Verified Commit a5ee5977 authored by anarcat's avatar anarcat
Browse files

document a systemd deployment

This hasn't actually been tested but, really, "how hard can this be?"

We're pretty good at avoiding race conditions (by moving stuff to
`dangerzone/processing`, mostly) but we definitely should avoid two
processors in parallel. Thankfully, it seems that systemd takes care
of this for us and will not run two services in parallel.

Obviously, the user can still shoot themselves in the foot and run
another processor in parallel, but that's when our race avoidance
stuff should save us.

Closes: #1
parent 11b480c1
......@@ -98,6 +98,52 @@ in the `Files` dialog, under `Settings` (at the bottom left), in the
The above will process *all* folders (except the special ones) and, on
success, dump the sanitized files in the `safe/` special folder.
The above can be done in a loop to continually process files, but
obviously a better deployment mechanism is preferred, see below for
systemd support.
## Running under systemd
As can be seen above, the processor is expected to be ran every time
there are new files to process. A simple way to do this is to deploy
the systemd unit files provided along the script.
First install the script in a standard location, for example:
install processor.py /usr/local/bin/dangerzone-webdav-processor
Then add a role user for the project, grant it access to the Docker
daemon:
adduser --systemd dangerzone
adduser dangerzone docker
Add the configuration file to
`/etc/default/dangerzone-webdav-processor`, with the following syntax:
WEBDAV_LOCATION=https://example.com/remote.php/dav/files/dangerzone-bot/
WEBDAV_USERNAME=dangerzone-bot
WEBDAV_PASSWORD=[REDACTED]
Those are equivalent to the `--location`, `--username`, and
`--password` parameters, documented above.
Then deploy the systemd scripts:
cp dangerzone-webdav-processor.{timer,service} /etc/systemd/system/
systemctl daemon-reload
systemctl enable dangerzone-webdav-processor.{timer,service}
systemctl start dangerzone-webdav-processor.timer
You can then run the service by hand with:
systemctl start dangerzone-webdav-processor.service
Or wait for the timer to expire (one hour). In any case, you can see
the output of the job with:
systemctl status dangerzone-webdav-processor.service
# Contributing
See the [contribution guide](CONTRIBUTING.md) for more information on how to
......
[Unit]
Description=Dangerzone WebDAV processor
After=networking.service
[Service]
User=dangerzone
Type=oneshot
Nice=10
EnvironmentFile=/etc/default/dangerzone-webdav-processor
ExecStart=/usr/bin/dangerzone-webdav-processor
[Unit]
Description=run Dangerzone WebDAV processor
[Timer]
OnCalendar=hourly
[Install]
WantedBy=timers.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment