{"id":30304503,"url":"https://github.com/pinpox/restard","last_synced_at":"2025-08-17T07:09:06.946Z","repository":{"id":308641788,"uuid":"1029934208","full_name":"pinpox/restard","owner":"pinpox","description":"Restart SystemD Services via Web-Hooks","archived":false,"fork":false,"pushed_at":"2025-07-31T20:17:04.000Z","size":8,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-17T05:39:13.353Z","etag":null,"topics":["devops","nixos","systemd","webhook"],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pinpox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-31T20:13:03.000Z","updated_at":"2025-07-31T20:17:08.000Z","dependencies_parsed_at":"2025-08-07T04:18:29.210Z","dependency_job_id":null,"html_url":"https://github.com/pinpox/restard","commit_stats":null,"previous_names":["pinpox/restard"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pinpox/restard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinpox%2Frestard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinpox%2Frestard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinpox%2Frestard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinpox%2Frestard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pinpox","download_url":"https://codeload.github.com/pinpox/restard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinpox%2Frestard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270817368,"owners_count":24650981,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","nixos","systemd","webhook"],"created_at":"2025-08-17T07:09:04.254Z","updated_at":"2025-08-17T07:09:06.935Z","avatar_url":"https://github.com/pinpox.png","language":"Nix","readme":"# RestarD\n\nA simple Go service that listens for HTTP requests and restarts systemd\nservices. Designed for webhook-based deployments and service management, e.g. in\na CI. RestarD allows per-service authentication tokens and can be run secruely\nwith non-root users using dedicated polkit rules.\n\n## Use Cases\n\n- **Webhook Deployments**: Restart services after CI/CD deployments\n- **Service Management**: Remote service restart for maintenance\n- **Monitoring Integration**: Restart services from monitoring alerts\n- **Container Orchestration**: Restart systemd services from containers\n\n## Configuration\n\nConfigure each service via environment variables.\n\n- `LISTEN_ADDR`: Server listening address (default: `:8080`)\n- `RESTARD_SERVICE_\u003cNAME\u003e`: Name of the systemd unit to restart on request to `/restart/\u003cNAME\u003e`\n- `RESTARD_TOKEN_\u003cNAME\u003e`: Authentication token for the unit `\u003cNAEME\u003e`\n\n### Example Configuration\n\nThe following configuration would listen on `127.0.0.1:8080` for incoming\nrequests. It would restart `nginx.service` if a request is made to\n`/restart/web` with the token `hunter1` and restart `api.service` if a\nrequest is made to `/restart/api` with the token `hunter2`.\n\n```bash\nexport LISTEN_ADDR=127.0.0.1:8080\n\nexport RESTARD_SERVICE_WEB=nginx.service\nexport RESTARD_TOKEN_WEB=hunter1\nexport RESTARD_SERVICE_API=api.service\nexport RESTARD_TOKEN_API=hunter2\n```\n\n## Example Usage\n\nThe genheral API is: \n```bash\nPOST /restart/{servicename}\nAuthorization: Bearer \u003ctoken\u003e\n```\nAnd will respond with:\n\n- **200**: Service restarted successfully\n- **404**: Any error (service not found, invalid token, restart failed, etc.)\n\n### Example\n\n```bash\n# Restart nginx.service\ncurl -X POST http://localhost:8080/restart/web \\\n  -H \"Authorization: Bearer your-secret-token\"\n\n# Restart myapi.service  \ncurl -X POST http://localhost:8080/restart/api \\\n  -H \"Authorization: Bearer another-token\"\n```\n\n## Running without root\n\nSince RestarD will try to restart other units, it needs the appropiate\npermissions. It can be run as root, then no additional configuration is\nnecessary. If you prefer running it as a lower-privileged user, add the\nfollowing polkit rule.\n\nCreate `/etc/polkit-1/rules.d/50-restard.rules`:\n\n```javascript\npolkit.addRule(function(action, subject) {\n    if (action.id == \"org.freedesktop.systemd1.manage-units\" \u0026\u0026\n        subject.user == \"restard\") {\n        // Allow only restart action\n        if (action.lookup(\"verb\") == \"restart\") {\n            return polkit.Result.YES;\n        }\n    }\n});\n```\nExmaple Systemd unit, running as user `restard`\n(`/etc/systemd/system/restard.service`):\n\n```ini\n[Unit]\nDescription=RestarD Service Restart API\nAfter=network.target\n\n[Service]\nType=simple\nUser=restard\nGroup=restard\nExecStart=/usr/local/bin/restard\nEnvironment=LISTEN_ADDR=127.0.0.1:8080\nEnvironment=RESTARD_SERVICE_WEB=nginx.service\nEnvironment=RESTARD_TOKEN_WEB=your-secret-token\nWorkingDirectory=/var/lib/restard\nRestart=always\nRestartSec=5\n\n# Security hardening\nNoNewPrivileges=true\nPrivateTmp=true\nProtectSystem=strict\nProtectHome=true\nReadWritePaths=/var/lib/restard\n\n[Install]\nWantedBy=multi-user.target\n```\n\n## NixOS Module\n\nThe flake includes a NixOS module for easy deployment:\n\n```nix\n{\n  inputs.restard.url = \"github:pinpox/restard\";\n  \n  outputs = { nixpkgs, restard, ... }: {\n    nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {\n      modules = [\n        restard.nixosModules.default\n        {\n          services.restard = {\n            enable = true;\n            listen = \"127.0.0.1:8080\";\n            services = {\n              web = {\n                service = \"nginx.service\";\n                token = \"/run/secrets/web-token\";\n              };\n              api = {\n                service = \"myapi.service\";\n                token = \"/run/secrets/api-token\";\n              };\n            };\n          };\n        }\n      ];\n    };\n  };\n}\n```\n\nAdditionally, there is a NixOS VM-test included for devlopment.\n\n```\nnix build .#checks.x86_64-linux.nixos-test -Lv\n```\n\n### Module Options\n\n- `services.restard.enable` - Enable the restard service\n- `services.restard.listen` - Listen address (default: `:8080`)\n- `services.restard.services.\u003cname\u003e.service` - Systemd unit to restart\n- `services.restard.services.\u003cname\u003e.token` - Path to token file\n- `services.restard.user/group` - Service user/group (default: `restard`)\n\n### Module Features\n\n- **Dedicated user** - Runs as non-root `restard` user\n- **Polkit integration** - Only allows restart operations\n- **systemd credentials** - Tokens loaded securely via `LoadCredential`\n- **Service hardening** - `NoNewPrivileges`, `ProtectSystem`, etc.\n\n## Building \u0026 Testing\n\n```bash\n# Build the application\nnix build\n\n# Run tests (includes VM integration test)\nnix flake check\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpinpox%2Frestard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpinpox%2Frestard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpinpox%2Frestard/lists"}