CloudNebulaProject/barycenter
1
0
Fork 0
mirror of https://github.com/CloudNebulaProject/barycenter.git synced 2026-04-10 13:10:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
barycenter/deploy/systemd/README.md
Till Wegmueller 9b0481b258
refactor: update crabidp references to barycenter and add Gateway API support 
Replace all remaining references to "crabidp" with "barycenter" across:
- Source code (error diagnostics, CLI name, comments)
- Configuration files and defaults
- Environment variable prefixes (CRABIDP__ → BARYCENTER__)
- Documentation (CLAUDE.md, README.md, DEPLOYMENT.md)
- Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos)
- Database filenames (crabidp.db → barycenter.db)

Add Kubernetes Gateway API support to Helm chart:
- New HTTPRoute template for Gateway API
- Configurable parentRefs, hostnames, filters, and weights
- Support for advanced traffic management features
- Gateway API as modern alternative to traditional Ingress
- Documentation and examples in DEPLOYMENT.md

Benefits of Gateway API:
- More expressive and extensible routing
- Role-oriented design with separation of concerns
- Better vendor portability
- Advanced traffic management capabilities

The Helm chart now supports both traditional Ingress and
Gateway API, allowing users to choose based on their cluster
capabilities and requirements.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 15:38:07 +01:00

2 KiB
Raw Permalink Blame History

systemd Deployment

This directory contains systemd service files for running Barycenter on Linux systems.

Installation

  1. Create the barycenter user:

    sudo useradd -r -s /bin/false -d /var/lib/barycenter barycenter

  2. Create required directories:

    sudo mkdir -p /etc/barycenter /var/lib/barycenter/data
sudo chown -R barycenter:barycenter /var/lib/barycenter

  3. Install the binary:

    sudo cargo build --release
sudo cp target/release/barycenter /usr/local/bin/
sudo chmod +x /usr/local/bin/barycenter

  4. Install the configuration:

    sudo cp config.toml /etc/barycenter/config.toml
sudo chown root:barycenter /etc/barycenter/config.toml
sudo chmod 640 /etc/barycenter/config.toml

    Edit /etc/barycenter/config.toml and update paths:

    [database]
url = "sqlite:///var/lib/barycenter/barycenter.db?mode=rwc"

[keys]
jwks_path = "/var/lib/barycenter/data/jwks.json"
private_key_path = "/var/lib/barycenter/data/private_key.pem"

  5. Install the systemd service:

    sudo cp deploy/systemd/barycenter.service /etc/systemd/system/
sudo systemctl daemon-reload

  6. Enable and start the service:

    sudo systemctl enable barycenter
sudo systemctl start barycenter

Management

Check status:

sudo systemctl status barycenter

View logs:

sudo journalctl -u barycenter -f

Restart service:

sudo systemctl restart barycenter

Stop service:

sudo systemctl stop barycenter

Security

The service runs with extensive security hardening:

  • Runs as non-root user
  • Private /tmp directory
  • Read-only filesystem (except data directory)
  • System call filtering
  • Memory protections
  • No new privileges

Environment Variables

You can override configuration using environment variables in the service file:

[Service]
Environment="BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com"
Environment="RUST_LOG=debug"