mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-28 03:52:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
gotosocial/example/gotosocial.service
tobi 82216281ce [chore/docs] Fix Prometheus metric names for Gin, include example Grafana dash, update docs (#4443) 
# Description

> If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements.
>
> If this is a documentation change, please briefly describe what you've changed and why.

This pull request updates some of our inconsistent metric naming, and adds an example Grafana dashboard using all the most up-to-date metrics names, and updates our docs to describe the latest way of setting up metrics.

Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4362
Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4055

## Checklist

Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]`

If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).

- [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md).
- [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
- [x] I/we have not leveraged AI to create the proposed changes.
- [x] I/we have performed a self-review of added code.
- [x] I/we have written code that is legible and maintainable by others.
- [x] I/we have commented the added code, particularly in hard-to-understand areas.
- [x] I/we have made any necessary changes to documentation.
- [ ] I/we have added tests that cover new code.
- [x] I/we have run tests and they pass locally with the changes.
- [x] I/we have run `go fmt ./...` and `golangci-lint run`.

Co-authored-by: kim <grufwub@gmail.com>
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4443
Reviewed-by: kim <gruf@noreply.codeberg.org>
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>
2025-09-18 16:48:45 +02:00

68 lines
3 KiB
Desktop File
Raw Permalink Blame History

[Unit]
Description=GoToSocial Server
[Service]
# make sure this user and group exist and have read and write permissions in your GoToSocial folder.
# if they do not exist yet create them with "sudo useradd -r gotosocial"
# then give them permission with "chown -R gotosocial:gotosocial /gotosocial" (path to your gotosocial folder)
# you can adjust the users name according to your setup
User=gotosocial
Group=gotosocial
Type=exec
Restart=on-failure
# For speedier restart times, you can uncomment the following Environment line to have GoToSocial cache compiled
# Wazero artifacts in the given directory between restarts, so that it doesn't need to compile on startup every time.
#
# You may need to change the exact path depending on where you've got GoToSocial installed, for example if you've
# installed at "~/gotosocial" then change the value to "GTS_WAZERO_COMPILATION_CACHE=~/gotosocial/.cache".
#
# Whatever you do, make sure the dir exists and that the gotosocial user has permission to write + read from it.
#Environment="GTS_WAZERO_COMPILATION_CACHE=/gotosocial/.cache"
# If you have set `metrics-enabled` to `true` in your GoToSocial config file, and you want
# to expose Prometheus metrics at localhost:9464/metrics, uncomment the following two lines:
#Environment="OTEL_METRICS_EXPORTER=prometheus"
#Environment="OTEL_METRICS_PRODUCERS=prometheus"
# change if your path to the GoToSocial binary is different
ExecStart=/gotosocial/gotosocial --config-path config.yaml server start
WorkingDirectory=/gotosocial
# Sandboxing options to harden security
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
# You might need this if you are running as non-root on a privileged port (below 1024)
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=default.target
# After you are done editing this file move it to "/etc/systemd/system/gotosocial.service" and enable the service with "sudo systemctl enable --now gotosocial.service"
Reference in a new issue View git blame Copy permalink