Add script to create deb package

.gitignore

@@ -9,3 +9,6 @@ result-*
 
 # Nix VM
 *.qcow2
+
+# Packaging
+/assets/completions/

Cargo.toml

@@ -68,3 +68,47 @@ anyhow = "1.0.100"
 
 [dev-dependencies]
 regex = "1.12.2"
+
+[package.metadata.deb]
+name = "mysqladm-rs"
+priority = "optional"
+section = "databases"
+depends = "$auto"
+license-file = ["LICENSE", "0"]
+maintainer = "Programvareverkstedet <projects@pvv.ntnu.no>"
+copyright = "Copyright (c) 2025, Programvareverkstedet"
+assets = [
+    [
+        "target/release/mysqladm",
+        "usr/bin/",
+        "755",
+    ],
+    [
+        "example-config.toml",
+        "etc/mysqladm/config.toml",
+        "600",
+    ],
+    [
+        "assets/completions/_*",
+        "usr/share/zsh/site-functions/completions/",
+        "644",
+    ],
+    [
+        "assets/completions/*.bash",
+        "usr/share/bash-completion/completions/",
+        "644",
+    ],
+    [
+        "assets/completions/*.fish",
+        "usr/share/fish/vendor_completions.d/",
+        "644",
+    ],
+    [
+        "assets/systemd/*",
+        "etc/systemd/system/",
+        "644",
+    ],
+]
+systemd-units = [
+    { unit-name = "mysqladm", unit-scripts = "assets/systemd", enable = true },
+]

assets/systemd/mysqladm.service

@@ -0,0 +1,54 @@
+[Unit]
+Description=MySQL administration tool for non-admin users
+Requires=mysqladm.socket
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/mysqladm-rs server --systemd socket-activate
+
+WatchdogSec=15
+
+User=mysqladm
+Group=mysqladm
+DynamicUser=yes
+
+ConfigurationDirectory=mysqladm
+RuntimeDirectory=mysqladm
+
+# This is required to read unix user/group details.
+PrivateUsers=false
+
+# Needed to communicate with MySQL.
+PrivateNetwork=false
+PrivateIPC=false
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+DeviceAllow=
+DevicePolicy=closed
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateMounts=true
+PrivateTmp=yes
+ProcSubset=pid
+ProtectClock=true
+ProtectControlGroups=strict
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectSystem=strict
+RemoveIPC=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SocketBindDeny=any
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=0777

assets/systemd/mysqladm.socket

@@ -0,0 +1,8 @@
+[Unit]
+Description=MySQL administration tool for non-admin users
+WantedBy=sockets.target
+
+[Socket]
+ListenStream=/run/mysqladm/mysqladm.sock
+Accept=no
+PassCredentials=true

create-deb.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+cargo build --release
+
+mkdir -p assets/completions
+
+./target/release/mysqladm generate-completions --shell bash > assets/completions/mysqladm.bash
+./target/release/mysqladm generate-completions --shell zsh > assets/completions/_mysqladm
+./target/release/mysqladm generate-completions --shell fish > assets/completions/mysqladm.fish
+
+./target/release/mysqladm generate-completions --shell bash --command mysql-dbadm > assets/completions/mysql-dbadm.bash
+./target/release/mysqladm generate-completions --shell zsh --command mysql-dbadm > assets/completions/_mysql-dbadm
+./target/release/mysqladm generate-completions --shell fish --command mysql-dbadm > assets/completions/mysql-dbadm.fish
+
+./target/release/mysqladm generate-completions --shell bash --command mysql-useradm > assets/completions/mysql-useradm.bash
+./target/release/mysqladm generate-completions --shell zsh --command mysql-useradm > assets/completions/_mysql-useradm
+./target/release/mysqladm generate-completions --shell fish --command mysql-useradm > assets/completions/mysql-useradm.fish
+
+cargo deb

flake.nix

@@ -49,6 +49,8 @@
         cargo-nextest
         cargo-edit
         cargo-deny
+        cargo-deb
+        dpkg
       ];
 
       RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";