add contrib

contrib/systemd/capport-enforcement.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Captive Portal enforcement service
+Wants=basic.target
+After=basic.target network.target
+ConditionFileIsExecutable=/var/lib/python-capport/start-control.sh
+ConditionPathIsDirectory=/var/lib/python-capport/venv
+
+# TODO: start as unprivileged user but with CAP_NET_ADMIN ?
+[Service]
+Type=notify
+WatchdogSec=10
+ExecStart=/var/lib/python-capport/start-control.sh
+Restart=always
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target

contrib/systemd/capport-nftables.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=NFT Firewall Shim for Captive Portal
+Wants=network-pre.target
+Before=network-pre.target shutdown.target
+Conflicts=shutdown.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+StandardInput=null
+ProtectSystem=full
+ProtectHome=true
+ExecStart=/usr/sbin/nft -f /etc/nftables.conf
+ExecReload=/usr/sbin/nft -f /etc/nftables.conf
+
+[Install]
+WantedBy=sysinit.target

contrib/systemd/capport-shaping.service.erb

@@ -0,0 +1,15 @@
+[Unit]
+Description=Captive Portal traffic shaping
+Wants=basic.target
+After=basic.target network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+StandardInput=null
+ProtectSystem=full
+ProtectHome=true
+ExecStart=/etc/capport-tc.sh <%= @uplink_interface %> <%= @client_interface %>
+
+[Install]
+WantedBy=multi-user.target

contrib/systemd/capport-webui.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Captive Portal web ui service
+Wants=basic.target
+After=basic.target network.target
+ConditionFileIsExecutable=/var/lib/python-capport/start-control.sh
+ConditionPathIsDirectory=/var/lib/python-capport/venv
+
+[Service]
+User=capport
+Type=notify
+WatchdogSec=10
+ExecStart=/var/lib/python-capport/start-api.sh
+Restart=always
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target