refactor: implement configurable directory structure with XDG support

Separate configuration from data storage and make paths configurable via environment variables and command-line flags. This improves Unix/Linux compliance and supports both development and production deployments. Key changes: - Separate config dir (opal.yml) from data dir (database, logs) - Support XDG Base Directory specification - Add --config-dir and --data-dir flags - Environment variables: OPAL_CONFIG_DIR, OPAL_DATA_DIR, OPAL_DB_PATH - Smart fallback: /etc/opal, /var/lib/opal -> ~/.config/opal, ~/.local/share/opal - Server mode validates required OAuth/JWT environment variables - Update naming from 'jade' to 'opal' throughout - Update systemd service name to 'opal.service' - Add migration guide in README Default paths: - Config: /etc/opal (fallback: ~/.config/opal) - Data: /var/lib/opal (fallback: ~/.local/share/opal) Files modified: - internal/engine/config.go: New directory resolution logic - internal/engine/database.go: Auto-create data directory - cmd/root.go: Add global flags for directory overrides - cmd/server.go: Add configuration validation - cmd/sync.go, internal/sync/*: Use new path helper functions - tests: Update to use directory overrides - docs: Update deployment guide and README
2026-01-06 20:46:29 +01:00
parent 7ea78d3b54
commit 5d01c9f564
12 changed files with 333 additions and 54 deletions
@@ -70,8 +70,9 @@ Add:
 # Server
 SERVER_ADDR=:8080

-# Database  
-OPAL_DB_PATH=/var/lib/opal/opal.db
+# Directory Configuration
+OPAL_CONFIG_DIR=/etc/opal
+OPAL_DATA_DIR=/var/lib/opal

 # OAuth (from Authentik setup)
 OAUTH_ENABLED=true
@@ -88,9 +89,11 @@ JWT_EXPIRY=3600
 REFRESH_TOKEN_EXPIRY=604800
 ```

+**Note:** The config directory (`/etc/opal`) contains read-only settings, while the data directory (`/var/lib/opal`) contains the database and mutable state.
+
 ### Create SystemD Service
 ```bash
-sudo nano /etc/systemd/system/opal-api.service
+sudo nano /etc/systemd/system/opal.service
 ```

 ```ini
@@ -104,7 +107,7 @@ User=opal
 Group=opal
 WorkingDirectory=/var/lib/opal
 EnvironmentFile=/etc/opal/opal.env
-ExecStart=/usr/local/bin/opal server start --addr :8080 --db /var/lib/opal/opal.db
+ExecStart=/usr/local/bin/opal server start --addr :8080
 Restart=always
 RestartSec=5

@@ -114,11 +117,14 @@ PrivateTmp=true
 ProtectSystem=strict
 ProtectHome=true
 ReadWritePaths=/var/lib/opal
+ReadOnlyPaths=/etc/opal

 [Install]
 WantedBy=multi-user.target
 ```

+**Note:** The `--db` flag is no longer needed since the database path is configured via `OPAL_DATA_DIR` environment variable.
+
 ### Setup Database and User
 ```bash
 # Create user
@@ -136,14 +142,14 @@ sudo cp opal /usr/local/bin/
 sudo chmod 755 /usr/local/bin/opal

 # Generate first API key (optional - for CLI access)
-sudo -u opal opal server keygen --name "Admin CLI" --db /var/lib/opal/opal.db
+sudo -u opal OPAL_DATA_DIR=/var/lib/opal opal server keygen --name "Admin CLI"
 # Save the generated key!

 # Start service
 sudo systemctl daemon-reload
-sudo systemctl enable opal-api
-sudo systemctl start opal-api
-sudo systemctl status opal-api
+sudo systemctl enable opal
+sudo systemctl start opal
+sudo systemctl status opal
 ```

 ## Step 4: Configure Caddy
@@ -214,8 +220,8 @@ sudo systemctl status caddy
 ### Check Services
 ```bash
 # API server
-sudo systemctl status opal-api
-sudo journalctl -u opal-api -n 50
+sudo systemctl status opal
+sudo journalctl -u opal -n 50

 # Caddy
 sudo systemctl status caddy
@@ -258,7 +264,7 @@ cd opal-task
 git pull
 go build -o opal main.go
 scp opal server:/tmp/
-ssh server "sudo systemctl stop opal-api && sudo cp /tmp/opal /usr/local/bin/ && sudo systemctl start opal-api"
+ssh server "sudo systemctl stop opal && sudo cp /tmp/opal /usr/local/bin/ && sudo systemctl start opal"
 ```

 ## Troubleshooting
@@ -266,10 +272,10 @@ ssh server "sudo systemctl stop opal-api && sudo cp /tmp/opal /usr/local/bin/ &&
 ### API Not Responding
 ```bash
 # Check if running
-sudo systemctl status opal-api
+sudo systemctl status opal

 # Check logs
-sudo journalctl -u opal-api -f
+sudo journalctl -u opal -f

 # Test locally
 curl http://localhost:8080/health
@@ -297,7 +303,7 @@ curl http://localhost:8080/health
 ### Logs
 ```bash
 # API logs
-sudo journalctl -u opal-api -f
+sudo journalctl -u opal -f

 # Caddy logs
 sudo tail -f /var/log/caddy/opal.log