Zoran Peričić
583e9f497b
Self-hosted Turborepo remote cache server packaged as a Fedora RPM
with the same base + -service + -container split used by the gitea
package.
- Base: dynamic sysusers turbo-cache user, /etc/turborepo-remote-cache
config dir with config.env token template, /var/cache storage dir
- -service: native Node.js systemd unit, app installed to
%{nodejs_sitelib}/turborepo-remote-cache with pnpm-vendored
production node_modules (built via fetch-sources.sh)
- -container: Podman quadlet pinned to
docker.io/ducktors/turborepo-remote-cache:2.8.2
- Listens on 127.0.0.1:3128; runners reach via host.containers.internal
29 lines
701 B
Desktop File
29 lines
701 B
Desktop File
[Unit]
|
|
Description=Turborepo Remote Cache server
|
|
Documentation=https://github.com/ducktors/turborepo-remote-cache
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=turbo-cache
|
|
Group=turbo-cache
|
|
EnvironmentFile=/etc/turborepo-remote-cache/config.env
|
|
ExecStart=/usr/bin/node --enable-source-maps /usr/lib/node_modules/turborepo-remote-cache/dist/index.js
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
# Hardening
|
|
NoNewPrivileges=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectControlGroups=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
ReadWritePaths=/var/cache/turborepo-remote-cache
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|