Harden UI security and add deployment templates

2026-05-16 11:22:02 +07:00
parent 1ac66ec4ac
commit 0fd64307b7
12 changed files with 962 additions and 210 deletions
--- a/deploy/ignis-core.service
+++ b/deploy/ignis-core.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=Ignis Core FastAPI service
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=ignis
+Group=ignis
+WorkingDirectory=/opt/ignis/ignis-core
+EnvironmentFile=/etc/ignis-core/ignis-core.env
+ExecStart=/opt/ignis/ignis-core/.venv/bin/python -m uvicorn main:app --host 0.0.0.0 --port 8000
+Restart=on-failure
+RestartSec=3
+TimeoutStopSec=20
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+ReadWritePaths=/opt/ignis/ignis-core /var/lib/ignis-core
+StateDirectory=ignis-core
+
+[Install]
+WantedBy=multi-user.target