website Changeset - 03e06738a00c · Conservancy Kallithea

Changeset - 03e06738a00c

Parent rev.

Child rev.

[Not reviewed]

0 5 1

Ben Sturmfels (bsturmfels) - 5 months ago 2023-11-23 23:01:34
ben@sturm.com.au

Add conservancy-www-db.service to repository, document Systemd services

6 files changed with 55 insertions and 3 deletions:

TODO.md

systemd/README.md

systemd/conservancy-www-cleanup.service

systemd/conservancy-www-db.service

systemd/conservancy-www-update.service

systemd/conservancy-www-update.sh

0 comments (0 inline, 0 general)

TODO.md

➞

Show inline comments

 # To-do
-* consider running the /etc/systemd/system/conservancy-www-db.service on a timer so it doesn't require an Apache restart (and brief outage) - document this service too
 * consider running the /etc/systemd/system/conservancy-www-db.service on a timer so it doesn't require an Apache restart (and brief outage)
 * use `<detail>` elements for supporter page hidden sections, rather than complex jQuery - or consider Alpine.js
 * replace `internalNavigate` with inline flexbox layout
 * migrate to Django 4.2

systemd/README.md

➞

Show inline comments

 Install with:
 # SystemD services
 ## Installing
 Install all SystemD services with:
     cp systemd/conservancy-www-*.{service,timer} /etc/systemd/system
     systemctl enable conservancy-www-cleanup.service
     systemctl start conservancy-www-cleanup.service
     systemctl enable conservancy-www-update.timer
     systemctl start conservancy-www-update.timer
     systemctl enable conservancy-www-db.service
 ##  Website updates
 Monitor with:
+Monitor the website update service with:
     systemctl list-timers --all
     journalctl --catalog --follow --unit conservancy-www-update.service
@@ ... @@
     git branch --set-upstream-to=upstream/master master
 Note that the update script does not run `migrate`.
 ## Fundraiser/sustainer database updates
 The `conservancy-www-db.service` applies SQL updates to the website
 database. These include the fundraising total and sustainers to be publicly
 acknowledged.

systemd/conservancy-www-cleanup.service

➞

Show inline comments

 # Remove old Django login sessions.
 [Unit]
 Description=Cleanup Conservancy website
 Before=apache2.service

systemd/conservancy-www-db.service

➞

Show inline comments

 new file 100644
 # Update the fundraiser total/sustainer list from an SQL file on Apache restart.
 [Unit]
 Description=Update Conservancy website database
 Before=apache2.service
 [Service]
 Type=oneshot
 User=www-data
 ExecStart=/usr/bin/sqlite3 -bail /var/lib/www/database/conservancy-website.sqlite3 ".timeout 30000" "BEGIN TRANSACTION;" ".read /home/debian/django-supporters-list.sql" "COMMIT;"
 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
 CapabilityBoundingSet=
 NoNewPrivileges=true
 PrivateDevices=true
 PrivateNetwork=true
 PrivateTmp=true
 PrivateUsers=false
 ProtectControlGroups=true
 ProtectHome=read-only
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectSystem=strict
 ReadWritePaths=/var/lib/www/database
 [Install]
 WantedBy=apache2.service

systemd/conservancy-www-update.service

➞

Show inline comments

 # Run the website update script (see also: conservancy-www-update.timer).
 [Unit]
 Description=Update Conservancy website checkout

systemd/conservancy-www-update.sh

➞

Show inline comments

 #!/bin/sh
 # Pull in and apply Conservancy website updates from the git repository.
+#
 # This is intended to be run on a timer. Note that it does *not* restart the
 # Django application or run the migrate and collectstatic commands.
 set -e
 set -u
 set -x

0 comments (0 inline, 0 general)