76cac77259
Security: - Bot registration restricted to BotFather (requires botfather_token) - Direct POST /v1/bot/register without BotFather auth → rejected Deploy: - systemd service reads /home/warzone/server.env for EXTRA_ARGS - deploy/warzone-server.env.mequ: no bots (default) - deploy/warzone-server.env.kh3rad3ree: --enable-bots - setup.sh copies per-hostname env file Docs updated: - LLM_HELP.md: BotFather flow, plaintext bot messaging, E2E option, bridge - LLM_BOT_DEV.md: botfather_token requirement, E2E mode, bridge section - BOT_API.md: full BotFather flow, ownership, numeric IDs, webhook delivery - SERVER.md: --enable-bots flag, per-instance config, bot system section - USAGE.md: bot messaging, BotFather, bridge tool Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
29 lines
737 B
Desktop File
29 lines
737 B
Desktop File
[Unit]
|
|
Description=Warzone Messenger Server (featherChat)
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=warzone
|
|
Group=warzone
|
|
WorkingDirectory=/home/warzone
|
|
EnvironmentFile=-/home/warzone/server.env
|
|
ExecStart=/home/warzone/warzone-server --bind 0.0.0.0:7700 --data-dir /home/warzone/data --federation /home/warzone/federation.json $EXTRA_ARGS
|
|
Restart=always
|
|
RestartSec=3
|
|
LimitNOFILE=65536
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=read-only
|
|
ReadWritePaths=/home/warzone/data
|
|
PrivateTmp=yes
|
|
|
|
# Environment — warn-only to minimize disk usage (set to info for debugging)
|
|
Environment=RUST_LOG=warn,warzone_server::federation=info
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|