wenil/busbar-designer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1fadef0b3fabb11b063000b3288a76e19c3484a3
busbar-designer/deploy/busbar-designer.service
T
wenil 1fadef0b3f systemd: redirect HOME / XDG dirs into project so ProtectHome stays on 
ezdxf, matplotlib, and other Python libs try to write into $HOME/.config
and $HOME/.cache. With ProtectHome=true the real /home/busbar is invisible
to the service and pathlib.Path.exists() throws PermissionError.

Fix: set HOME, XDG_CONFIG_HOME, XDG_CACHE_HOME to /opt/busbar-designer/data/*
which is already in ReadWritePaths. Hardening (ProtectHome) stays intact.

install.sh also pre-creates the .config / .cache subdirs.
2026-05-25 09:38:39 +03:00

44 lines
1.4 KiB
Desktop File
Raw Blame History

; systemd unit for running busbar-designer in a Proxmox LXC (or any Linux VM)
; without Docker. Assumes the project lives at /opt/busbar-designer and you've
; created a venv there with `python3 -m venv .venv && .venv/bin/pip install -r
; requirements.txt gunicorn`.
;
; Install:
; sudo cp deploy/busbar-designer.service /etc/systemd/system/
; sudo systemctl daemon-reload
; sudo systemctl enable --now busbar-designer
;
; Logs: journalctl -u busbar-designer -f
[Unit]
Description=Busbar Designer (Flask + build123d)
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=busbar
Group=busbar
WorkingDirectory=/opt/busbar-designer
Environment=HOST=0.0.0.0
Environment=PORT=5000
Environment=FLASK_DEBUG=0
Environment=PATH=/opt/busbar-designer/.venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
; HOME points inside the project so ezdxf / matplotlib / build123d can write
; their config + cache while ProtectHome=true still hides the real /home.
Environment=HOME=/opt/busbar-designer/data
Environment=XDG_CONFIG_HOME=/opt/busbar-designer/data/.config
Environment=XDG_CACHE_HOME=/opt/busbar-designer/data/.cache
ExecStart=/opt/busbar-designer/.venv/bin/gunicorn --bind=0.0.0.0:5000 --workers=2 --threads=2 --timeout=120 app:app
Restart=on-failure
RestartSec=5
; Hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/busbar-designer
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink