From 47f5929b2d4b69e4bd317a1e932747e40b45cf7e Mon Sep 17 00:00:00 2001
From: Robert <Robert@TryingToScale.com>
Date: Thu, 3 Jul 2025 19:33:45 -0400
Subject: [PATCH] Systemd

---
 .gitignore       |  1 +
 README           | 23 +++++++++++++++++++++++
 cliVault.service | 31 +++++++++++++++++++++++++++++++
 client.go        |  6 +++++-
 4 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 README
 create mode 100644 cliVault.service

diff --git a/.gitignore b/.gitignore
index 98e6ef6..bc9b288 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.db
+vaultClient
diff --git a/README b/README
new file mode 100644
index 0000000..cf93c07
--- /dev/null
+++ b/README
@@ -0,0 +1,23 @@
+```
+go get github.com/mattn/go-sqlite3
+
+go run keygen.go
+nano server.go
+REPLACE old key with new key!
+
+sudo apt install gcc
+CGO_ENABLED=1 go build -o cliVault server.go
+```
+
+## Systemd Unit file:
+```
+sudo cp cliVault.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable cliVault
+sudo systemctl start cliVault
+```
+
+## Client
+```
+go build -o vaultClient client.go
+```
diff --git a/cliVault.service b/cliVault.service
new file mode 100644
index 0000000..fcda2f1
--- /dev/null
+++ b/cliVault.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=cliVault Service
+After=network.target
+
+[Service]
+Type=simple
+# REPLACE all USERNAME with actual user
+User=USERNAME
+Group=USERNAME
+WorkingDirectory=/home/USERNAME/cliVault
+ExecStart=/home/USERNAME/cliVault/cliVault
+Restart=on-failure
+RestartSec=5s
+
+# Security restrictions
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=false
+ReadWritePaths=/home/USERNAME/cliVault
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX  # Allow network access
+RestrictNamespaces=true
+CapabilityBoundingSet=
+AmbientCapabilities=CAP_NET_BIND_SERVICE  # Allow binding to port 9898 without root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/client.go b/client.go
index f956f23..075689a 100644
--- a/client.go
+++ b/client.go
@@ -31,7 +31,11 @@ func generateNonce() (string, error) {
 }
 
 func main() {
-    conn, err := net.Dial("tcp", "localhost:9898")
+    var host string
+    fmt.Print("Enter host or IP: ")
+    fmt.Scanln(&host)
+
+    conn, err := net.Dial("tcp", host+":9898")
     if err != nil {
         panic(err)
     }