Alexander/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb54f6907fa33a61c6e95d1f9ce3ab06a012e79e
homepage/tile-proxy/deploy/tile-proxy.service
T
Alexander 94c8212078 feat(tile-proxy): Thunderforest Outdoors as foreign karte upstream 
OpenTopoMap's hypsometric tint reads "red mountains / green flats" and
looks nothing like the Swisstopo Pixelkarte the proxy hands out
in-region — produced a jarring visual seam right at the CH/LI border.
Thunderforest Outdoors has a muted topo palette + subtle hillshade
that matches the swisstopo tile aesthetic much more closely, so use
it as the abroad `karte` upstream when an API key is available.

- `tile-proxy/build.rs`: reads `tile-proxy/.env` (gitignored) at build
  time and forwards each `KEY=VAL` line to rustc as `--env`, so the
  key is baked into the binary via `option_env!` and never touched at
  runtime. A shell env var of the same name wins over the .env entry
  (dotenv precedence). `cargo:rerun-if-changed=.env` +
  `cargo:rerun-if-env-changed` force a recompile whenever the value
  changes — no stale key cached in the binary.
- `main.rs`: `THUNDERFOREST_API_KEY` read via `option_env!`; foreign
  `karte` is Thunderforest Outdoors when set, OpenTopoMap fallback
  when absent. Behaviour unchanged for keyless builds.
- `mapTiles.ts`: page-footer attribution credits Thunderforest + OSM
  alongside the existing swisstopo / OpenTopoMap / Esri lines so the
  attribution stays correct regardless of which build is deployed.
- `.gitignore`: tile-proxy build artefacts (binary, `target/`, `.env`)
  moved to the root gitignore with fully-qualified paths so the
  source tree isn't hidden by a nested gitignore quirk; the per-dir
  `tile-proxy/.gitignore` is removed.
- README + systemd service: documentation refreshed for the new
  build-time key flow.
2026-05-26 22:56:32 +02:00

33 lines
1.0 KiB
Desktop File
Raw Blame History

# systemd unit for the tile proxy.
# install: cp deploy/tile-proxy.service /etc/systemd/system/
# (build first: drop the Thunderforest key into tile-proxy/.env
# and run `cargo build --release`; build.rs reads .env and bakes
# the key into the binary at compile time, nothing is read at
# runtime; adjust paths/user below)
# enable: systemctl daemon-reload && systemctl enable --now tile-proxy
[Unit]
Description=Region-switching map tile proxy (swisstopo / world)
After=network-online.target
Wants=network-online.target
[Service]
# The one place the port is configured — nginx must point at the same value.
Environment=TILE_PROXY_ADDR=127.0.0.1:8765
ExecStart=/opt/tile-proxy/tile-proxy
Restart=on-failure
RestartSec=2
# Hardening — the service only needs outbound network.
DynamicUser=yes
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_INET AF_INET6
MemoryMax=128M
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink