CloudNebulaProject/barycenter
1
0
Fork 0
mirror of https://github.com/CloudNebulaProject/barycenter.git synced 2026-04-10 13:10:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
barycenter/deploy/systemd/README.md
Till Wegmueller c8b27bf196
feat: add deployment configurations for multiple platforms 
Add comprehensive deployment support for:
- Docker: Multi-stage Dockerfile with security hardening
- Docker Compose: Production-ready compose file with volume persistence
- Kubernetes: Complete Helm chart with configurable values, ingress, PVC
- Linux: systemd service unit with extensive security hardening
- FreeBSD: rc.d init script with proper daemon management
- illumos/Solaris: SMF manifest with service contract management

Each platform includes:
- Installation scripts/manifests
- Configuration examples
- Management instructions
- Security best practices
- Troubleshooting guides

The Helm chart provides:
- Configurable resources and autoscaling
- Security contexts and pod security
- Health checks (liveness/readiness probes)
- Ingress with TLS support
- Persistent volume claims
- Service account management

All deployments follow security best practices:
- Non-root user execution
- Minimal privileges
- Read-only root filesystems where applicable
- Resource limits
- Network policies

Added DEPLOYMENT.md with comprehensive deployment guide covering
all platforms, configuration options, and production checklist.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-29 15:30:46 +01:00

2 KiB
Raw Blame History

systemd Deployment

This directory contains systemd service files for running Barycenter on Linux systems.

Installation

  1. Create the barycenter user:

    sudo useradd -r -s /bin/false -d /var/lib/barycenter barycenter

  2. Create required directories:

    sudo mkdir -p /etc/barycenter /var/lib/barycenter/data
sudo chown -R barycenter:barycenter /var/lib/barycenter

  3. Install the binary:

    sudo cargo build --release
sudo cp target/release/barycenter /usr/local/bin/
sudo chmod +x /usr/local/bin/barycenter

  4. Install the configuration:

    sudo cp config.toml /etc/barycenter/config.toml
sudo chown root:barycenter /etc/barycenter/config.toml
sudo chmod 640 /etc/barycenter/config.toml

    Edit /etc/barycenter/config.toml and update paths:

    [database]
url = "sqlite:///var/lib/barycenter/crabidp.db?mode=rwc"

[keys]
jwks_path = "/var/lib/barycenter/data/jwks.json"
private_key_path = "/var/lib/barycenter/data/private_key.pem"

  5. Install the systemd service:

    sudo cp deploy/systemd/barycenter.service /etc/systemd/system/
sudo systemctl daemon-reload

  6. Enable and start the service:

    sudo systemctl enable barycenter
sudo systemctl start barycenter

Management

Check status:

sudo systemctl status barycenter

View logs:

sudo journalctl -u barycenter -f

Restart service:

sudo systemctl restart barycenter

Stop service:

sudo systemctl stop barycenter

Security

The service runs with extensive security hardening:

  • Runs as non-root user
  • Private /tmp directory
  • Read-only filesystem (except data directory)
  • System call filtering
  • Memory protections
  • No new privileges

Environment Variables

You can override configuration using environment variables in the service file:

[Service]
Environment="CRABIDP__SERVER__PUBLIC_BASE_URL=https://idp.example.com"
Environment="RUST_LOG=debug"