche Security-Features
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictNamespaces=true
+```
+
+### Capability-Management
+```ini
+[Service]
+# Minimale Capabilities
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE
+AmbientCapabilities=CAP_SYS_ADMIN CAP_DAC_OVERRIDE
+```
+
+### User/Group-Konfiguration
+```bash
+# Dedicated Service-User erstellen
+sudo useradd -r -s /bin/false ssd-service
+sudo usermod -a -G disk ssd-service
+
+# Service-Konfiguration anpassen
+[Service]
+User=ssd-service
+Group=disk
+```
+
+## Integration mit anderen Services
+
+### SMB-Integration
+```ini
+[Unit]
+# SMB-Service nach SSD-Mount starten
+Before=smbd.service
+PartOf=smbd.service
+
+[Service]
+# SMB-Reload nach Mount
+ExecStartPost=/bin/systemctl reload-or-restart smbd.service
+```
+
+### Backup-Integration
+```ini
+[Unit]
+# Backup-Service nach SSD-Mount starten
+Before=backup.service
+
+[Service]
+# Backup-Trigger nach Mount
+ExecStartPost=/usr/local/bin/trigger-backup.sh
+```
+
+### Monitoring-Integration
+```ini
+[Service]
+# Prometheus-Metriken exportieren
+ExecStartPost=/usr/local/bin/export-ssd-metrics.sh
+```
+
+## Best Practices
+
+### Produktionsumgebung
+1. **Immer `systemctl daemon-reload`** nach Service-Änderungen
+2. **Service-Dependencies** korrekt konfigurieren
+3. **Logging-Level** für Produktion auf INFO setzen
+4. **Security-Features** aktivieren
+5. **Monitoring** für Service-Status einrichten
+
+### Entwicklungsumgebung
+1. **Debug-Logging** aktivieren
+2. **Manual-Start** für Tests verwenden
+3. **Service-Isolation** für Entwicklung
+4. **Frequent-Reload** für Änderungen
+
+### Monitoring und Alerting
+1. **Systemd-Status** überwachen
+2. **Service-Logs** analysieren
+3. **Performance-Metriken** sammeln
+4. **Failure-Alerts** konfigurieren
+
+## Changelog
+
+### Version 0.1.0
+- Basis-Service Templates
+- Security-Hardening
+- Multi-Device Support
+- Integration-Beispiele
+- Comprehensive Documentation

examples/systemd-services/ssd-automount.service

@@ -0,0 +1,45 @@
+[Unit]
+Description=Automatic SSD Mounting Service
+Documentation=https://git.gitcover.de/KMU/usb-ssd
+After=ssd-detection.service
+Requires=ssd-detection.service
+BindsTo=ssd-detection.service
+
+[Service]
+Type=forking
+User=root
+Group=root
+ExecStart=/usr/local/bin/ssd-mount-manager.sh mount --auto-mount
+ExecStop=/usr/local/bin/ssd-safe-eject.sh --all
+ExecReload=/usr/local/bin/ssd-mount-manager.sh remount
+PIDFile=/var/run/ssd-automount.pid
+Restart=on-failure
+RestartSec=10
+TimeoutStartSec=60
+TimeoutStopSec=30
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=ssd-automount
+
+# Security
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/var/log /var/run /mnt /media
+PrivateTmp=true
+PrivateDevices=false
+DevicePolicy=closed
+DeviceAllow=/dev/sd* rw
+DeviceAllow=/dev/disk/by-uuid/* rw
+
+# Environment
+Environment=SSD_LOG_LEVEL=INFO
+Environment=SSD_USE_SYSLOG=true
+Environment=SSD_AUTO_MOUNT=true
+Environment=SSD_MOUNT_POINT=/mnt/ssd-storage
+
+[Install]
+WantedBy=multi-user.target
+Also=ssd-detection.service

examples/systemd-services/ssd-detection.service

@@ -0,0 +1,42 @@
+[Unit]
+Description=USB-C SSD Detection Service
+Documentation=https://git.gitcover.de/KMU/usb-ssd
+After=local-fs.target
+Wants=systemd-udevd.service
+After=systemd-udevd.service
+
+[Service]
+Type=simple
+User=root
+Group=root
+ExecStart=/usr/local/bin/ssd-detect.sh --monitor --interval 5
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=5
+TimeoutStartSec=30
+TimeoutStopSec=10
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=ssd-detection
+
+# Security
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/var/log /var/run /mnt
+PrivateTmp=true
+PrivateDevices=false
+DevicePolicy=closed
+DeviceAllow=/dev/sd* rw
+DeviceAllow=/dev/disk/by-uuid/* rw
+
+# Environment
+Environment=SSD_LOG_LEVEL=INFO
+Environment=SSD_USE_SYSLOG=true
+Environment=SSD_MONITOR_INTERVAL=5
+
+[Install]
+WantedBy=multi-user.target
+Alias=ssd-detect.service

examples/systemd-services/ssd-mount@.service

@@ -0,0 +1,38 @@
+[Unit]
+Description=SSD Mount Manager for %i
+Documentation=https://git.gitcover.de/KMU/usb-ssd
+After=local-fs.target
+BindsTo=dev-%i.device
+After=dev-%i.device
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User=root
+Group=root
+ExecStart=/usr/local/bin/ssd-mount-manager.sh mount --device /dev/%i
+ExecStop=/usr/local/bin/ssd-safe-eject.sh --device /dev/%i
+TimeoutStartSec=30
+TimeoutStopSec=15
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=ssd-mount
+
+# Security
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/var/log /var/run /mnt
+PrivateTmp=true
+PrivateDevices=false
+DevicePolicy=closed
+DeviceAllow=/dev/%i rw
+
+# Environment
+Environment=SSD_LOG_LEVEL=INFO
+Environment=SSD_USE_SYSLOG=true
+
+[Install]
+WantedBy=multi-user.target