fix storage

2026-01-09 16:54:39 +00:00
parent dcb54c26ec
commit 7b91e0fd24
37 changed files with 3283 additions and 1227 deletions
--- a/SYSTEMD-SERVICE-SETUP.md
+++ b/SYSTEMD-SERVICE-SETUP.md
@@ -0,0 +1,229 @@
+# Calypso Systemd Service Setup
+**Tanggal:** 2025-01-09  
+**Service:** `calypso-api.service`  
+**Status:** ✅ **ACTIVE & RUNNING**
+
+## Service File
+
+**Location:** `/etc/systemd/system/calypso-api.service`
+
+### Configuration
+
+```ini
+[Unit]
+Description=AtlasOS - Calypso API Service
+Documentation=https://github.com/atlasos/calypso
+After=network.target postgresql.service
+Wants=postgresql.service
+
+[Service]
+Type=simple
+User=calypso
+Group=calypso
+WorkingDirectory=/opt/calypso
+ExecStart=/opt/calypso/bin/calypso-api -config /opt/calypso/conf/config.yaml
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=5
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=calypso-api
+
+# Environment
+EnvironmentFile=/opt/calypso/conf/secrets.env
+Environment="CALYPSO_DB_HOST=localhost"
+Environment="CALYPSO_DB_PORT=5432"
+Environment="CALYPSO_DB_USER=calypso"
+Environment="CALYPSO_DB_NAME=calypso"
+
+# Security
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/calypso/data /opt/calypso/conf /var/log/calypso /var/lib/calypso /run/calypso
+ReadOnlyPaths=/opt/calypso/bin /opt/calypso/web /opt/calypso/releases
+
+# Resource limits
+LimitNOFILE=65536
+LimitNPROC=4096
+
+[Install]
+WantedBy=multi-user.target
+```
+
+## Service Status
+
+✅ **Status:** Active (running)  
+✅ **Enabled:** Yes (auto-start on boot)  
+✅ **PID:** Running  
+✅ **Memory:** ~12.4M  
+✅ **Port:** 8080
+
+## Service Management
+
+### Start Service
+```bash
+sudo systemctl start calypso-api
+```
+
+### Stop Service
+```bash
+sudo systemctl stop calypso-api
+```
+
+### Restart Service
+```bash
+sudo systemctl restart calypso-api
+```
+
+### Reload Configuration (without restart)
+```bash
+sudo systemctl reload calypso-api
+```
+
+### Check Status
+```bash
+sudo systemctl status calypso-api
+```
+
+### Enable/Disable Auto-start
+```bash
+# Enable auto-start on boot
+sudo systemctl enable calypso-api
+
+# Disable auto-start
+sudo systemctl disable calypso-api
+
+# Check if enabled
+sudo systemctl is-enabled calypso-api
+```
+
+## Viewing Logs
+
+### Real-time Logs (Follow Mode)
+```bash
+sudo journalctl -u calypso-api -f
+```
+
+### Last 50 Lines
+```bash
+sudo journalctl -u calypso-api -n 50
+```
+
+### Logs Since Today
+```bash
+sudo journalctl -u calypso-api --since today
+```
+
+### Logs with Timestamps
+```bash
+sudo journalctl -u calypso-api --no-pager
+```
+
+## Service Configuration Details
+
+### Working Directory
+- **Path:** `/opt/calypso`
+- **Purpose:** Base directory for application
+
+### Binary Location
+- **Path:** `/opt/calypso/bin/calypso-api`
+- **Config:** `/opt/calypso/conf/config.yaml`
+
+### Environment Variables
+- **Secrets File:** `/opt/calypso/conf/secrets.env`
+  - `CALYPSO_DB_PASSWORD` - Database password
+  - `CALYPSO_JWT_SECRET` - JWT secret key
+- **Database Config:**
+  - `CALYPSO_DB_HOST=localhost`
+  - `CALYPSO_DB_PORT=5432`
+  - `CALYPSO_DB_USER=calypso`
+  - `CALYPSO_DB_NAME=calypso`
+
+### Security Settings
+- ✅ **NoNewPrivileges:** Prevents privilege escalation
+- ✅ **PrivateTmp:** Isolated temporary directory
+- ✅ **ProtectSystem:** Read-only system directories
+- ✅ **ProtectHome:** Read-only home directories
+- ✅ **ReadWritePaths:** Only specific paths writable
+- ✅ **ReadOnlyPaths:** Application binaries read-only
+
+### Resource Limits
+- **Max Open Files:** 65536
+- **Max Processes:** 4096
+
+## Runtime Directories
+
+- **Logs:** `/var/log/calypso/` (calypso:calypso)
+- **Data:** `/var/lib/calypso/` (calypso:calypso)
+- **Runtime:** `/run/calypso/` (calypso:calypso)
+
+## Service Verification
+
+### Check Service Status
+```bash
+sudo systemctl is-active calypso-api
+# Output: active
+```
+
+### Check HTTP Endpoint
+```bash
+curl http://localhost:8080/api/v1/health
+```
+
+### Check Process
+```bash
+ps aux | grep calypso-api
+```
+
+### Check Port
+```bash
+sudo netstat -tlnp | grep 8080
+# or
+sudo ss -tlnp | grep 8080
+```
+
+## Startup Logs Analysis
+
+From initial startup logs:
+- ✅ Database connection successful
+- ✅ Connected to Bacula database
+- ✅ HTTP server started on port 8080
+- ✅ MHVTL configuration sync completed
+- ✅ Disk discovery completed (5 disks)
+- ✅ Alert rules registered
+- ✅ Monitoring services started
+- ⚠️ Warning: RRD tool not found (network monitoring optional)
+
+## Troubleshooting
+
+### Service Won't Start
+1. Check logs: `sudo journalctl -u calypso-api -n 50`
+2. Check config file: `cat /opt/calypso/conf/config.yaml`
+3. Check secrets file permissions: `ls -la /opt/calypso/conf/secrets.env`
+4. Check database connection: `sudo -u postgres psql -U calypso -d calypso`
+
+### Service Crashes/Restarts
+1. Check logs for errors: `sudo journalctl -u calypso-api --since "10 minutes ago"`
+2. Check system resources: `free -h` and `df -h`
+3. Check database status: `sudo systemctl status postgresql`
+
+### Permission Issues
+1. Check ownership: `ls -la /opt/calypso/bin/calypso-api`
+2. Check user exists: `id calypso`
+3. Check directory permissions: `ls -la /opt/calypso/`
+
+## Next Steps
+
+1. ✅ Service installed and running
+2. ⏭️ Setup reverse proxy (Caddy/Nginx) for frontend
+3. ⏭️ Configure firewall rules (if needed)
+4. ⏭️ Setup SSL/TLS certificates
+5. ⏭️ Configure monitoring/alerting
+
+---
+
+**Service Status:** ✅ **OPERATIONAL**  
+**API Endpoint:** `http://localhost:8080`  
+**Health Check:** `http://localhost:8080/api/v1/health`