DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/deployment/linux/furt.service

34 lines
612 B
SYSTEMD
Raw Permalink Normal View History

feat(deployment): replace monster scripts with modular helper scripts (#87) - Add install.sh orchestrator with upgrade support - Add 6 helper scripts (<100 lines each) replacing 700-800 line monsters - Add deployment/linux/furt.service systemd template - Support both fresh install and upgrade modes - Platform-aware detection (OpenBSD/FreeBSD vs Linux) - Skip user/service creation in upgrade mode - Preserve existing configuration during updates - Remove merkwerk dependency from production install script Helper scripts: - scripts/setup-user.sh - Create system user (_furt/furt) - scripts/setup-directories.sh - Create directory structure - scripts/sync-files.sh - Copy source files to installation - scripts/create-service.sh - Create system service from templates - scripts/validate-config.sh - Validate furt.conf syntax - scripts/health-check.sh - Basic health check functionality Closes DAW/furt#87
2025-09-03 22:12:58 +02:00
[Unit]
feat(deployment): add systemd security hardening - Add ProtectSystem=strict for read-only filesystem - Add ReadWritePaths for required directories - Add ProtectHome=yes to block home access - Add NoNewPrivileges=yes to prevent escalation - Add PrivateTmp=yes for isolated temp space - Add RestrictAddressFamilies=AF_INET for IPv4-only Related DAW/furt#110
2025-09-07 18:40:32 +02:00
Description=furt Multi-Tenant API Gateway (Security-Hardened)
feat(deployment): replace monster scripts with modular helper scripts (#87) - Add install.sh orchestrator with upgrade support - Add 6 helper scripts (<100 lines each) replacing 700-800 line monsters - Add deployment/linux/furt.service systemd template - Support both fresh install and upgrade modes - Platform-aware detection (OpenBSD/FreeBSD vs Linux) - Skip user/service creation in upgrade mode - Preserve existing configuration during updates - Remove merkwerk dependency from production install script Helper scripts: - scripts/setup-user.sh - Create system user (_furt/furt) - scripts/setup-directories.sh - Create directory structure - scripts/sync-files.sh - Copy source files to installation - scripts/create-service.sh - Create system service from templates - scripts/validate-config.sh - Validate furt.conf syntax - scripts/health-check.sh - Basic health check functionality Closes DAW/furt#87
2025-09-03 22:12:58 +02:00
After=network.target
[Service]
fix(systemd): use Type=forking for background start.sh compatibility - Change Type=simple to Type=forking in systemd service - Properly handle start.sh background process (&) - Ensures systemd correctly tracks daemon lifecycle - Fixes BSD-compatible start script integration Fixes #104
2025-09-05 17:02:31 +02:00
Type=forking
feat(deployment): replace monster scripts with modular helper scripts (#87) - Add install.sh orchestrator with upgrade support - Add 6 helper scripts (<100 lines each) replacing 700-800 line monsters - Add deployment/linux/furt.service systemd template - Support both fresh install and upgrade modes - Platform-aware detection (OpenBSD/FreeBSD vs Linux) - Skip user/service creation in upgrade mode - Preserve existing configuration during updates - Remove merkwerk dependency from production install script Helper scripts: - scripts/setup-user.sh - Create system user (_furt/furt) - scripts/setup-directories.sh - Create directory structure - scripts/sync-files.sh - Copy source files to installation - scripts/create-service.sh - Create system service from templates - scripts/validate-config.sh - Validate furt.conf syntax - scripts/health-check.sh - Basic health check functionality Closes DAW/furt#87
2025-09-03 22:12:58 +02:00
User=furt
Group=furt
feat(service): implement PID-file based service management (DAW/furt#100) - Replace unreliable pexp patterns with PID-file approach - Add graceful shutdown with timeout handling in rc.d script - Implement process validation after startup - Add SIGHUP config reload support for Unix services - Ensure PID-file cleanup on service exit - Update systemd service to use PIDFile parameter Platform improvements: - OpenBSD: rc_check/rc_stop functions now PID-file based - Linux: systemd Type=forking with proper PIDFile support - Cross-platform: /var/run/furt.pid standard location Resolves service status detection issues where rcctl check showed (failed) despite running service due to process name variations across platforms.
2025-09-05 22:30:07 +02:00
ExecStart=/usr/local/share/furt/scripts/start.sh
feat(service): implement PID-file based service management - Add PID directory creation in setup-directories.sh - Update start.sh to use /var/run/furt/furt.pid for both platforms - Fix OpenBSD rc.d script pidfile variable path - Correct systemd service PIDFile parameter path - Resolve rcctl check detection issues on OpenBSD Fixes service detection problems where rcctl check would show (failed) even when service was running. PID-file approach provides reliable cross-platform service status detection instead of fragile pexp patterns. Related DAW/furt#100
2025-09-07 16:57:35 +02:00
PIDFile=/var/run/furt/furt.pid
feat(deployment): replace monster scripts with modular helper scripts (#87) - Add install.sh orchestrator with upgrade support - Add 6 helper scripts (<100 lines each) replacing 700-800 line monsters - Add deployment/linux/furt.service systemd template - Support both fresh install and upgrade modes - Platform-aware detection (OpenBSD/FreeBSD vs Linux) - Skip user/service creation in upgrade mode - Preserve existing configuration during updates - Remove merkwerk dependency from production install script Helper scripts: - scripts/setup-user.sh - Create system user (_furt/furt) - scripts/setup-directories.sh - Create directory structure - scripts/sync-files.sh - Copy source files to installation - scripts/create-service.sh - Create system service from templates - scripts/validate-config.sh - Validate furt.conf syntax - scripts/health-check.sh - Basic health check functionality Closes DAW/furt#87
2025-09-03 22:12:58 +02:00
WorkingDirectory=/usr/local/share/furt
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
feat(deployment): add systemd security hardening - Add ProtectSystem=strict for read-only filesystem - Add ReadWritePaths for required directories - Add ProtectHome=yes to block home access - Add NoNewPrivileges=yes to prevent escalation - Add PrivateTmp=yes for isolated temp space - Add RestrictAddressFamilies=AF_INET for IPv4-only Related DAW/furt#110
2025-09-07 18:40:32 +02:00
# === SECURITY HARDENING ===
# Filesystem Protection
ProtectSystem=strict
ReadWritePaths=/var/run/furt /var/log/furt
ProtectHome=yes
# Process Hardening
NoNewPrivileges=yes
PrivateTmp=yes
# Network Restriction
RestrictAddressFamilies=AF_INET
feat(deployment): replace monster scripts with modular helper scripts (#87) - Add install.sh orchestrator with upgrade support - Add 6 helper scripts (<100 lines each) replacing 700-800 line monsters - Add deployment/linux/furt.service systemd template - Support both fresh install and upgrade modes - Platform-aware detection (OpenBSD/FreeBSD vs Linux) - Skip user/service creation in upgrade mode - Preserve existing configuration during updates - Remove merkwerk dependency from production install script Helper scripts: - scripts/setup-user.sh - Create system user (_furt/furt) - scripts/setup-directories.sh - Create directory structure - scripts/sync-files.sh - Copy source files to installation - scripts/create-service.sh - Create system service from templates - scripts/validate-config.sh - Validate furt.conf syntax - scripts/health-check.sh - Basic health check functionality Closes DAW/furt#87
2025-09-03 22:12:58 +02:00
[Install]
WantedBy=multi-user.target
Reference in a new issue Copy permalink