CloudNebulaProject/barycenter
1
0
Fork 0
mirror of https://github.com/CloudNebulaProject/barycenter.git synced 2026-04-10 13:10:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
barycenter/deploy/freebsd/README.md
Till Wegmueller c8b27bf196
feat: add deployment configurations for multiple platforms 
Add comprehensive deployment support for:
- Docker: Multi-stage Dockerfile with security hardening
- Docker Compose: Production-ready compose file with volume persistence
- Kubernetes: Complete Helm chart with configurable values, ingress, PVC
- Linux: systemd service unit with extensive security hardening
- FreeBSD: rc.d init script with proper daemon management
- illumos/Solaris: SMF manifest with service contract management

Each platform includes:
- Installation scripts/manifests
- Configuration examples
- Management instructions
- Security best practices
- Troubleshooting guides

The Helm chart provides:
- Configurable resources and autoscaling
- Security contexts and pod security
- Health checks (liveness/readiness probes)
- Ingress with TLS support
- Persistent volume claims
- Service account management

All deployments follow security best practices:
- Non-root user execution
- Minimal privileges
- Read-only root filesystems where applicable
- Resource limits
- Network policies

Added DEPLOYMENT.md with comprehensive deployment guide covering
all platforms, configuration options, and production checklist.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 15:30:46 +01:00

2.5 KiB
Raw Blame History

FreeBSD Deployment

This directory contains rc.d script for running Barycenter on FreeBSD systems.

Installation

  1. Install Rust and build the binary:

    pkg install rust
cargo build --release

  2. Create the barycenter user:

    pw useradd barycenter -d /var/db/barycenter -s /usr/sbin/nologin -c "Barycenter IdP"

  3. Create required directories:

    mkdir -p /usr/local/etc/barycenter
mkdir -p /var/db/barycenter/data
chown -R barycenter:barycenter /var/db/barycenter

  4. Install the binary:

    install -m 755 target/release/barycenter /usr/local/bin/

  5. Install the configuration:

    cp config.toml /usr/local/etc/barycenter/config.toml
chown root:barycenter /usr/local/etc/barycenter/config.toml
chmod 640 /usr/local/etc/barycenter/config.toml

    Edit /usr/local/etc/barycenter/config.toml and update paths:

    [database]
url = "sqlite:///var/db/barycenter/crabidp.db?mode=rwc"

[keys]
jwks_path = "/var/db/barycenter/data/jwks.json"
private_key_path = "/var/db/barycenter/data/private_key.pem"

  6. Install the rc.d script:

    install -m 755 deploy/freebsd/barycenter /usr/local/etc/rc.d/

  7. Enable the service in /etc/rc.conf:

    echo 'barycenter_enable="YES"' >> /etc/rc.conf

    Optional configuration:

    echo 'barycenter_config="/usr/local/etc/barycenter/config.toml"' >> /etc/rc.conf
echo 'barycenter_env="RUST_LOG=info"' >> /etc/rc.conf

  8. Start the service:

    service barycenter start

Management

Check status:

service barycenter status

View logs:

tail -f /var/log/messages | grep barycenter

Restart service:

service barycenter restart

Stop service:

service barycenter stop

Configuration Options

All configuration options are set in /etc/rc.conf:

  • barycenter_enable - Enable/disable the service (YES/NO)
  • barycenter_user - User to run as (default: barycenter)
  • barycenter_group - Group to run as (default: barycenter)
  • barycenter_config - Path to config file
  • barycenter_env - Environment variables (e.g., "RUST_LOG=debug")

Logging

By default, output goes to syslog. To configure separate log file, update newsyslog:

echo "/var/log/barycenter.log barycenter:barycenter 644 7 * @T00 JC" >> /etc/newsyslog.conf
touch /var/log/barycenter.log
chown barycenter:barycenter /var/log/barycenter.log