anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(init): thread --user / --group through systemd unit templates

Browse Source 
Every decnet-*.service.j2 hardcoded User=decnet / Group=decnet. The
init CLI accepted --user / --group and used them for useradd,
chown, /etc/decnet ownership and ReadWritePaths — but the Jinja
context omitted them entirely, so

  sudo decnet init --install-dir $PWD --user anti --group anti

rendered

  User=decnet
  Group=decnet

into every unit, which at best ran the workers as a user that didn't
match the files (fails to read the venv / config), and at worst spun
a parallel system user the operator never asked for.

Swap the hardcoded lines to {{ user }} / {{ group }} across all 13
templates and add both to the Jinja context in _install_units.
This commit is contained in:
anti
2026-04-24 00:36:23 -04:00
parent 51012eaa67
commit 38832d87d5
14 changed files with 35 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
deploy/decnet-api.service.j2
View File

@@ -7,8 +7,8 @@ Requires=docker.service
[Service]
Type=simple
User=decnet
Group=decnet
User={{ user }}
Group={{ group }}
# docker.sock is group-readable by 'docker'; the API ingester tails container logs.
SupplementaryGroups=docker
WorkingDirectory={{ install_dir }}