f2d3d156e3
Extract 4 self-contained services into services/ module: - server/telegram_bot/ -> services/telegram_bot/ - server/ws_gateway/ -> services/ws_gateway/ - server/corporate_memory/ -> services/corporate_memory/ - server/session_collector.py -> services/session_collector/ Each service now has its own systemd/ directory with .service and .timer files. deploy.sh updated to auto-discover service units from services/*/systemd/*. server/ now contains only deployment infrastructure (deploy.sh, setup scripts, bin/ management tools, sudoers, nginx config). All imports updated: webapp/app.py, server/bin/ scripts, systemd ExecStart paths.
31 lines
854 B
Desktop File
31 lines
854 B
Desktop File
[Unit]
|
|
Description=Data Analyst Telegram Notification Bot
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=deploy
|
|
Group=data-ops
|
|
WorkingDirectory=/opt/data-analyst/repo
|
|
ExecStart=/opt/data-analyst/.venv/bin/python -m services.telegram_bot
|
|
Restart=always
|
|
RestartSec=10
|
|
|
|
# Environment (webapp .env + sync .env with bot token)
|
|
EnvironmentFile=/opt/data-analyst/.env
|
|
EnvironmentFile=/opt/data-analyst/repo/.env
|
|
|
|
# Socket directory: /run/notify-bot/ (mode 0755, accessible to all analysts)
|
|
RuntimeDirectory=notify-bot
|
|
RuntimeDirectoryMode=0755
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=false # Bot needs sudo -u to run user scripts on demand
|
|
ProtectSystem=strict
|
|
ProtectHome=read-only
|
|
ReadWritePaths=/data/notifications /tmp
|
|
PrivateTmp=false # Bot must read image files from users' /tmp/
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|