diff --git a/README.md b/README.md index a92db37..bf02972 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,8 @@ Authenticate to Zulip using Pleroma or Mastodon. You will need to have a user on the zulip system that has permission to create new users and have an api key for it. Instructions will be added to this document at a later point. -1. `useradd -r -m -d /var/lib/fedi-auth -s /bin/bash fedi-auth` -2. clone this repo into a subdirectory in fedi-auth user's home directory +1. `useradd -r -m -d /var/lib/zulip-fedi-auth -s /bin/bash zulip-fedi-auth` +2. clone this repo into a subdirectory in zulip-fedi-auth user's home directory 3. create a venv, start it and run `pip install -r requirements.txt` 4. copy the systemd unit file into /etc/systemd/system and tailor it to your environment, and enable and start it 5. using nginx and letsencrypt or your other preference, to reverse-proxy the command under TLS at /fedi-auth/ diff --git a/service/zulip-fediverse-auth.service b/service/zulip-fediverse-auth.service index db8a0b2..b911aeb 100644 --- a/service/zulip-fediverse-auth.service +++ b/service/zulip-fediverse-auth.service @@ -9,14 +9,14 @@ Environment=API_KEY=your-api-key Environment=SECRET=your-jwt-secret Environment=PORT=8091 Environment=ZULIP=your-server.tld -Environment=DB=/var/lib/zulip-fedi/db/db.sqlite +Environment=DB=/var/lib/zulip-fedi-auth/db/db.sqlite Environment=PYTHONUNBUFFERED=1 -#ExecStart=/var/lib/zulip-fedi/venv/bin/python3 auth.py -ExecStart=/var/lib/zulip-fedi/venv/bin/gunicorn --bind 127.0.0.1:8091 auth:app -WorkingDirectory=/var/lib/zulip-fedi/zulip-fediverse-auth -User=zulip-fedi -Group=zulip-fedi +#ExecStart=/var/lib/zulip-fedi-auth/venv/bin/python3 auth.py +ExecStart=/var/lib/zulip-fedi-auth/venv/bin/gunicorn --bind 127.0.0.1:8091 auth:app +WorkingDirectory=/var/lib/zulip-fedi-auth/zulip-fediverse-auth +User=zulip-fedi-auth +Group=zulip-fedi-auth PrivateDevices=true PrivateTmp=true @@ -24,7 +24,7 @@ ProtectSystem=strict ProtectHome=true NoNewPrivileges=true CapabilityBoundingSet=~CAP_SYS_ADMIN -ReadWritePaths=/var/lib/zulip-fedi/db +ReadWritePaths=/var/lib/zulip-fedi-auth/db [Install] WantedBy=multi-user.target