Systemd Service

Run Cloodsy S3 as a system service with automatic startup and restart.

Create Service File

Create /etc/systemd/system/cloodsys3.service:

[Unit]
Description=Cloodsy S3 Object Storage Server
After=network.target

[Service]
Type=simple
User=cloodsys3
Group=cloodsys3
ExecStart=/usr/local/bin/cloodsys3 serve --data-dir /var/lib/cloodsys3
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/lib/cloodsys3
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Setup

Create a system user

sudo useradd --system --no-create-home --shell /usr/sbin/nologin cloodsys3

Create data directory

sudo mkdir -p /var/lib/cloodsys3
sudo chown cloodsys3:cloodsys3 /var/lib/cloodsys3

Install the binary

sudo cp cloodsys3 /usr/local/bin/
sudo chmod +x /usr/local/bin/cloodsys3

Enable and start

sudo systemctl daemon-reload
sudo systemctl enable cloodsys3
sudo systemctl start cloodsys3

Management Commands

# Check status
sudo systemctl status cloodsys3

# View logs
sudo journalctl -u cloodsys3 -f

# Restart
sudo systemctl restart cloodsys3

# Stop
sudo systemctl stop cloodsys3

Managing Buckets with Systemd

When running as a service, use the CLI with the same data directory:

sudo -u cloodsys3 /usr/local/bin/cloodsys3 bucket create photos --data-dir /var/lib/cloodsys3
sudo -u cloodsys3 /usr/local/bin/cloodsys3 credential create photos --data-dir /var/lib/cloodsys3

The server detects changes automatically — no restart needed.

TLS with Systemd

Update the ExecStart line to include TLS flags:

ExecStart=/usr/local/bin/cloodsys3 serve \
    --data-dir /var/lib/cloodsys3 \
    --tls-cert /etc/ssl/cloodsys3/cert.pem \
    --tls-key /etc/ssl/cloodsys3/key.pem

Add the certificate directory to ReadWritePaths:

ReadWritePaths=/var/lib/cloodsys3 /etc/ssl/cloodsys3
Presigned URLs Raspberry Pi