max / pom

Update MT monitoring for Hetzner deployment Hetzner instance monitors MT at localhost:3400, astra monitors via public URL (forums.makenot.work) with TLS cert checks. Reflects MT production move from astra-only to Hetzner. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Max J. <87768334+MaxJMath@users.noreply.github.com> · 2026-03-15 17:27 UTC

Commit: a90d9a1012b534b0317365d2025cbb3c807b4a6c

Parent: f0145b0

4 files changed, +31 insertions, -5 deletions

M Cargo.lock +1 -1

			@@ -1539,7 +1539,7 @@ checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
1539	1539
1540	1540		[[package]]
1541	1541		name = "pom"
1542		-	version = "0.2.3"
	1542	+	version = "0.2.4"
1543	1543		dependencies = [
1544	1544		"axum",
1545	1545		"chrono",

M deploy/pom-astra.toml +5 -2

			@@ -39,13 +39,16 @@ label = "Multithreaded Forum"
39	39		expected_routes = ["/"]
40	40
41	41		[targets.mt.health]
42		-	url = "http://127.0.0.1:3400/api/health"
43		-	timeout_secs = 5
	42	+	url = "https://forums.makenot.work/api/health"
	43	+	timeout_secs = 10
44	44
45	45		[targets.mt.health.expect]
46	46		status_code = 200
47	47		json_fields = { "status" = "operational" }
48	48
	49	+	[targets.mt.tls]
	50	+	host = "forums.makenot.work"
	51	+
49	52		[targets.htpy]
50	53		label = "htpy.app"
51	54

M deploy/pom-hetzner.toml +5 -2

			@@ -39,13 +39,16 @@ label = "Multithreaded Forum"
39	39		expected_routes = ["/"]
40	40
41	41		[targets.mt.health]
42		-	url = "http://100.106.221.39:3400/api/health"
43		-	timeout_secs = 10
	42	+	url = "http://127.0.0.1:3400/api/health"
	43	+	timeout_secs = 5
44	44
45	45		[targets.mt.health.expect]
46	46		status_code = 200
47	47		json_fields = { "status" = "operational" }
48	48
	49	+	[targets.mt.tls]
	50	+	host = "forums.makenot.work"
	51	+
49	52		[targets.htpy]
50	53		label = "htpy.app"
51	54

M deploy/pom.service +20

			@@ -5,10 +5,30 @@ Wants=network-online.target
5	5
6	6		[Service]
7	7		Type=simple
	8	+	User=pom
	9	+	Group=pom
8	10		EnvironmentFile=-/etc/pom/env
	11	+	Environment=XDG_DATA_HOME=/var/lib
9	12		ExecStart=/usr/local/bin/pom serve --config /etc/pom/pom.toml
10	13		Restart=on-failure
11	14		RestartSec=10
12	15
	16	+	# Security hardening
	17	+	NoNewPrivileges=true
	18	+	ProtectSystem=strict
	19	+	ProtectHome=true
	20	+	PrivateTmp=true
	21	+	ReadOnlyPaths=/etc/pom
	22	+	ReadWritePaths=/var/lib/pom
	23	+	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
	24	+	RestrictNamespaces=true
	25	+	RestrictSUIDSGID=true
	26	+	LockPersonality=true
	27	+	ProtectKernelTunables=true
	28	+	ProtectKernelModules=true
	29	+	ProtectControlGroups=true
	30	+	SystemCallArchitectures=native
	31	+	MemoryMax=256M
	32	+
13	33		[Install]
14	34		WantedBy=multi-user.target