Initial package: turborepo-remote-cache 2.8.2
Self-hosted Turborepo remote cache server packaged as a Fedora RPM
with the same base + -service + -container split used by the gitea
package.
- Base: dynamic sysusers turbo-cache user, /etc/turborepo-remote-cache
config dir with config.env token template, /var/cache storage dir
- -service: native Node.js systemd unit, app installed to
%{nodejs_sitelib}/turborepo-remote-cache with pnpm-vendored
production node_modules (built via fetch-sources.sh)
- -container: Podman quadlet pinned to
docker.io/ducktors/turborepo-remote-cache:2.8.2
- Listens on 127.0.0.1:3128; runners reach via host.containers.internal
This commit is contained in:
28
turborepo-remote-cache.service
Normal file
28
turborepo-remote-cache.service
Normal file
@@ -0,0 +1,28 @@
|
||||
[Unit]
|
||||
Description=Turborepo Remote Cache server
|
||||
Documentation=https://github.com/ducktors/turborepo-remote-cache
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=turbo-cache
|
||||
Group=turbo-cache
|
||||
EnvironmentFile=/etc/turborepo-remote-cache/config.env
|
||||
ExecStart=/usr/bin/node --enable-source-maps /usr/lib/node_modules/turborepo-remote-cache/dist/index.js
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
|
||||
# Hardening
|
||||
NoNewPrivileges=yes
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectControlGroups=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
ReadWritePaths=/var/cache/turborepo-remote-cache
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user