git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity
Files
f797b97282f2a56f3cca25bfb78cbd9b95bab4ac
linux_patch_manager/systemd/patch-manager-worker.service
git-echo 124b5b0e3b feat: add bump-version.sh script for version management 
Automates version bumps across all version source files:
- Cargo.toml (PRIMARY - workspace.package.version)
- debian/changelog (prepend new entry)
- debian/control (update Version field)
- scripts/build-package.sh (update VERSION variable)
- frontend/package.json (update version field)
- Stale references check after bump

Usage: ./scripts/bump-version.sh <new_version> <old_version>
2026-05-28 10:52:16 -05:00

58 lines
1.5 KiB
Desktop File
Raw Blame History

[Unit]
Description=Linux Patch Manager — Background Worker
Documentation=https://gitea.moon-dragon.us/echo/linux_patch_manager
After=network-online.target postgresql.service patch-manager-web.service
Wants=network-online.target
Requires=postgresql.service
# Worker waits for the web process to apply migrations before starting tasks
Wants=patch-manager-web.service
PartOf=patch-manager.target
[Service]
Type=simple
User=patch-manager
Group=patch-manager
WorkingDirectory=/opt/patch-manager
# Configuration
Environment="PATCH_MANAGER_CONFIG=/etc/patch-manager/config.toml"
ExecStart=/usr/local/bin/pm-worker
# Restart policy — aggressive restart for production availability
Restart=always
RestartSec=10s
StartLimitIntervalSec=120
StartLimitBurst=5
# Timeouts — worker may take longer to drain active jobs
TimeoutStartSec=120s
TimeoutStopSec=120s
# Watchdog disabled — pm-worker does not currently implement sd_notify
# WatchdogSec=180s
# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log/patch-manager /etc/patch-manager/ca /etc/patch-manager/certs /etc/patch-manager/tls /etc/patch-manager/jwt
PrivateTmp=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictNamespaces=true
RestrictSUIDSGID=true
# File descriptor limits
LimitNOFILE=65536
# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=patch-manager-worker
[Install]
WantedBy=multi-user.target
View Git Blame Copy Permalink