meta-google: Fold gbmc-sslh into gbmc-ncsi-config
Logically these packages belong together and don't make much sense
without each other. Combine them to reduce package complexity for users.
Change-Id: I3d3998f8d10cacbd01f6d883b0033a3260ff60df
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service
new file mode 100644
index 0000000..b6bc04a
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=SSL/SSH multiplexer
+Requires=sslh.socket
+
+[Service]
+ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443
+KillMode=process
+#Hardening
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+MountFlags=private
+NoNewPrivileges=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+DynamicUser=true
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in
new file mode 100644
index 0000000..9e5f594
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in
@@ -0,0 +1,9 @@
+[Unit]
+Before=sslh.service
+
+[Socket]
+BindToDevice=@NCSI_IF@
+ListenStream=3967
+
+[Install]
+WantedBy=sockets.target