[etc] added system-configuration files for systemd and nginx

conf/env.merles

@@ -0,0 +1,3 @@
+DEV=1
+DEBUG=1
+DEBUG_ACL=public

conf/nginx/api

@@ -0,0 +1,20 @@
+server {
+  listen 8080;
+  client_max_body_size 4G;
+
+  server_name api.lirmm.fr;
+
+  location / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_pass http://uvicorn;
+  }
+}
+
+upstream uvicorn {
+  server unix:/var/lib/api/lirmm_api.sock;
+}
+

conf/systemd/lirmm_api.service

@@ -0,0 +1,26 @@
+[Unit]
+Description=LIRMM API daemon
+Requires=lirmm_api.socket
+After=network.target
+
+[Service]
+Type=simple
+# the specific user that our service will run as
+User=api
+Group=www-data
+# another option for an even more restricted service is
+# DynamicUser=yes
+# see http://0pointer.net/blog/dynamic-users-with-systemd.html
+RuntimeDirectory=api
+WorkingDirectory=/var/lib/api/halfapi
+EnvironmentFile=/var/lib/api/halfapi/conf/env.merles-dev
+ExecStart=/var/lib/api/.pyvenv/halfapi-MLzQW5Lp-py3.7/bin/uvicorn \
+	--uds /var/lib/api/lirmm_api.sock \
+	halfapi.app:app
+ExecReload=/bin/kill -s HUP $MAINPID
+KillMode=mixed
+TimeoutStopSec=5
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target

conf/systemd/lirmm_api.socket

@@ -0,0 +1,13 @@
+[Unit]
+Description=uvicorn socket
+
+[Socket]
+ListenStream=/var/lib/api/lirmm_api.sock
+User=api
+SocketUser=api
+SocketGroup=www-data
+# Optionally restrict the socket permissions even more.
+# Mode=600
+
+[Install]
+WantedBy=sockets.target