From e4ab51f696f86640f163de5639e1f363261f2a61 Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Fri, 17 Apr 2026 22:19:21 +0800 Subject: [PATCH 1/4] added systemd example to README --- README.md | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/README.md b/README.md index b52fb8e..0647181 100644 --- a/README.md +++ b/README.md @@ -85,3 +85,73 @@ All routes are served over HTTPS under the `/fmsgid` path. | `GET` | `/fmsgid/:address` | Lookup an fmsg address and return its details including display name, quotas, and usage. The address must be in fmsg format (`@user@example.com`). Returns `AddressDetail` JSON on success, `400` if the address is invalid, `404` if not found. | | `POST` | `/fmsgid/send` | Record a send transaction. Accepts an `AddressTx` JSON body with `address`, `ts` (timestamp), and `size`. | | `POST` | `/fmsgid/recv` | Record a receive transaction. Accepts an `AddressTx` JSON body with `address`, `ts` (timestamp), and `size`. | + +### systemd + +An example systemd service to run fmsgid as a service on startup + +ASSUMES: +* Directory `/opt/fmsgid` has been created and contains built executable: `fmsgid` +* Text file `/opt/fmsgid/env` exists containing environment variables (example below) +* User `fmsg` has been created and has + - read and execute permissions to `/opt/fmsgid/`, e.g. with `chown -R fmsg:fmsg /opt/fmsgid` after `mkdir /opt/fmsgid` + - write permissions to FMSG_DATA_DIR + +`/etc/systemd/system/fmsgid.service` + +``` +[Unit] +Description=fmsgid HTTP API +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple + +User=fmsg +Group=fmsg + +EnvironmentFile=/opt/fmsgid/env + +ExecStart=/opt/fmsgid/fmsgid 0.0.0.0 +WorkingDirectory=/opt/fmsgid + +Restart=on-failure +RestartSec=3 + +# --- Filesystem access --- +ReadWritePaths=/opt/fmsgid + +# --- Hardening --- +NoNewPrivileges=true +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true + +# --- Logging --- +StandardOutput=journal +StandardError=journal + +[Install] +WantedBy=multi-user.target +``` + +### env + +``` +GIN_MODE=release +FMSGID_PORT=8080 +FMSGID_CSV_FILE=addresses.csv + +PGHOST=127.0.0.1 +PGPORT=5432 +PGUSER= +PGPASSWORD= +PGDATABASE=fmsgid +``` + +``` +sudo systemctl daemon-reload +sudo systemctl enable fmsgid +sudo systemctl start fmsgid +``` \ No newline at end of file From 4bc9e30e6c50d31e6ee5e13d5f00fce46084b35b Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Fri, 17 Apr 2026 22:20:34 +0800 Subject: [PATCH 2/4] fix ExecStart --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0647181..ccc7c70 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ Group=fmsg EnvironmentFile=/opt/fmsgid/env -ExecStart=/opt/fmsgid/fmsgid 0.0.0.0 +ExecStart=/opt/fmsgid/fmsgid WorkingDirectory=/opt/fmsgid Restart=on-failure From d8813b77d9c3bbf738dfc25acc716a3c66888995 Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Fri, 17 Apr 2026 22:31:37 +0800 Subject: [PATCH 3/4] PrivateTmp=true --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ccc7c70..f598b02 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,7 @@ RestartSec=3 # --- Filesystem access --- ReadWritePaths=/opt/fmsgid +PrivateTmp=true # --- Hardening --- NoNewPrivileges=true From ff2e1f20821e50b1e8d66607cf97f78cc0f551fb Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Fri, 17 Apr 2026 22:40:22 +0800 Subject: [PATCH 4/4] write permission paths --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f598b02..356e8e9 100644 --- a/README.md +++ b/README.md @@ -90,12 +90,12 @@ All routes are served over HTTPS under the `/fmsgid` path. An example systemd service to run fmsgid as a service on startup -ASSUMES: +ASSUMES: * Directory `/opt/fmsgid` has been created and contains built executable: `fmsgid` * Text file `/opt/fmsgid/env` exists containing environment variables (example below) * User `fmsg` has been created and has - read and execute permissions to `/opt/fmsgid/`, e.g. with `chown -R fmsg:fmsg /opt/fmsgid` after `mkdir /opt/fmsgid` - - write permissions to FMSG_DATA_DIR + - write permissions to `/opt/fmsgid` and to the path specified by `FMSGID_CSV_FILE` if it is outside `/opt/fmsgid` `/etc/systemd/system/fmsgid.service`