Brijesh's Git Server — watchman @ main

observability tool, needs to be rewritten once identity is stable

Installation.adoc (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 
= Installation instructions

This guide assumes you are using Linux for deploying Watchman and are
comfortable with using the command line.

____
If you are using Linux with OpenRC, or other OS like BSD distributions you should be
following same steps changing service manager with rcctl, OpenRC or whatever
service manager your OS uses. I will be using Systemctl in this
guide.
____


== System Requirements

Watchman is designed for usage with side projects and so it is important
that it is lightweight.

While it is possible to run Watchman on most computers, these are
recommended system requirements:

- 512 MB RAM
- 1 CPU Core
- 500 MB Disk Space

== Pre-requisites

Watchman requires these dependencies to be installed on your computer:

- Go 1.22 or later
- SQLite3

== Installation

Follow these steps to install Watchman:

=== Create watchman group and user:

[source,bash]
----
sudo groupadd watchman
sudo useradd -m -d /home/watchman -s /bin/bash -g watchman watchman

# Set password for the new user
sudo passwd watchman

# Change ownership of the home directory
sudo chown -R watchman:watchman /home/watchman

# Switch to the new user
su - watchman

# Create bin for this user and add it to PATH
mkdir /home/watchman/bin
echo 'export PATH=$PATH:/home/watchman/bin' >> ~/.bashrc
source ~/.bashrc
----

=== Build watchman from source:

[source,bash]
----
# Clone the repository
git clone <git@brijesh.dev>/watchman.git
cd watchman

# Build the binary
go mod tidy
go build -o watchman main.go

# Move the binary to the bin directory
mv watchman /home/watchman/bin
----

=== Create systemd config file:

[source,bash]
----
touch /etc/systemd/system/watchman.service
mkdir -p ~/.config/watchman
cp /home/watchman/watchman/config.yaml ~/.config/watchman/config.yaml
----

Add the following content to the file:
....
[Unit]
Description="Watchman Service"
User=watchman
Group=watchman
Documentation=<https://brijesh.dev/watchman>
Requires=network-online.target
After=network-online.target

[Service]
Type=simple
Restart=always
RestartSec=1
ExecStart=/home/watchman/bin/watchman

[Install]
WantedBy=multi-user.target
....

=== Start and enable the service:

[source,bash]
----
sudo systemctl daemon-reload
sudo systemctl start watchman.service
sudo systemctl enable watchman.service
----
---

== Server Hardening

If you’ve followed the steps so far, you’re already done installing
Watchman and can start using it. However, I recommend you to follow
these additional steps to make your server slightly more secure:

____
I have not included detailed instructions for these steps, as it would
make this guide too long. You can find detailed instructions for each
step on the internet.
____



. Disable root login
. Replace password authentication with SSH key authentication
. Use `ufw` or another firewall to block unwanted traffic
. Use `fail2ban` to block brute-force attacks
. Write a cron job to update the system packages regularly