From c9fa127cd8113a57b9b0de30da757505904ac268 Mon Sep 17 00:00:00 2001
From: "Maxime Alves LIRMM@home" <maxime.alves@lirmm.fr>
Date: Tue, 14 Jul 2020 23:39:09 +0200
Subject: [PATCH] [etc] added system-configuration files for systemd and nginx

---
 conf/env.merles                |  3 +++
 conf/nginx/api                 | 20 ++++++++++++++++++++
 conf/systemd/lirmm_api.service | 26 ++++++++++++++++++++++++++
 conf/systemd/lirmm_api.socket  | 13 +++++++++++++
 4 files changed, 62 insertions(+)
 create mode 100644 conf/env.merles
 create mode 100644 conf/nginx/api
 create mode 100644 conf/systemd/lirmm_api.service
 create mode 100644 conf/systemd/lirmm_api.socket

diff --git a/conf/env.merles b/conf/env.merles
new file mode 100644
index 0000000..84a379f
--- /dev/null
+++ b/conf/env.merles
@@ -0,0 +1,3 @@
+DEV=1
+DEBUG=1
+DEBUG_ACL=public
diff --git a/conf/nginx/api b/conf/nginx/api
new file mode 100644
index 0000000..5d7666a
--- /dev/null
+++ b/conf/nginx/api
@@ -0,0 +1,20 @@
+server {
+  listen 8080;
+  client_max_body_size 4G;
+
+  server_name api.lirmm.fr;
+
+  location / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_pass http://uvicorn;
+  }
+}
+
+upstream uvicorn {
+  server unix:/var/lib/api/lirmm_api.sock;
+}
+
diff --git a/conf/systemd/lirmm_api.service b/conf/systemd/lirmm_api.service
new file mode 100644
index 0000000..916ad47
--- /dev/null
+++ b/conf/systemd/lirmm_api.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=LIRMM API daemon
+Requires=lirmm_api.socket
+After=network.target
+
+[Service]
+Type=simple
+# the specific user that our service will run as
+User=api
+Group=www-data
+# another option for an even more restricted service is
+# DynamicUser=yes
+# see http://0pointer.net/blog/dynamic-users-with-systemd.html
+RuntimeDirectory=api
+WorkingDirectory=/var/lib/api/halfapi
+EnvironmentFile=/var/lib/api/halfapi/conf/env.merles-dev
+ExecStart=/var/lib/api/.pyvenv/halfapi-MLzQW5Lp-py3.7/bin/uvicorn \
+	--uds /var/lib/api/lirmm_api.sock \
+	halfapi.app:app
+ExecReload=/bin/kill -s HUP $MAINPID
+KillMode=mixed
+TimeoutStopSec=5
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/conf/systemd/lirmm_api.socket b/conf/systemd/lirmm_api.socket
new file mode 100644
index 0000000..c8c0e40
--- /dev/null
+++ b/conf/systemd/lirmm_api.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=uvicorn socket
+
+[Socket]
+ListenStream=/var/lib/api/lirmm_api.sock
+User=api
+SocketUser=api
+SocketGroup=www-data
+# Optionally restrict the socket permissions even more.
+# Mode=600
+
+[Install]
+WantedBy=sockets.target