Update: add workspace

conf/env_api-gateway.env.sample

@@ -8,6 +8,7 @@ PORT="__PORT_API_GATEWAY__"
 
 SYNCING_SERVER_JS_URL="http://localhost:__PORT_SYNCING_SERVER__"
 AUTH_SERVER_URL="http://localhost:__PORT_AUTH__"
+WORKSPACE_SERVER_URL="http://localhost:__PORT_WORKSPACE__"
 #PAYMENTS_SERVER_URL=http://payments:3000
 FILES_SERVER_URL=http://__DOMAIN____PATH__/files/
 

conf/env_workspace.env.sample

@@ -0,0 +1,36 @@
+__YNH_NODE_LOAD_PATH__
+
+LOG_LEVEL="info"
+NODE_ENV="production"
+VERSION="production"
+
+AUTH_JWT_SECRET=__AUTH_JWT_SECRET__
+
+PORT="__PORT_WORKSPACE__"
+
+DB_HOST=localhost
+DB_REPLICA_HOST=localhost
+DB_PORT=3306
+DB_USERNAME=__DB_USER__
+DB_PASSWORD=__DB_PWD__
+DB_DATABASE=__DB_NAME__
+DB_DEBUG_LEVEL=all # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration"
+DB_MIGRATIONS_PATH=dist/migrations/*.js
+
+REDIS_URL="redis://localhost:6379/__REDIS_DB__"
+
+SNS_TOPIC_ARN=
+SNS_AWS_REGION=
+SQS_QUEUE_URL=
+SQS_AWS_REGION=
+
+REDIS_EVENTS_CHANNEL=events
+
+# (Optional) New Relic Setup
+NEW_RELIC_ENABLED=false
+NEW_RELIC_APP_NAME=Workspace
+NEW_RELIC_LICENSE_KEY=
+NEW_RELIC_NO_CONFIG_FILE=true
+NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
+NEW_RELIC_LOG_ENABLED=false
+NEW_RELIC_LOG_LEVEL=info

conf/systemd_workspace.service

@@ -0,0 +1,45 @@
+[Unit]
+Description=StandardNotes workspace
+After=network.target
+After=__APP__-auth.service
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/live/
+EnvironmentFile=__FINALPATH__/live/workspace.env
+ExecStart=/usr/bin/yarn start:workspace
+StandardOutput=append:/var/log/__APP__/workspace.log
+StandardError=inherit
+Restart=always
+
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=default.target

scripts/backup

@@ -80,6 +80,7 @@ ynh_backup --src_path="/etc/systemd/system/$app-auth-worker.service"
 ynh_backup --src_path="/etc/systemd/system/$app-files.service"
 ynh_backup --src_path="/etc/systemd/system/$app-syncing-server.service"
 ynh_backup --src_path="/etc/systemd/system/$app-syncing-server-worker.service"
+ynh_backup --src_path="/etc/systemd/system/$app-workspace.service"
 
 #=================================================
 # BACKUP VARIOUS FILES

scripts/change_url

@@ -36,6 +36,7 @@ port_auth_worker=$(ynh_app_setting_get --app=$app --key=port_auth_worker)
 port_files=$(ynh_app_setting_get --app=$app --key=port_files)
 port_syncing_server=$(ynh_app_setting_get --app=$app --key=port_syncing_server)
 port_syncing_server_worker=$(ynh_app_setting_get --app=$app --key=port_syncing_server_worker)
+port_workspace=$(ynh_app_setting_get --app=$app --key=port_workspace)
 
 config_api_gateway="$final_path/live/api-gateway.env"
 

scripts/install

@@ -69,6 +69,7 @@ port_auth_worker=$(ynh_find_port --port=$((port_auth+1)))
 port_files=$(ynh_find_port --port=$((port_auth_worker+1)))
 port_syncing_server=$(ynh_find_port --port=$((port_files+1)))
 port_syncing_server_worker=$(ynh_find_port --port=$((port_syncing_server+1)))
+port_workspace=$(ynh_find_port --port=$((port_syncing_server_worker+1)))
 
 ynh_app_setting_set --app=$app --key=port_api_gateway --value=$port_api_gateway
 ynh_app_setting_set --app=$app --key=port_auth --value=$port_auth
@@ -76,6 +77,7 @@ ynh_app_setting_set --app=$app --key=port_auth_worker --value=$port_auth_worker
 ynh_app_setting_set --app=$app --key=port_files --value=$port_files
 ynh_app_setting_set --app=$app --key=port_syncing_server --value=$port_syncing_server
 ynh_app_setting_set --app=$app --key=port_syncing_server_worker --value=$port_syncing_server_worker
+ynh_app_setting_set --app=$app --key=port_workspace --value=$port_workspace
 
 #=================================================
 # INSTALL DEPENDENCIES
@@ -162,6 +164,7 @@ config_auth_worker="$final_path/live/auth-worker.env"
 config_files="$final_path/live/files.env"
 config_syncing_server="$final_path/live/syncing-server.env"
 config_syncing_server_worker="$final_path/live/syncing-server-worker.env"
+config_workspace="$final_path/live/workspace.env"
 
 jwt_secret=$(ynh_string_random --length=48 | base64)
 legacy_jwt_secret=$(ynh_string_random --length=48 | base64)
@@ -183,6 +186,7 @@ ynh_add_config --template="env_auth-worker.env.sample" --destination="$config_au
 ynh_add_config --template="env_files.env.sample" --destination="$config_files"
 ynh_add_config --template="env_syncing-server.env.sample" --destination="$config_syncing_server"
 ynh_add_config --template="env_syncing-server-worker.env.sample" --destination="$config_syncing_server_worker"
+ynh_add_config --template="env_workspace.env.sample" --destination="$config_workspace"
 
 #=================================================
 # INSTALLING Standard Notes - Syncing Server
@@ -191,8 +195,8 @@ ynh_script_progression --message="Installing Standard Notes - Syncing Server..."
 
 ynh_use_nodejs
 pushd "$final_path/live"
-	ynh_exec_warn_less ynh_exec_as $app env NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn install --immutable
-	ynh_exec_warn_less ynh_exec_as $app env NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn build
+	ynh_exec_warn_less ynh_exec_as $app env NODE_ENV="production" NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn install --immutable
+	ynh_exec_warn_less ynh_exec_as $app env NODE_ENV="production" NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn build
 popd
 
 #=================================================
@@ -207,6 +211,7 @@ ynh_add_systemd_config --service="$app-auth-worker" --template="systemd_auth-wor
 ynh_add_systemd_config --service="$app-files" --template="systemd_files.service"
 ynh_add_systemd_config --service="$app-syncing-server" --template="systemd_syncing-server.service"
 ynh_add_systemd_config --service="$app-syncing-server-worker" --template="systemd_syncing-server-worker.service"
+ynh_add_systemd_config --service="$app-workspace" --template="systemd_workspace.service"
 
 #=================================================
 # SETUP A CRON
@@ -236,6 +241,7 @@ ynh_use_logrotate --logfile="/var/log/$app/auth-worker.log"
 ynh_use_logrotate --logfile="/var/log/$app/files.log"
 ynh_use_logrotate --logfile="/var/log/$app/syncing-server.log"
 ynh_use_logrotate --logfile="/var/log/$app/syncing-server-worker.log"
+ynh_use_logrotate --logfile="/var/log/$app/workspace.log"
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
@@ -248,6 +254,7 @@ yunohost service add "$app-auth-worker" --description="Standard Notes - Auth - W
 yunohost service add "$app-files" --description="Standard Notes - Files" --log="/var/log/$app/files.log"
 yunohost service add "$app-syncing-server" --description="Standard Notes - Syncing Server" --log="/var/log/$app/syncing-server.log"
 yunohost service add "$app-syncing-server-worker" --description="Standard Notes - Syncing Server - Worker" --log="/var/log/$app/syncing-server-worker.log"
+yunohost service add "$app-workspace" --description="Standard Notes - Workspace" --log="/var/log/$app/workspace.log"
 
 #=================================================
 # START SYSTEMD SERVICE
@@ -285,6 +292,11 @@ ynh_systemd_action \
 	--action="start" \
 	--log_path="/var/log/$app/syncing-server-worker.log" \
 	--line_match='^.*Server started on port.*$|^.*Starting worker.*$'
+ynh_systemd_action \
+	--service_name="$app-workspace" \
+	--action="start" \
+	--log_path="/var/log/$app/workspace.log" \
+	--line_match='^.*Server started on port.*$|^.*Starting worker.*$'
 
 #=================================================
 # SETUP FAIL2BAN

scripts/remove

@@ -25,6 +25,7 @@ port_auth_worker=$(ynh_app_setting_get --app=$app --key=port_auth_worker)
 port_files=$(ynh_app_setting_get --app=$app --key=port_files)
 port_syncing_server=$(ynh_app_setting_get --app=$app --key=port_syncing_server)
 port_syncing_server_worker=$(ynh_app_setting_get --app=$app --key=port_syncing_server_worker)
+port_workspace=$(ynh_app_setting_get --app=$app --key=port_workspace)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
@@ -67,6 +68,11 @@ then
 	ynh_script_progression --message="Removing $app-syncing-server-worker service..." --weight=1
 	yunohost service remove "$app-syncing-server-worker"
 fi
+if ynh_exec_warn_less yunohost service status "$app-workspace" >/dev/null
+then
+	ynh_script_progression --message="Removing $app-workspace service..." --weight=1
+	yunohost service remove "$app-workspace"
+fi
 
 #=================================================
 # STOP AND REMOVE SERVICE
@@ -80,6 +86,7 @@ ynh_remove_systemd_config --service="$app-auth-worker"
 ynh_remove_systemd_config --service="$app-files"
 ynh_remove_systemd_config --service="$app-syncing-server"
 ynh_remove_systemd_config --service="$app-syncing-server-worker"
+ynh_remove_systemd_config --service="$app-workspace"
 
 ynh_reset_systemd
 

scripts/restore

@@ -45,6 +45,7 @@ config_auth_worker="$final_path/live/auth-worker.env"
 config_files="$final_path/live/files.env"
 config_syncing_server="$final_path/live/syncing-server.env"
 config_syncing_server_worker="$final_path/live/syncing-server-worker.env"
+config_workspace="$final_path/live/workspace.env"
 config_nginx="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
@@ -69,6 +70,7 @@ port_auth_worker=$(ynh_find_port --port=$((port_auth+1)))
 port_files=$(ynh_find_port --port=$((port_auth_worker+1)))
 port_syncing_server=$(ynh_find_port --port=$((port_files+1)))
 port_syncing_server_worker=$(ynh_find_port --port=$((port_syncing_server+1)))
+port_workspace=$(ynh_find_port --port=$((port_syncing_server_worker+1)))
 
 ynh_app_setting_set --app=$app --key=port_api_gateway --value=$port_api_gateway
 ynh_app_setting_set --app=$app --key=port_auth --value=$port_auth
@@ -76,6 +78,7 @@ ynh_app_setting_set --app=$app --key=port_auth_worker --value=$port_auth_worker
 ynh_app_setting_set --app=$app --key=port_files --value=$port_files
 ynh_app_setting_set --app=$app --key=port_syncing_server --value=$port_syncing_server
 ynh_app_setting_set --app=$app --key=port_syncing_server_worker --value=$port_syncing_server_worker
+ynh_app_setting_set --app=$app --key=port_workspace --value=$port_workspace
 
 #=================================================
 # RECREATE THE DEDICATED USER
@@ -158,6 +161,7 @@ ynh_replace_string --match_string="^REDIS_URL.*$" --replace_string="REDIS_URL=re
 ynh_replace_string --match_string="^REDIS_URL.*$" --replace_string="REDIS_URL=redis://localhost:6379/$redis_db" --target_file="$config_files"
 ynh_replace_string --match_string="^REDIS_URL.*$" --replace_string="REDIS_URL=redis://localhost:6379/$redis_db" --target_file="$config_syncing_server"
 ynh_replace_string --match_string="^REDIS_URL.*$" --replace_string="REDIS_URL=redis://localhost:6379/$redis_db" --target_file="$config_syncing_server_worker"
+ynh_replace_string --match_string="^REDIS_URL.*$" --replace_string="REDIS_URL=redis://localhost:6379/$redis_db" --target_file="$config_workspace"
 # Syncing_Server Port
 ynh_replace_string --match_string="^PORT.*$" --replace_string="PORT=$port_syncing_server" --target_file="$config_syncing_server"
 ynh_replace_string --match_string="^SYNCING_SERVER_JS_URL.*$" --replace_string="SYNCING_SERVER_JS_URL=http://localhost:$port_syncing_server" --target_file="$config_api_gateway"
@@ -178,6 +182,9 @@ ynh_replace_string_on_line --line="2" --match_string="proxy_pass.*$" --replace_s
 # Files Port
 ynh_replace_string --match_string="^PORT.*$" --replace_string="PORT=$port_files" --target_file="$config_files"
 ynh_replace_string_on_line --line="17" --match_string="proxy_pass.*$" --replace_string="proxy_pass http://127.0.0.1:$port_files/;" --target_file="$config_nginx"
+# Workspace Port
+ynh_replace_string --match_string="^PORT.*$" --replace_string="PORT=$port_workspace" --target_file="$config_workspace"
+ynh_replace_string --match_string="^WORKSPACE_SERVER_URL.*$" --replace_string="WORKSPACE_SERVER_URL=http://localhost:$port_workspace" --target_file="$config_api_gateway"
 
 #=================================================
 # RESTORE VARIOUS FILES
@@ -206,6 +213,7 @@ ynh_restore_file --origin_path="/etc/systemd/system/$app-auth-worker.service"
 ynh_restore_file --origin_path="/etc/systemd/system/$app-files.service"
 ynh_restore_file --origin_path="/etc/systemd/system/$app-syncing-server.service"
 ynh_restore_file --origin_path="/etc/systemd/system/$app-syncing-server-worker.service"
+ynh_restore_file --origin_path="/etc/systemd/system/$app-workspace.service"
 
 systemctl enable $app-api-gateway.service --quiet
 systemctl enable $app-auth.service --quiet
@@ -213,6 +221,7 @@ systemctl enable $app-auth-worker.service --quiet
 systemctl enable $app-files.service --quiet
 systemctl enable $app-syncing-server.service --quiet
 systemctl enable $app-syncing-server-worker.service --quiet
+systemctl enable $app-workspace.service --quiet
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
@@ -235,6 +244,7 @@ yunohost service add "$app-auth-worker" --description="Standard Notes - Auth - W
 yunohost service add "$app-files" --description="Standard Notes - Files" --log="/var/log/$app/files.log"
 yunohost service add "$app-syncing-server" --description="Standard Notes - Syncing Server" --log="/var/log/$app/syncing-server.log"
 yunohost service add "$app-syncing-server-worker" --description="Standard Notes - Syncing Server - Worker" --log="/var/log/$app/syncing-server-worker.log"
+yunohost service add "$app-workspace" --description="Standard Notes - Workspace" --log="/var/log/$app/workspace.log"
 
 #=================================================
 # START SYSTEMD SERVICE
@@ -271,6 +281,11 @@ ynh_systemd_action \
 	--action="start" \
 	--log_path="/var/log/$app/syncing-server-worker.log" \
 	--line_match='^.*Server started on port.*$|^.*Starting worker.*$'
+ynh_systemd_action \
+	--service_name="$app-workspace" \
+	--action="start" \
+	--log_path="/var/log/$app/workspace.log" \
+	--line_match='^.*Server started on port.*$|^.*Starting worker.*$'
 
 #=================================================
 # GENERIC FINALIZATION

scripts/upgrade

@@ -32,6 +32,7 @@ port_auth_worker=$(ynh_app_setting_get --app=$app --key=port_auth_worker)
 port_files=$(ynh_app_setting_get --app=$app --key=port_files)
 port_syncing_server=$(ynh_app_setting_get --app=$app --key=port_syncing_server)
 port_syncing_server_worker=$(ynh_app_setting_get --app=$app --key=port_syncing_server_worker)
+port_workspace=$(ynh_app_setting_get --app=$app --key=port_workspace)
 
 redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
 
@@ -51,6 +52,7 @@ config_auth_worker="$final_path/live/auth-worker.env"
 config_files="$final_path/live/files.env"
 config_syncing_server="$final_path/live/syncing-server.env"
 config_syncing_server_worker="$final_path/live/syncing-server-worker.env"
+config_workspace="$final_path/live/workspace.env"
 
 nodejs_version_installed=$(ynh_app_setting_get --app=$app --key=nodejs_version)
 
@@ -106,6 +108,10 @@ ynh_systemd_action \
 	--service_name="$app-syncing-server-worker" \
 	--action="stop" \
 	--log_path="/var/log/$app/syncing-server-worker.log"
+ynh_systemd_action \
+	--service_name="$app-workspace" \
+	--action="stop" \
+	--log_path="/var/log/$app/workspace.log"
 
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
@@ -131,19 +137,22 @@ if [[ -z "$port_api_gateway" || \
 	  -z "$port_auth_worker" || \
 	  -z "$port_files" || \
 	  -z "$port_syncing_server" || \
-	  -z "$port_syncing_server_worker" ]]; then
+	  -z "$port_syncing_server_worker" || \
+	  -z "$port_workspace" ]]; then
 	port_api_gateway=$(ynh_find_port --port=3000)
 	port_auth=$(ynh_find_port --port=$((port_api_gateway+1)))
 	port_auth_worker=$(ynh_find_port --port=$((port_auth+1)))
 	port_files=$(ynh_find_port --port=$((port_auth_worker+1)))
 	port_syncing_server=$(ynh_find_port --port=$((port_files+1)))
 	port_syncing_server_worker=$(ynh_find_port --port=$((port_syncing_server+1)))
+	port_workspace=$(ynh_find_port --port=$((port_syncing_server_worker+1)))
 	ynh_app_setting_set --app=$app --key=port_api_gateway --value=$port_api_gateway
 	ynh_app_setting_set --app=$app --key=port_auth --value=$port_auth
 	ynh_app_setting_set --app=$app --key=port_auth_worker --value=$port_auth_worker
 	ynh_app_setting_set --app=$app --key=port_files --value=$port_files
 	ynh_app_setting_set --app=$app --key=port_syncing_server --value=$port_syncing_server
 	ynh_app_setting_set --app=$app --key=port_syncing_server_worker --value=$port_syncing_server_worker
+	ynh_app_setting_set --app=$app --key=port_workspace --value=$port_workspace
 fi
 
 # If jwt_secret doesn't exist, create it
@@ -317,6 +326,7 @@ ynh_add_config --template="env_auth-worker.env.sample" --destination="$config_au
 ynh_add_config --template="env_files.env.sample" --destination="$config_files"
 ynh_add_config --template="env_syncing-server.env.sample" --destination="$config_syncing_server"
 ynh_add_config --template="env_syncing-server-worker.env.sample" --destination="$config_syncing_server_worker"
+ynh_add_config --template="env_workspace.env.sample" --destination="$config_workspace"
 
 #=================================================
 # INSTALLING Standard Notes - Syncing Server
@@ -326,8 +336,8 @@ then
 	ynh_script_progression --message="Installing Standard Notes - Syncing Server..." --weight=93
 	ynh_use_nodejs
 	pushd "$final_path/live"
-		ynh_exec_warn_less ynh_exec_as $app env NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn install --immutable
-		ynh_exec_warn_less ynh_exec_as $app env NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn build
+		ynh_exec_warn_less ynh_exec_as $app env NODE_ENV="production" NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn install --immutable
+		ynh_exec_warn_less ynh_exec_as $app env NODE_ENV="production" NODE_OPTIONS="--max-old-space-size=$node_max_old_space_size" $ynh_node_load_PATH yarn build
 	popd
 fi
 
@@ -343,6 +353,7 @@ ynh_add_systemd_config --service="$app-auth-worker" --template="systemd_auth-wor
 ynh_add_systemd_config --service="$app-files" --template="systemd_files.service"
 ynh_add_systemd_config --service="$app-syncing-server" --template="systemd_syncing-server.service"
 ynh_add_systemd_config --service="$app-syncing-server-worker" --template="systemd_syncing-server-worker.service"
+ynh_add_systemd_config --service="$app-workspace" --template="systemd_workspace.service"
 
 #=================================================
 # GENERIC FINALIZATION
@@ -361,6 +372,7 @@ ynh_use_logrotate --logfile="/var/log/$app/auth-worker.log"
 ynh_use_logrotate --logfile="/var/log/$app/files.log"
 ynh_use_logrotate --logfile="/var/log/$app/syncing-server.log"
 ynh_use_logrotate --logfile="/var/log/$app/syncing-server-worker.log"
+ynh_use_logrotate --logfile="/var/log/$app/workspace.log"
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
@@ -373,6 +385,7 @@ yunohost service add "$app-auth-worker" --description="Standard Notes - Auth - W
 yunohost service add "$app-files" --description="Standard Notes - Files" --log="/var/log/$app/files.log"
 yunohost service add "$app-syncing-server" --description="Standard Notes - Syncing Server" --log="/var/log/$app/syncing-server.log"
 yunohost service add "$app-syncing-server-worker" --description="Standard Notes - Syncing Server - Worker" --log="/var/log/$app/syncing-server-worker.log"
+yunohost service add "$app-workspace" --description="Standard Notes - Workspace" --log="/var/log/$app/workspace.log"
 
 #=================================================
 # START SYSTEMD SERVICE
@@ -410,6 +423,11 @@ ynh_systemd_action \
 	--action="start" \
 	--log_path="/var/log/$app/syncing-server-worker.log" \
 	--line_match='^.*Server started on port.*$|^.*Starting worker.*$'
+ynh_systemd_action \
+	--service_name="$app-workspace" \
+	--action="start" \
+	--log_path="/var/log/$app/workspace.log" \
+	--line_match='^.*Server started on port.*$|^.*Starting worker.*$'
 
 #=================================================
 # SETUP A CRON