anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e2c8b77546cc5d3cbcf2eed248df791f2ccd1d86
DECNET/deploy/decnet-forwarder.service.j2
anti 08436433ef fix(deploy): relocate StandardOutput/StandardError below multi-line ExecStart 
Four templates use backslash line-continuation on ExecStart
(decnet-bus, decnet-forwarder, decnet-listener, decnet-updater). My
earlier sed inserted StandardOutput= and StandardError= right after
the first ExecStart= line, which split the command and systemd fed
those two lines back to the binary as extra positional arguments —
the bus in particular crashed with:

  Got unexpected extra argument
  (StandardOutput=append:/var/log/decnet/decnet.bus.log)

Walk the ExecStart block (follow \-continuation lines) and insert
the two Standard* directives AFTER the last continuation line. The
nine single-line ExecStart templates are unaffected in shape but
re-written through the same path to keep the whole set uniform.
2026-04-24 01:03:58 -04:00

50 lines
1.6 KiB
Django/Jinja
Raw Blame History

[Unit]
Description=DECNET Syslog-over-TLS Forwarder (worker, RFC 5425)
Documentation=https://git.resacachile.cl/anti/DECNET/wiki/Logging-and-Syslog
After=network-online.target
Wants=network-online.target
# The forwarder can run independently of the agent — it only needs the local
# log file to exist and the master to be reachable.
[Service]
Type=simple
User={{ user }}
Group={{ group }}
WorkingDirectory={{ install_dir }}
EnvironmentFile=-{{ install_dir }}/.env.local
# Replace <master-host> with the master's LAN address or hostname. The agent
# cert bundle at /etc/decnet/agent is reused — the forwarder presents the same
# worker identity when it connects to the master's listener.
Environment=DECNET_SYSTEM_LOGS=/var/log/decnet/decnet.forwarder.log
ExecStart={{ venv_dir }}/bin/decnet forwarder \
--log-file /var/log/decnet/decnet.log \
--master-host ${DECNET_SWARM_MASTER_HOST} \
--master-port 6514 \
--agent-dir /etc/decnet/agent
StandardOutput=append:/var/log/decnet/decnet.forwarder.log
StandardError=append:/var/log/decnet/decnet.forwarder.log
# TLS client connection; no special capabilities.
CapabilityBoundingSet=
AmbientCapabilities=
# Security Hardening
NoNewPrivileges=yes
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictSUIDSGID=yes
LockPersonality=yes
# Reads the tailed log; writes a small byte-offset state file alongside it.
ReadWritePaths=/var/log/decnet
ReadOnlyPaths=/etc/decnet
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink