ctucx.git: nixfiles

machines/osterei: add temporary systemd-service

diff --git a/machines/osterei/box-availablilty-checker.nix b/machines/osterei/box-availablilty-checker.nix
@@ -0,0 +1,36 @@
+{ pkgs, ...}:
+
+{
+  systemd = {
+    services.box-availablilty-checker = {
+      onFailure   = [ "notify-failure@%i.service" ];
+      startAt     = "*-*-* */6:00:00";
+      after       = [ "network-online.target" ];
+      path        = [ pkgs.curl ];
+      script      = ''
+        curl --silent https://www.ab-in-die-box.de/b2cde/euroboxen-eurokisten-eurokaesten-nextgen-portable-400x300x220.html 2>&1 | grep "18,37 € - Ausverkauft"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+
+        DynamicUser             = true;
+
+        NoNewPrivileges         = true;
+        PrivateTmp              = true;
+        PrivateDevices          = true;
+
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces      = true;
+        RestrictRealtime        = true;
+
+        ProtectSystem           = "full";
+        ProtectControlGroups    = true;
+        ProtectKernelModules    = true;
+        ProtectKernelTunables   = true;
+
+        DevicePolicy            = "closed";
+        LockPersonality         = true;
+      };
+    };
+  };
+}

diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix
@@ -22,6 +22,7 @@
     ./oeffi-web.nix
     ./fritzbox-exporter.nix
     ./websites
+    ./box-availablilty-checker.nix
   ];
 
   age.secrets.restic-server-lollo.file    = ../../secrets/restic-server/lollo.age;