Echo
da5a94d838
- Initialize Rust workspace with 7 crates (pm-web, pm-worker, pm-core, pm-agent-client, pm-auth, pm-ca, pm-reports) - React + TypeScript + Vite + MUI frontend scaffold - Full PostgreSQL schema: all 17 tables with indexes and constraints - pm-core: config (TOML+env), db (SQLx pool + migrations), error (unified AppError + JSON envelope), request_id (ULID middleware), logging (tracing JSON/pretty) - pm-web: Axum skeleton, /status/health endpoint, static file serving - pm-worker: Tokio skeleton, heartbeat writer, schema version check - Embedded sqlx migrations with advisory lock (single-writer) - systemd unit files, setup.sh, build-frontend.sh - config.example.toml with all configuration keys - docs/runbooks/restore.md - cargo check passes with zero warnings Closes M1.
42 lines
984 B
Desktop File
42 lines
984 B
Desktop File
[Unit]
|
|
Description=Linux Patch Manager — Web Server
|
|
Documentation=https://gitea.moon-dragon.us/echo/linux_patch_manager
|
|
After=network.target postgresql.service
|
|
Requires=postgresql.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=patch-manager
|
|
Group=patch-manager
|
|
WorkingDirectory=/opt/patch-manager
|
|
|
|
# Configuration
|
|
Environment="PATCH_MANAGER_CONFIG=/etc/patch-manager/config.toml"
|
|
# Override individual settings via environment if needed:
|
|
# Environment="PATCH_MANAGER__DATABASE__URL=postgres://..."
|
|
|
|
ExecStart=/usr/local/bin/pm-web
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
TimeoutStopSec=30s
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ReadWritePaths=/var/log/patch-manager
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
|
|
# Allow binding to port 443 without root
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
|
|
# Logging
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=patch-manager-web
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|