38b86127ed
- server/deploy.sh: KEBOOLA_ENV_FILE -> SYNC_ENV_FILE - server/ws-gateway.service, notify-bot.service: remove Keboola from descriptions - .gitignore: generic comment for data directory - CLAUDE.md, README.md, ARCHITECTURE.md: update paths from src/adapters to connectors/ - docs/DATA_SOURCES.md: update custom connector guide to connectors/ pattern - connectors/jira/README.md: keboola-analyst -> data-analyst in config paths - dev_docs/desktop-app.md: KeboolaAnalyst -> DataAnalyst branding
31 lines
856 B
Desktop File
31 lines
856 B
Desktop File
[Unit]
|
|
Description=Data Analyst Telegram Notification Bot
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=deploy
|
|
Group=data-ops
|
|
WorkingDirectory=/opt/data-analyst/repo
|
|
ExecStart=/opt/data-analyst/.venv/bin/python -m server.telegram_bot.bot
|
|
Restart=always
|
|
RestartSec=10
|
|
|
|
# Environment (webapp .env + sync .env with bot token)
|
|
EnvironmentFile=/opt/data-analyst/.env
|
|
EnvironmentFile=/opt/data-analyst/repo/.env
|
|
|
|
# Socket directory: /run/notify-bot/ (mode 0755, accessible to all analysts)
|
|
RuntimeDirectory=notify-bot
|
|
RuntimeDirectoryMode=0755
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=false # Bot needs sudo -u to run user scripts on demand
|
|
ProtectSystem=strict
|
|
ProtectHome=read-only
|
|
ReadWritePaths=/data/notifications /tmp
|
|
PrivateTmp=false # Bot must read image files from users' /tmp/
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|