clawdie/hermes-bsd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

FreeBSD rc.d service for hermes gateway (daemon(8) supervision) #1

Merged
clawdie merged 2 commits from feat/freebsd-rcd-service into main 2026-06-14 15:21:26 +02:00
Conversation 0 Commits 2 Files changed 3 +174 -1
clawdie commented 2026-06-14 15:14:11 +02:00
Owner
Copy link

What

Adds packaging/freebsd/hermes_daemon.in — an rc.d service that runs hermes gateway run under daemon(8), modeled on Colibri's proven colibri_daemon.in.

  • Privilege drop to a dedicated hermes user/group
  • Persistent HERMES_HOME=/var/db/hermes (not the tmpfs home on live USB)
  • Supervisor/child pidfile separation so stop targets the daemon(8) parent — avoids -r auto-restart fighting the stop
  • Auto-restart on crash (-r), log redirection (-o)
  • health extra command for status checks
  • prestart recreates tmpfs /var/run dirs each boot

Also updates README-FreeBSD.md (rc.d setup instructions) and scripts/install-freebsd.sh (service path note).

Review hardening (2nd commit)

  • Restart-loop fix: prestart now return 1s when config.yaml is missing instead of only warning. Previously an unconfigured host would exit-immediately → daemon -r respawn → tight crash loop. Aborting the start gives the operator a clear error.
  • Dropped a stray double blank line in the README.

Notes

  • Rebased onto current main (which corrected the README patched-file list).
  • hermes_daemon_group is used for install -g dir ownership; daemon -u covers the runtime primary group — intentional.
  • rc.d behavior is FreeBSD-specific and needs a real-FreeBSD boot to fully validate (start/stop/health, pidfile lifecycle).

🤖 Generated with Claude Code

## What Adds `packaging/freebsd/hermes_daemon.in` — an rc.d service that runs `hermes gateway run` under `daemon(8)`, modeled on Colibri's proven `colibri_daemon.in`. - Privilege drop to a dedicated `hermes` user/group - Persistent `HERMES_HOME=/var/db/hermes` (not the tmpfs home on live USB) - **Supervisor/child pidfile separation** so `stop` targets the `daemon(8)` parent — avoids `-r` auto-restart fighting the stop - Auto-restart on crash (`-r`), log redirection (`-o`) - `health` extra command for status checks - prestart recreates tmpfs `/var/run` dirs each boot Also updates `README-FreeBSD.md` (rc.d setup instructions) and `scripts/install-freebsd.sh` (service path note). ## Review hardening (2nd commit) - **Restart-loop fix:** prestart now `return 1`s when `config.yaml` is missing instead of only warning. Previously an unconfigured host would exit-immediately → `daemon -r` respawn → tight crash loop. Aborting the start gives the operator a clear error. - Dropped a stray double blank line in the README. ## Notes - Rebased onto current main (which corrected the README patched-file list). - `hermes_daemon_group` is used for `install -g` dir ownership; `daemon -u` covers the runtime primary group — intentional. - rc.d behavior is FreeBSD-specific and needs a real-FreeBSD boot to fully validate (start/stop/health, pidfile lifecycle). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
clawdie added 2 commits 2026-06-14 15:14:13 +02:00 
Adds packaging/freebsd/hermes_daemon.in — a FreeBSD rc.d service script
that runs hermes gateway under daemon(8) with:

- Privilege drop to a dedicated hermes user/group
- Persistent HERMES_HOME=/var/db/hermes (not tmpfs home)
- Supervisor/child pidfile separation (correct stop behavior)
- Auto-restart on crash (-r), log rotation (-o)
- health extra command for status checks
- prestart validation that config.yaml exists

Also updates:
- README-FreeBSD.md with full rc.d setup instructions
- scripts/install-freebsd.sh to mention the service path

Modeled after Colibri's proven colibri_daemon.in rc.d script.
fix(freebsd): abort rc.d start on missing config; tidy README spacing
Some checks failed
Contributor Attribution Check / check-attribution (pull_request) Has been cancelled
Details
History Check / check-common-ancestor (pull_request) Has been cancelled
Details
Lint (ruff + ty) / ruff + ty diff (pull_request) Has been cancelled
Details
Lint (ruff + ty) / ruff enforcement (blocking) (pull_request) Has been cancelled
Details
Lint (ruff + ty) / Windows footguns (blocking) (pull_request) Has been cancelled
Details
Nix / nix (macos-latest) (pull_request) Has been cancelled
Details
Nix / nix (ubuntu-latest) (pull_request) Has been cancelled
Details
Supply Chain Audit / changes (pull_request) Has been cancelled
Details
Supply Chain Audit / Scan PR for critical supply chain risks (pull_request) Has been cancelled
Details
Supply Chain Audit / Check PyPI dependency upper bounds (pull_request) Has been cancelled
Details
Tests / test (1) (pull_request) Has been cancelled
Details
Tests / test (2) (pull_request) Has been cancelled
Details
Tests / test (3) (pull_request) Has been cancelled
Details
Tests / test (4) (pull_request) Has been cancelled
Details
Tests / e2e (pull_request) Has been cancelled
Details
Tests / test (5) (pull_request) Has been cancelled
Details
Tests / test (6) (pull_request) Has been cancelled
Details
Tests / save-durations (pull_request) Has been cancelled
Details
Typecheck / typecheck (apps/bootstrap-installer) (pull_request) Has been cancelled
Details
Typecheck / typecheck (apps/desktop) (pull_request) Has been cancelled
Details
Typecheck / typecheck (apps/shared) (pull_request) Has been cancelled
Details
Typecheck / typecheck (ui-tui) (pull_request) Has been cancelled
Details
Typecheck / typecheck (web) (pull_request) Has been cancelled
Details
3dd2b7a301 
prestart now returns 1 when config.yaml is absent instead of only warning.
Without this, daemon(8) -r respawns the immediately-exiting gateway in a tight
crash loop; aborting the start surfaces a clear error to the operator instead.

Also drop a stray double blank line before the README Install fence.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdie merged commit fc4b57adeb into main 2026-06-14 15:21:26 +02:00
clawdie deleted branch feat/freebsd-rcd-service 2026-06-14 15:21:27 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/hermes-bsd#1
No description provided.
Delete branch "feat/freebsd-rcd-service"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?