Add status command, deployment infrastructure, and fix proto paths

Rename proto/gen directories from mc-proxy to mc_proxy for valid protobuf package naming. Add CLI status subcommand for querying running instance health via gRPC. Add systemd backup service/timer and backup pruning script. Add buf.yaml and proto-lint Makefile target. Add shutdown_timeout config field. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 08:34:37 -07:00
parent dc04a070a3
commit f1e9834bd3
15 changed files with 297 additions and 120 deletions
--- a/deploy/scripts/install.sh
+++ b/deploy/scripts/install.sh
@@ -21,6 +21,7 @@ echo "Installed ${BINARY}."
 # Create data directory structure.
 install -d -o "${SERVICE}" -g "${SERVICE}" -m 0700 "${DATA_DIR}"
 install -d -o "${SERVICE}" -g "${SERVICE}" -m 0700 "${DATA_DIR}/backups"
+install -d -o "${SERVICE}" -g "${SERVICE}" -m 0700 "${DATA_DIR}/certs"
 echo "Created ${DATA_DIR}/."

 # Install example config if none exists.
@@ -33,10 +34,14 @@ fi

 # Install systemd units.
 install -m 0644 "${REPO_DIR}/deploy/systemd/${SERVICE}.service" "${UNIT_DIR}/"
+install -m 0644 "${REPO_DIR}/deploy/systemd/${SERVICE}-backup.service" "${UNIT_DIR}/"
+install -m 0644 "${REPO_DIR}/deploy/systemd/${SERVICE}-backup.timer" "${UNIT_DIR}/"
 systemctl daemon-reload
-echo "Installed systemd unit ${SERVICE}.service."
+echo "Installed systemd units."

 echo ""
 echo "Done. Next steps:"
 echo "  1. Edit ${DATA_DIR}/${SERVICE}.toml"
-echo "  2. systemctl enable --now ${SERVICE}"
+echo "  2. Place TLS certs in ${DATA_DIR}/certs/ (if using gRPC admin API)"
+echo "  3. systemctl enable --now ${SERVICE}"
+echo "  4. systemctl enable --now ${SERVICE}-backup.timer"
--- a/deploy/scripts/prune-backups.sh
+++ b/deploy/scripts/prune-backups.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -eu
+
+# Prune mc-proxy database backups older than RETAIN_DAYS (default 30).
+BACKUP_DIR="/srv/mc-proxy/backups"
+RETAIN_DAYS="${1:-30}"
+
+if [ ! -d "${BACKUP_DIR}" ]; then
+    echo "Backup directory ${BACKUP_DIR} does not exist."
+    exit 0
+fi
+
+find "${BACKUP_DIR}" -name "mc-proxy-*.db" -type f -mtime "+${RETAIN_DAYS}" -delete
+echo "Pruned backups older than ${RETAIN_DAYS} days from ${BACKUP_DIR}."
--- a/deploy/systemd/mc-proxy-backup.service
+++ b/deploy/systemd/mc-proxy-backup.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=mc-proxy database backup
+After=mc-proxy.service
+
+[Service]
+Type=oneshot
+User=mc-proxy
+Group=mc-proxy
+ExecStart=/usr/local/bin/mc-proxy snapshot --config /srv/mc-proxy/mc-proxy.toml
+ExecStartPost=/usr/bin/find /srv/mc-proxy/backups -name "mc-proxy-*.db" -type f -mtime +30 -delete
+
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictNamespaces=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+RestrictRealtime=true
+ReadWritePaths=/srv/mc-proxy
--- a/deploy/systemd/mc-proxy-backup.timer
+++ b/deploy/systemd/mc-proxy-backup.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Daily mc-proxy database backup
+
+[Timer]
+OnCalendar=*-*-* 02:00:00 UTC
+RandomizedDelaySec=300
+Persistent=true
+
+[Install]
+WantedBy=timers.target