fix service readwrite path

add systemd service file
Merge branch 'gunicorn-migration'
2026-04-05 17:21:41 -04:00 · 2026-04-05 17:04:14 -04:00 · 2026-04-04 16:33:46 -04:00 · 2026-04-04 16:13:00 -04:00 · 2026-04-04 15:58:13 -04:00 · 2026-04-03 15:08:08 -04:00
7 changed files with 74 additions and 10 deletions
@@ -0,0 +1,3 @@
 NAVIDROME_MUSIC_FOLDER="/opt/navidrome/music"
 BIND_ADDRESS="192.168.2.24"
 BIND_PORT="5001"
@@ -2,3 +2,4 @@ venv/
 setup.sh
 navidrome-upload.service
 .idea/
 .env
@@ -0,0 +1,47 @@
 [Unit]
 Description=Navidrome Music Uploader Service
 After=network.target,navidrome.service
 [Service]
 Type=simple
 User=navidrome-uploader
 Group=navidrome-uploader
 WorkingDirectory=/opt/navidrome-uploader
 Environment="PATH=/opt/navidrome-uploader/venv/bin"
 EnvironmentFile=/etc/default/navidrome-uploader/.env
 ExecStart=/opt/navidrome-uploader/venv/bin/gunicorn -c gunicorn.conf.py main:app
 Restart=on-failure
 RestartSec=30
 NoNewPrivileges=yes
 CapabilityBoundingSet=
 AmbientCapabilities=
 ProtectSystem=strict
 ProtectHome=yes
 PrivateTmp=yes
 ReadWritePaths=/opt/navidrome-uploader
 InaccessiblePaths=/boot /mnt /media
 PrivateDevices=yes
 ProtectKernelTunables=yes
 ProtectKernelModules=yes
 ProtectKernelLogs=yes
 ProtectControlGroups=yes
 ProtectClock=yes
 ProtectHostname=yes
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 LockPersonality=yes
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 PrivateNetwork=no
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 UMask=0027
 [Install]
 WantedBy=multi-user.target
@@ -0,0 +1,16 @@
 # gunicorn.conf.py
 # Arian Nasr
 # April 4, 2026
 import os
 BIND_ADDRESS = os.environ.get('BIND_ADDRESS', '0.0.0.0')
 BIND_PORT = int(os.environ.get('BIND_PORT', 5001))
 bind = f"{BIND_ADDRESS}:{BIND_PORT}"
 workers = 2
 accesslog = "-" # Log to stdout
 errorlog = "-"  # Log to stderr
 # gunicorn -c gunicorn.conf.py main:app
@@ -6,7 +6,7 @@ import os
 from flask import Flask, request, render_template
 from werkzeug.utils import secure_filename
-UPLOAD_FOLDER = '/opt/navidrome/music'
+UPLOAD_FOLDER = os.environ.get('NAVIDROME_MUSIC_FOLDER', '/opt/navidrome/music')
 ALLOWED_EXTENSIONS = {'flac', 'mp3', 'wav'}
 app = Flask(__name__)
@@ -33,7 +33,3 @@ def upload_file():
        return render_template('success.html', success_message=f'{len(request.files)} file(s) uploaded successfully!'), 200
    return render_template('index.html'), 200
 if __name__ == '__main__':
    app.run(host='192.168.2.24', port=5001, debug=False)
@@ -1,7 +1,8 @@
 blinker==1.9.0
-click==8.3.1
+click==8.3.2
 Flask==3.1.3
 itsdangerous==2.2.0
 Jinja2==3.1.6
 MarkupSafe==3.0.3
-Werkzeug==3.1.6
+Werkzeug==3.1.8
 gunicorn==25.3.0
@@ -11,7 +11,7 @@
 <body>
    <script>
        Dropzone.options.myDropzone = {
-            parallelUploads: 2,
+            parallelUploads: 4,
            uploadMultiple: true,
            acceptedFiles: 'audio/*'
        };
Author	SHA1	Message	Date
arian	5e553f9363	fix service readwrite path	2026-04-05 17:21:41 -04:00
arian	f9ca5f299f	add systemd service file	2026-04-05 17:04:14 -04:00
arian	4b9728e814	Merge branch 'gunicorn-migration'	2026-04-04 16:33:46 -04:00
arian	a6a84d662b	deploy with gunicorn	2026-04-04 16:13:00 -04:00
arian	05d40b4bd8	bump click==8.3.2	2026-04-04 15:58:13 -04:00
arian	0f7fd55c7f	bump Werkzeug==3.1.8	2026-04-03 15:08:08 -04:00
arian	beb96580d4	Merge branch 'pr-ext-conf'	2026-03-28 10:18:56 -04:00
arian	524fc6ef54	mv conf vars external	2026-03-28 10:07:37 -04:00
arian	cdacbd9d8f	bump Werkzeug==3.1.7	2026-03-25 04:47:57 -04:00
arian	c4d18aa680	increase concurrent uploads	2026-03-15 17:36:19 -04:00
arian	7da1443d09	Merge branch 'pr-healthcheck'	2026-03-10 08:04:40 -04:00