instructions and a systemd unit file
This commit is contained in:
parent
c1e67fc512
commit
c5c2d4fb33
11
README.md
11
README.md
|
@ -1,3 +1,12 @@
|
|||
# zulip-fediverse-auth
|
||||
|
||||
Authenticate to Zulip using Pleroma or Mastodon.
|
||||
Authenticate to Zulip using Pleroma or Mastodon.
|
||||
|
||||
You will need to have a user on the zulip system that has permission to create new users and have an api key for it.
|
||||
Instructions will be added to this document at a later point.
|
||||
|
||||
1. `useradd -r -m -d /var/lib/fedi-auth -s /bin/bash fedi-auth`
|
||||
2. clone this repo into a subdirectory in fedi-auth user's home directory
|
||||
3. create a venv, start it and run `pip install -r requirements.txt`
|
||||
4. copy the systemd unit file into /etc/systemd/system and tailor it to your environment, and enable and start it
|
||||
5. using nginx and letsencrypt or your other preference, to reverse-proxy the command under TLS at /fedi-auth/
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
[Unit]
|
||||
Description=Zulip Fediverse Authentication
|
||||
Before=nginx.service
|
||||
|
||||
[Service]
|
||||
# Zulip API key for user with create user rights
|
||||
Environment=API_KEY=your-api-key
|
||||
# JWT secret
|
||||
Environment=SECRET=your-jwt-secret
|
||||
Environment=PORT=8091
|
||||
Environment=ZULIP=your-server.tld
|
||||
Environment=DB=/var/lib/zulip-fedi/db/db.sqlite
|
||||
Environment=PYTHONUNBUFFERED=1
|
||||
|
||||
#ExecStart=/var/lib/zulip-fedi/venv/bin/python3 auth.py
|
||||
ExecStart=/var/lib/zulip-fedi/venv/bin/gunicorn --bind 127.0.0.1:8091 auth:app
|
||||
WorkingDirectory=/var/lib/zulip-fedi/zulip-fediverse-auth
|
||||
User=zulip-fedi
|
||||
Group=zulip-fedi
|
||||
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
NoNewPrivileges=true
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN
|
||||
ReadWritePaths=/var/lib/zulip-fedi/db
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue