Robert Helewka
8c95173705
Introduce structured journal relabel rules on puck to tag Pallas-managed
units with {service, project, component} labels matching the Mnemosyne
and Daedalus schema. Add kottos release variable and vault secrets
example entries for the new Pallas FastAgent runtime.
Remove the defunct mnemosyne syslog listener now that Mnemosyne ships
JSON logs via the docker-socket pipeline.
34 lines
1006 B
Django/Jinja
34 lines
1006 B
Django/Jinja
[Unit]
|
|
Description=Kottos — Pallas FastAgent runtime ({{ kottos_host | default(inventory_hostname) }})
|
|
After=network.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User={{ kottos_user }}
|
|
Group={{ kottos_group }}
|
|
WorkingDirectory={{ kottos_directory }}
|
|
EnvironmentFile={{ kottos_directory }}/.env
|
|
ExecStart={{ kottos_directory }}/.venv/bin/pallas
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
# Journal is the durable sink (Alloy picks up via loki.source.journal and
|
|
# relabels SyslogIdentifier=kottos into {service="pallas", project="kottos"}
|
|
# for Loki). Stdout from pallas is already JSON thanks to
|
|
# PALLAS_LOG_STDOUT=1 set in the .env file.
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=kottos
|
|
|
|
# Pallas needs to reach localhost sibling agents + upstream MCP servers
|
|
# and read its own .venv / agents.yaml / config files. No hardening flags
|
|
# that would block those paths.
|
|
NoNewPrivileges=false
|
|
ProtectSystem=false
|
|
ProtectHome=false
|
|
PrivateTmp=false
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|