Add systemd units for Victoria Metrics

I think it makes the most sense to install the systemd unit files for
services along with their binaries.  This is how most software provided
by Linux distribution package manager works.  Providing the systemd unit
with the package eliminates the need for variability, since the paths to
the executable and other files are well defined.

package/victoriametrics/victoria-metrics.service

@@ -0,0 +1,51 @@
+[Unit]
+Description=Victoria Metrics
+Documentation=https://docs.victoriametrics.com
+After=network.target
+
+[Service]
+Type=exec
+Environment=httpListenAddr=[::1]:8428
+Environment=storageDataPath=/var/lib/victoria-metrics/data
+Environment=loggerDisableTimestamps=true
+EnvironmentFile=-/etc/sysconfig/victoria-metrics
+ExecStart=/usr/bin/victoria-metrics -enableTCP6 -envflag.enable
+Restart=on-failure
+User=victoriametrics
+Group=victoriametrics
+ReadWritePaths=/var/lib/victoria-metrics
+LimitNOFILE=1048576
+
+CapabilityBoundingSet=
+DeviceAllow=
+DevicePolicy=closed
+DynamicUser=yes
+IPAddressAllow=localhost
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateTmp=yes
+ProcSubset=pid
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=0027
+
+[Install]
+WantedBy=multi-user.target

package/victoriametrics/victoriametrics.mk

@@ -8,4 +8,10 @@ VICTORIAMETRICS_LDFLAGS = -extldflags '-static'
 VICTORIAMETRICS_TAGS = netgo osusergo nethttpomithttp2 musl
 VICTORIAMETRICS_INSTALL_BINS = victoria-metrics
 
+define VICTORIAMETRICS_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m u=rw,go=r \
+		$(BR2_EXTERNAL_metricspi_PATH)/package/victoriametrics/victoria-metrics.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/victoria-metrics.service
+endef
+
 $(eval $(golang-package))

package/vmutils/vmagent.service

@@ -0,0 +1,52 @@
+[Unit]
+Description=Victoria Metrics vmagent
+Documentation=https://docs.victoriametrics.com/vmagent.html
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=exec
+Environment=httpListenAddr=[::1]:8429
+Environment=loggerDisableTimestamps=true
+Environment=remoteWrite_tmpDataPath=/var/lib/victoria-metrics/vmagent
+EnvironmentFile=-/etc/sysconfig/vmagent
+ExecStart=/usr/bin/vmagent -enableTCP6 -envflag.enable
+Restart=on-failure
+User=victoriametrics
+Group=victoriametrics
+ReadWritePaths=/var/lib/victoria-metrics
+
+CapabilityBoundingSet=
+DeviceAllow=
+DevicePolicy=closed
+DynamicUser=yes
+IPAddressAllow=localhost
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateTmp=yes
+ProcSubset=pid
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=0027
+
+[Install]
+WantedBy=multi-user.target
+

package/vmutils/vmalert.service

@@ -0,0 +1,51 @@
+[Unit]
+Description=Victoria Metrics vmalert
+Documentation=https://docs.victoriametrics.com/vmalert.html
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=exec
+Environment=httpListenAddr=[::1]:8880
+Environment=loggerDisableTimestamps=true
+EnvironmentFile=-/etc/sysconfig/vmalert
+ExecStart=/usr/bin/vmagent -enableTCP6 -envflag.enable
+Restart=on-failure
+User=victoriametrics
+Group=victoriametrics
+LimitNOFILE=1048576
+
+CapabilityBoundingSet=
+DeviceAllow=
+DevicePolicy=closed
+DynamicUser=yes
+IPAddressAllow=localhost
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateUsers=yes
+PrivateTmp=yes
+ProcSubset=pid
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources
+UMask=0027
+
+[Install]
+WantedBy=multi-user.target
+

package/vmutils/vmutils.mk

@@ -36,4 +36,21 @@ VMUTILS_BUILD_TARGETS += app/vmctl
 VMUTILS_INSTALL_BINS += vmctl
 endif
 
+define VMUTILS_VMAGENT_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m u=rw,go=r \
+		$(BR2_EXTERNAL_metricspi_PATH)/package/vmutils/vmagent.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/vmagent.service
+endef
+
+define VMUTILS_VMALERT_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m u=rw,go=r \
+		$(BR2_EXTERNAL_metricspi_PATH)/package/vmutils/vmalert.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/vmalert.service
+endef
+
+define VMUTILS_INSTALL_INIT_SYSTEMD
+	$(if $(BR2_PACKAGE_VMUTILS_VMAGENT),$(VMUTILS_VMAGENT_INSTALL_INIT_SYSTEMD))
+	$(if $(BR2_PACKAGE_VMUTILS_VMALERT),$(VMUTILS_VMALERT_INSTALL_INIT_SYSTEMD))
+endef
+
 $(eval $(golang-package))