chore(systemd): add systemd service files (#22)

Add systemd files to serve files from /var/lib/rustypaste, automatic
user creation via systemd-sysusers and AUTH_TOKEN configuration via
rustypaste.env in /etc/rustypaste/rustypaste.env.

implements #16

extra/systemd/rustypaste.env

@@ -0,0 +1,2 @@
+# To enable basic HTTP auth, set the AUTH_TOKEN
+AUTH_TOKEN=""

extra/systemd/rustypaste.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=Rustypaste server
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+User=rustypaste
+Group=rustypaste
+ExecStart=/usr/bin/rustypaste
+ReadWritePaths=/var/lib/rustypaste
+ReadOnlyPaths=/etc/rustypaste
+
+WorkingDirectory=/var/lib/rustypaste
+Environment="CONFIG=/etc/rustypaste/config.toml"
+EnvironmentFile=/etc/rustypaste/rustypaste.env
+
+# Hardening options
+CapabilityBoundingSet=
+AmbientCapabilities=
+NoNewPrivileges=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+LockPersonality=true
+
+[Install]
+WantedBy=multi-user.target

extra/systemd/rustypaste.sysusers

@@ -0,0 +1 @@
+u rustypaste - "Minimal file upload/pastebin service" /var/lib/rustypaste

extra/systemd/rustypaste.tmpfiles

@@ -0,0 +1 @@
+d /var/lib/rustypaste 0750 rustypaste rustypaste