Feature: Added Talawa-admin to run system daemon service in Linux

[sahitya-chandra]

What kind of change does this PR introduce?

feature

Issue Number:

Fixes #2595

Snapshots/Videos:

Screencast.from.2025-01-03.13-10-02.webm

If relevant, did you update the documentation?

Yes

Summary

Created examples/linux/systemd folder in the root directory
Inside examples/linux/systemd added talawa_admin.service file
Inside examples/linux folder added Daemon_Service_Setup.md file for proper setup of talawa-admin service

Does this PR introduce a breaking change?

No

Checklist

CodeRabbit AI Review

• I have reviewed and addressed all critical issues flagged by CodeRabbit AI
• I have implemented or provided justification for each non-critical suggestion
• I have documented my reasoning in the PR comments where CodeRabbit AI suggestions were not implemented

Test Coverage

• I have written tests for all new changes/features
• I have verified that test coverage meets or exceeds 95%
• I have run the test suite locally and all tests pass

Other information

I have locally tested all the changes that I have made to the codebase

Have you read the contributing guide?

Yes

Summary by CodeRabbit

• Documentation
  • Added comprehensive setup guide for Talawa-Admin service on Linux
  • Introduced systemd service configuration for Talawa-Admin
  • Provided detailed instructions for service management and troubleshooting
  • Created systemd service file for automated application deployment

[coderabbitai]

Warning

Rate limit exceeded

@sahitya-chandra has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 4 minutes and 50 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 30be9fd and fb5732f.

📒 Files selected for processing (1)

• examples/linux/systemd/talawa_admin.service (1 hunks)

Walkthrough

This pull request introduces a comprehensive systemd service setup for the Talawa-Admin application, enabling it to run as a Linux system daemon. The changes include creating a new systemd service file (talawa_admin.service) in the examples/linux/systemd/ directory and updating the INSTALLATION.md with detailed setup instructions. The documentation provides a step-by-step guide for configuring, enabling, and managing the service on Linux systems, with a focus on prerequisites, service configuration, and troubleshooting.

Changes

File	Change Summary
INSTALLATION.md	Added new section "Talawa-Admin Service Setup Guide" with detailed instructions for service setup, configuration, management, and troubleshooting
examples/linux/systemd/talawa_admin.service	Created new systemd service file with comprehensive configuration for running Talawa-Admin as a system daemon

Assessment against linked issues

Objective	Addressed	Explanation
Create systemd file for Linux daemon	✅
Place file in examples/linux/systemd directory	✅
Prove system daemon functionality	✅

Possibly related PRs

• Added GitHub PR Workflow Check: Talawa Admin app starts (No Docker) #2452: GitHub Actions workflow enhancement for Talawa Admin app startup
• node version changed to "22.x" for compatability #3284: Node.js version specification update in workflow

Suggested reviewers

• palisadoes
• varshith257
• gautam-divyanshu

Poem

🐰 A systemd tale of admin might,
Daemons dancing in Linux light,
Service file crafted with care so neat,
Talawa's server now runs sweet!
Hop, hop, hurray for smooth deploy! 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Our Pull Request Approval Process

Thanks for contributing!

Testing Your Code

Remember, your PRs won't be reviewed until these criteria are met:

1. We don't merge PRs with poor code quality.
   1. Follow coding best practices such that CodeRabbit.ai approves your PR.
2. We don't merge PRs with failed tests.
   1. When tests fail, click on the Details link to learn more.
   2. Write sufficient tests for your changes (CodeCov Patch Test). Your testing level must be better than the target threshold of the repository
   3. Tests may fail if you edit sensitive files. Ask to add the ignore-sensitive-files-pr label if the edits are necessary.
3. We cannot merge PRs with conflicting files. These must be fixed.

Our policies make our code better.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[sahitya-chandra]

@palisadoes sir I have created this new PR.
Linting test will fail because the code does not eslint for MD files.
What should I do.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (4)

examples/linux/systemd/talawa-admin.service (2)

22-24: Consider adding more service dependencies.

While the current configuration is correct, consider adding dependencies on additional system targets for better service management:

 [Unit]
 Description=Talawa-Admin Service
-After=network.target
+After=network.target network-online.target
+Wants=network-online.target

---

54-64: Consider additional security hardening measures.

While the current security configuration is good, consider adding these additional protection directives:

 Restart=on-failure
 RemainAfterExit=yes
 ProtectSystem=full
 NoNewPrivileges=true
 PrivateTmp=true
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET AF_INET6
 Type=simple
 RuntimeDirectory=talawa-admin
 
 [Install]
 WantedBy=multi-user.target

INSTALLATION.md (2)

400-416: Enhance security configuration in prerequisites.

The user/group creation and permission setup is good, but consider adding these security enhancements:

 sudo useradd -r -s /bin/false talawa_admin
 sudo groupadd -r talawa_admin
 sudo usermod -a -G talawa_admin talawa_admin
+# Set a strong password for the service user
+sudo passwd -l talawa_admin
+
 # Get the absolute path to your talawa-admin installation
 INSTALL_PATH=$(pwd)
 
 sudo chown -R talawa_admin:talawa_admin $INSTALL_PATH
 sudo chmod 750 $INSTALL_PATH
 sudo find $INSTALL_PATH -type f -exec chmod 640 {} \;
-sudo chmod 600 $INSTALL_PATH/.env
+# Ensure sensitive files are properly protected
+sudo find $INSTALL_PATH -type f -name "*.env*" -exec chmod 600 {} \;
+sudo find $INSTALL_PATH -type f -name "*.key" -exec chmod 600 {} \;

🧰 Tools

🪛 GitHub Actions: PR Workflow

[error] Unauthorized file modification. This file is protected and requires the 'ignore-sensitive-files-pr' label to modify or delete.

---

487-491: Add more troubleshooting guidance.

The troubleshooting section could be enhanced with more specific guidance:

 - If you encounter any issues, you can check the status and logs of the service:
   ```bash
   sudo systemctl status talawa_admin.service
   sudo journalctl -u talawa_admin.service
+  # Check for specific errors
+  sudo journalctl -u talawa_admin.service --grep=error
+  # Check last 50 lines of logs
+  sudo journalctl -u talawa_admin.service -n 50 --no-pager

+- Common issues and solutions:

• 1. Service fails to start: Check .env file permissions and contents
• 2. NVM not found: Verify NVM installation for service user
• 3. Port conflicts: Ensure configured port is available

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 GitHub Actions: PR Workflow</summary>

[error]  Unauthorized file modification. This file is protected and requires the 'ignore-sensitive-files-pr' label to modify or delete.

</details>

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>📜 Review details</summary>

**Configuration used: .coderabbit.yaml**
**Review profile: CHILL**
**Plan: Pro**

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between a23d95baa0fcbc078b886a40f1f646e33c0c6ae9 and 5eda9b43ebaa5405cdb7e1d672a161031b71c748.

</details>

<details>
<summary>📒 Files selected for processing (2)</summary>

* `INSTALLATION.md` (2 hunks)
* `examples/linux/systemd/talawa-admin.service` (1 hunks)

</details>

<details>
<summary>🧰 Additional context used</summary>

<details>
<summary>🪛 GitHub Actions: PR Workflow</summary>

<details>
<summary>examples/linux/systemd/talawa-admin.service</summary>

[error] 2-2: Parsing error: Invalid character

</details>
<details>
<summary>INSTALLATION.md</summary>

[error]  Unauthorized file modification. This file is protected and requires the 'ignore-sensitive-files-pr' label to modify or delete.

</details>

</details>
<details>
<summary>🪛 Markdownlint (0.37.0)</summary>

<details>
<summary>INSTALLATION.md</summary>

423-423: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

424-424: Expected: 2; Actual: 5
Unordered list indentation

(MD007, ul-indent)

---

425-425: Expected: 2; Actual: 5
Unordered list indentation

(MD007, ul-indent)

---

428-428: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

436-436: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

439-439: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

442-442: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

445-445: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

455-455: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

</details>

</details>

</details>

<details>
<summary>⏰ Context from checks skipped due to timeout of 90000ms (1)</summary>

* GitHub Check: Analyse Code With CodeQL (javascript)

</details>

<details>
<summary>🔇 Additional comments (2)</summary><blockquote>

<details>
<summary>examples/linux/systemd/talawa-admin.service (1)</summary>

`2-20`: **LGTM! Well-documented setup instructions.**

The header comments provide clear and comprehensive setup instructions for administrators.

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 GitHub Actions: PR Workflow</summary>

[error] 2-2: Parsing error: Invalid character

</details>

</details>

</details>
<details>
<summary>INSTALLATION.md (1)</summary>

`393-495`: _:warning: Potential issue_

**Documentation requires protected file modification approval.**

The documentation additions are comprehensive and well-structured. However, there are two issues to address:

1. This file is protected and requires the 'ignore-sensitive-files-pr' label for modification
2. The markdown formatting needs to be fixed (indentation issues in lists)




Please:
1. Request the 'ignore-sensitive-files-pr' label from maintainers
2. Fix the list indentation issues in the markdown (lines 423-455)

<details>
<summary>✅ Verification successful</summary>

<!-- [monologue]
[task verify_protection_final/2]
Verify if INSTALLATION.md is a protected file and requires the label.
[observations]
1. Found INSTALLATION.md explicitly listed in pull-request.yml
2. Found sensitive files check workflow that requires 'ignore-sensitive-files-pr' label
3. The workflow blocks PRs without this label when sensitive files are modified
4. The PR currently doesn't have the required label (from previous check)
[analysis]
- INSTALLATION.md is explicitly listed in the workflow files
- The sensitive files check is active for this PR (actor isn't dependabot)
- The PR doesn't have the required override label
- The original review comment was correct about both the label requirement and the file being protected
[actions]
Generate final response confirming the original review was accurate
-->

**Protected file modification confirmed - requires label**

The verification confirms that INSTALLATION.md is a protected file and requires the 'ignore-sensitive-files-pr' label for modification. This is enforced by the repository's PR workflow checks.

- File: `.github/workflows/pull-request.yml` explicitly lists INSTALLATION.md as a sensitive file
- The PR currently lacks the required 'ignore-sensitive-files-pr' label



</details>

<details>
<summary>🏁 Scripts executed</summary>

The following scripts were executed for the analysis:

Script:

```shell
#!/bin/bash
# Verify if the PR has the required label
gh pr view 3276 --json labels -q '.labels[].name' | grep -q 'ignore-sensitive-files-pr' || echo "Missing required label"

Length of output: 142

---

Script:

#!/bin/bash
# Check common configuration files for protected files list
fd -t f "^(.github|.gitlab-ci.yml|.circleci|protected|sensitive)" -x cat {}

# Search for any references to protected files in the codebase
rg -i "protected.*files?" --type yaml --type json

Length of output: 131

---

Script:

#!/bin/bash
# Check workflow files specifically
fd -t f "^workflow" .github -x cat {}

# Search for references to INSTALLATION.md in workflows
rg -i "installation.md" .github/

# Look for PR validation patterns
rg -i "protected|sensitive|validation" .github/

Length of output: 903

🧰 Tools

🪛 Markdownlint (0.37.0)

423-423: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

424-424: Expected: 2; Actual: 5
Unordered list indentation

(MD007, ul-indent)

---

425-425: Expected: 2; Actual: 5
Unordered list indentation

(MD007, ul-indent)

---

428-428: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

436-436: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

439-439: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

442-442: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

445-445: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

---

455-455: Expected: 0; Actual: 3
Unordered list indentation

(MD007, ul-indent)

🪛 GitHub Actions: PR Workflow

[error] Unauthorized file modification. This file is protected and requires the 'ignore-sensitive-files-pr' label to modify or delete.

[palisadoes]

1. See comments.
2. Make sure CodeRabbit.ai approves your changes and all tests pass

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

INSTALLATION.md (2)

391-411: Enhance security configuration in prerequisites.

While the user and group creation steps are good, consider adding these security enhancements:

1. Explicitly set umask before file operations
2. Add SELinux context if applicable

 sudo useradd -r -s /bin/false talawa_admin
 sudo groupadd -r talawa_admin
 sudo usermod -a -G talawa_admin talawa_admin
+# Set restrictive umask for file operations
+umask 027
 # Get the absolute path to your talawa-admin installation
 INSTALL_PATH=$(pwd)
 
 sudo chown -R talawa_admin:talawa_admin $INSTALL_PATH
 sudo chmod 750 $INSTALL_PATH
 sudo find $INSTALL_PATH -type f -exec chmod 640 {} \;
 sudo chmod 600 $INSTALL_PATH/.env
+# If using SELinux, set appropriate context
+sudo semanage fcontext -a -t httpd_sys_content_t "$INSTALL_PATH(/.*)?"
+sudo restorecon -R $INSTALL_PATH

🧰 Tools

🪛 GitHub Actions: PR Workflow

[warning] File ignored because of a matching ignore pattern. Use "--no-ignore" to override

---

456-478: Add service monitoring recommendations.

The service management section should include guidance on monitoring service health and performance.

Add a new subsection for monitoring:

5. **Monitor Service Health**:
   ```bash
   # Check service resource usage
   sudo systemctl status talawa_admin.service
   # Monitor real-time logs
   sudo journalctl -fu talawa_admin.service
   # Check service limits
   sudo systemctl show talawa_admin.service

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 GitHub Actions: PR Workflow</summary>

[warning]  File ignored because of a matching ignore pattern. Use "--no-ignore" to override

</details>

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>📜 Review details</summary>

**Configuration used: .coderabbit.yaml**
**Review profile: CHILL**
**Plan: Pro**

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 5eda9b43ebaa5405cdb7e1d672a161031b71c748 and 9ee24ecf7229616168f9a08304797f5ca06fd21f.

</details>

<details>
<summary>📒 Files selected for processing (1)</summary>

* `INSTALLATION.md` (2 hunks)

</details>

<details>
<summary>🧰 Additional context used</summary>

<details>
<summary>🪛 GitHub Actions: PR Workflow</summary>

<details>
<summary>INSTALLATION.md</summary>

[warning]  File ignored because of a matching ignore pattern. Use "--no-ignore" to override

</details>

</details>

</details>

<details>
<summary>⏰ Context from checks skipped due to timeout of 90000ms (1)</summary>

* GitHub Check: Analyse Code With CodeQL (javascript)

</details>

<details>
<summary>🔇 Additional comments (1)</summary><blockquote>

<details>
<summary>INSTALLATION.md (1)</summary>

`19-23`: **LGTM! Well-structured TOC update.**

The new sections are properly integrated into the table of contents, maintaining the document's organization.

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 GitHub Actions: PR Workflow</summary>

[warning]  File ignored because of a matching ignore pattern. Use "--no-ignore" to override

</details>

</details>

</details>

</blockquote></details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

examples/linux/systemd/talawa_admin.service (2)

1-20: Enhance setup instructions for better clarity.

The instructions are good but could be improved by:

1. Adding nvm installation steps or linking to official documentation
2. Explaining the significance of CODEROOT variable
3. Specifying required file permissions (e.g., chmod 644)
4. Adding troubleshooting steps for common issues

🧰 Tools

🪛 GitHub Actions: PR Workflow

[error] 1-1: Parsing error: Invalid character

---

21-24: Enhance Unit section with additional dependencies.

Consider adding:

1. Documentation URL for more information
2. More specific network dependency using network-online.target
3. Ordering constraints if needed

 [Unit]
 Description=Talawa-Admin Service
-After=network.target
+Documentation=https://github.com/PalisadoesFoundation/talawa-admin
+Wants=network-online.target
+After=network-online.target

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9ee24ec and 30be9fd.

📒 Files selected for processing (1)

• examples/linux/systemd/talawa_admin.service (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: PR Workflow

examples/linux/systemd/talawa_admin.service

[error] 1-1: Parsing error: Invalid character

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Analyse Code With CodeQL (javascript)

🔇 Additional comments (1)

examples/linux/systemd/talawa_admin.service (1)

62-63: Install section looks good!

The multi-user.target is appropriate for this service.

[sahitya-chandra]

@palisadoes sir I have made all the changes that you said.
Please check

[palisadoes]

1. We have to close this.
2. We have been having issues merging PRs since migrating from Admin using a MongoDB backend to PostgreSQL
3. Please create a new branch based on the latest upstream and resubmit your PR