Systemd

.gitignore

@@ -1 +1,2 @@
 *.db
+vaultClient

README

@@ -0,0 +1,23 @@
+```
+go get github.com/mattn/go-sqlite3
+
+go run keygen.go
+nano server.go
+REPLACE old key with new key!
+
+sudo apt install gcc
+CGO_ENABLED=1 go build -o cliVault server.go
+```
+
+## Systemd Unit file:
+```
+sudo cp cliVault.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable cliVault
+sudo systemctl start cliVault
+```
+
+## Client
+```
+go build -o vaultClient client.go
+```

cliVault.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=cliVault Service
+After=network.target
+
+[Service]
+Type=simple
+# REPLACE all USERNAME with actual user
+User=USERNAME
+Group=USERNAME
+WorkingDirectory=/home/USERNAME/cliVault
+ExecStart=/home/USERNAME/cliVault/cliVault
+Restart=on-failure
+RestartSec=5s
+
+# Security restrictions
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=false
+ReadWritePaths=/home/USERNAME/cliVault
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX  # Allow network access
+RestrictNamespaces=true
+CapabilityBoundingSet=
+AmbientCapabilities=CAP_NET_BIND_SERVICE  # Allow binding to port 9898 without root
+
+[Install]
+WantedBy=multi-user.target

client.go

@@ -31,7 +31,11 @@ func generateNonce() (string, error) {
 }
 
 func main() {
-    conn, err := net.Dial("tcp", "localhost:9898")
+    var host string
+    fmt.Print("Enter host or IP: ")
+    fmt.Scanln(&host)
+
+    conn, err := net.Dial("tcp", host+":9898")
     if err != nil {
         panic(err)
     }