Initial implementation of mcq — document reading queue

Single-binary service: push raw markdown via REST/gRPC API, read rendered HTML through mobile-friendly web UI. MCIAS auth on all endpoints, SQLite storage, goldmark rendering with GFM and syntax highlighting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 11:53:26 -07:00
commit bc1627915e
36 changed files with 3773 additions and 0 deletions
--- a/deploy/examples/mcq.toml.example
+++ b/deploy/examples/mcq.toml.example
@@ -0,0 +1,16 @@
+[server]
+listen_addr = ":8443"
+grpc_addr   = ":9443"
+tls_cert    = "srv/cert.pem"
+tls_key     = "srv/key.pem"
+
+[database]
+path = "srv/mcq.db"
+
+[mcias]
+server_url   = "https://mcias.svc.metacircular.net:8443"
+service_name = "mcq"
+tags         = []
+
+[log]
+level = "info"
--- a/deploy/systemd/mcq.service
+++ b/deploy/systemd/mcq.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=MCQ Document Queue
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/mcq server --config /srv/mcq/mcq.toml
+WorkingDirectory=/srv/mcq
+Restart=on-failure
+RestartSec=5
+User=mcq
+Group=mcq
+
+# Security hardening
+NoNewPrivileges=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/srv/mcq
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+
+[Install]
+WantedBy=multi-user.target