deploy/conduit/conduit.service

[Unit]
Description=Conduit Matrix Homeserver
After=network.target

[Service]
Type=simple
User=conduit
Group=conduit

WorkingDirectory=/opt/conduit
ExecStart=/opt/conduit/conduit

# Restart on failure
Restart=on-failure
RestartSec=5

# Resource limits
LimitNOFILE=65536

# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/conduit/data /opt/conduit/logs
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=true
LockPersonality=true

# Environment
Environment="RUST_LOG=info"
Environment="CONDUIT_CONFIG=/opt/conduit/conduit.toml"

[Install]
WantedBy=multi-user.target
[matrix] Add Conduit deployment scaffold for #166, #183 Architecture: - ADR-1: Conduit selected over Synapse/Dendrite (Rust, low resource) - ADR-2: Deploy on existing Gitea VPS initially - ADR-3: Full federation enabled Artifacts: - docs/matrix-fleet-comms/README.md (architecture + runbooks) - deploy/conduit/conduit.toml (production config) - deploy/conduit/conduit.service (systemd) - deploy/conduit/Caddyfile (reverse proxy) - deploy/conduit/install.sh (one-command installer) - deploy/conduit/scripts/backup.sh (automated backups) - deploy/conduit/scripts/health.sh (health monitoring) Closes #183 (scaffold complete) Progresses #166 (implementation unblocked) 2026-04-05 04:38:15 +00:00			`[Unit]`
			`Description=Conduit Matrix Homeserver`
			`After=network.target`

			`[Service]`
			`Type=simple`
			`User=conduit`
			`Group=conduit`

			`WorkingDirectory=/opt/conduit`
			`ExecStart=/opt/conduit/conduit`

			`# Restart on failure`
			`Restart=on-failure`
			`RestartSec=5`

			`# Resource limits`
			`LimitNOFILE=65536`

			`# Security hardening`
			`NoNewPrivileges=true`
			`ProtectSystem=strict`
			`ProtectHome=true`
			`ReadWritePaths=/opt/conduit/data /opt/conduit/logs`
			`ProtectKernelTunables=true`
			`ProtectKernelModules=true`
			`ProtectControlGroups=true`
			`RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6`
			`RestrictNamespaces=true`
			`LockPersonality=true`

			`# Environment`
			`Environment="RUST_LOG=info"`
			`Environment="CONDUIT_CONFIG=/opt/conduit/conduit.toml"`

			`[Install]`
			`WantedBy=multi-user.target`