From 1fadef0b3fabb11b063000b3288a76e19c3484a3 Mon Sep 17 00:00:00 2001 From: wenil Date: Mon, 25 May 2026 09:38:39 +0300 Subject: [PATCH] systemd: redirect HOME / XDG dirs into project so ProtectHome stays on ezdxf, matplotlib, and other Python libs try to write into $HOME/.config and $HOME/.cache. With ProtectHome=true the real /home/busbar is invisible to the service and pathlib.Path.exists() throws PermissionError. Fix: set HOME, XDG_CONFIG_HOME, XDG_CACHE_HOME to /opt/busbar-designer/data/* which is already in ReadWritePaths. Hardening (ProtectHome) stays intact. install.sh also pre-creates the .config / .cache subdirs. --- deploy/busbar-designer.service | 5 +++++ deploy/install.sh | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/deploy/busbar-designer.service b/deploy/busbar-designer.service index 96a59f1..45ef4f9 100644 --- a/deploy/busbar-designer.service +++ b/deploy/busbar-designer.service @@ -23,6 +23,11 @@ Environment=HOST=0.0.0.0 Environment=PORT=5000 Environment=FLASK_DEBUG=0 Environment=PATH=/opt/busbar-designer/.venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +; HOME points inside the project so ezdxf / matplotlib / build123d can write +; their config + cache while ProtectHome=true still hides the real /home. +Environment=HOME=/opt/busbar-designer/data +Environment=XDG_CONFIG_HOME=/opt/busbar-designer/data/.config +Environment=XDG_CACHE_HOME=/opt/busbar-designer/data/.cache ExecStart=/opt/busbar-designer/.venv/bin/gunicorn --bind=0.0.0.0:5000 --workers=2 --threads=2 --timeout=120 app:app Restart=on-failure RestartSec=5 diff --git a/deploy/install.sh b/deploy/install.sh index 5fbc65e..b78c33a 100644 --- a/deploy/install.sh +++ b/deploy/install.sh @@ -88,8 +88,11 @@ sudo -u "$SVC_USER" "$INSTALL_DIR/.venv/bin/pip" install --upgrade pip sudo -u "$SVC_USER" "$INSTALL_DIR/.venv/bin/pip" install \ -r "$INSTALL_DIR/requirements.txt" gunicorn -# ---- data dir (for SQLite) ------------------------------------------------- -sudo -u "$SVC_USER" mkdir -p "$INSTALL_DIR/data" +# ---- data + XDG dirs (for SQLite, ezdxf config, build123d cache) ----------- +sudo -u "$SVC_USER" mkdir -p \ + "$INSTALL_DIR/data" \ + "$INSTALL_DIR/data/.config" \ + "$INSTALL_DIR/data/.cache" # ---- systemd unit ---------------------------------------------------------- log "Installing systemd unit..."