docs: instructions for go install [ci skip]

elaborate on cloud server API URL [ci skip]

.github/workflows/ci.yml

@@ -7,6 +7,7 @@ on:
 
 jobs:
   test:
+    name: 'Unit- & API tests'
     runs-on: ubuntu-latest
     steps:
 
@@ -31,7 +32,7 @@ jobs:
         ./testing/run_api_tests.sh
 
   mapi:
-    name: 'Mayhem for API'
+    name: 'Automated pen-tests with Mayhem for API'
     runs-on: ubuntu-latest
     steps:
     - name: Set up Go 1.x
@@ -74,6 +75,8 @@ jobs:
         sarif_file: mapi.sarif
 
   build:
+    name: 'Build (Win, Linux, Mac)'
+
     strategy:
       matrix:
         platform: [ubuntu-latest, macos-latest, windows-latest]
@@ -94,4 +97,4 @@ jobs:
       run: go get
 
     - name: Build
-      run: go build -v .
+      run: go build -v .

.github/workflows/docker.yml

@@ -8,6 +8,7 @@ on:
 
 jobs:
   docker-publish:
+    name: 'Build and publish Docker image'
     runs-on: ubuntu-latest
     steps:
       - name: Set up QEMU

.github/workflows/release.yml

@@ -7,7 +7,8 @@ on:
 
 jobs:
   release:
-    name: Release
+    name: 'Build, package and release to GitHub'
+
     strategy:
       fail-fast: false
       matrix:

README.md

@@ -100,19 +100,22 @@ If you want to run Wakapi on **Kubernetes**, there is [wakapi-helm-chart](https:
 #### Compile & run
 
 ```bash
-# Build the executable
-$ go build -o wakapi
+# Build and install
+# Alternatively: go build -o wakapi
+$ go install github.com/muety/wakapi@latest
 
-# Adapt config to your needs
-$ cp config.default.yml config.yml
-$ vi config.yml
+# Get default config and customize
+$ curl -o wakapi.yml https://raw.githubusercontent.com/muety/wakapi/master/config.default.yml
+$ vi wakapi.yml
 
 # Run it
-$ ./wakapi
+$ ./wakapi -config wakapi.yml
 ```
 
 **Note:** Check the comments in `config.yml` for best practices regarding security configuration and more.
 
+💡 When running Wakapi standalone (without Docker), it is recommended to run it as a [SystemD service](etc/wakapi.service). 
+
 ### 💻 Client setup
 
 Wakapi relies on the open-source [WakaTime](https://github.com/wakatime/wakatime) client tools. In order to collect statistics for Wakapi, you need to set them up.
@@ -123,8 +126,8 @@ Wakapi relies on the open-source [WakaTime](https://github.com/wakatime/wakatime
 ```ini
 [settings]
 
-# Your Wakapi server URL or 'https://wakapi.dev' when using the cloud server
-api_url = http://localhost:3000/api/heartbeat
+# Your Wakapi server URL or 'https://wakapi.dev/api' when using the cloud server
+api_url = http://localhost:3000/api
 
 # Your Wakapi API key (get it from the web interface after having created an account)
 api_key = 406fe41f-6d69-4183-a4cc-121e0c524c2b
@@ -145,7 +148,7 @@ You can specify configuration options either via a config file (default: `config
 | `app.inactive_days` /<br>`WAKAPI_INACTIVE_DAYS`                              | `7`                                              | Number of days after which to consider a user inactive (only for metrics)                                                                                                |
 | `app.heartbeat_max_age /`<br>`WAKAPI_HEARTBEAT_MAX_AGE`                      | `4320h`                                          | Maximum acceptable age of a heartbeat (see [`ParseDuration`](https://pkg.go.dev/time#ParseDuration))                                                                     |
 | `app.custom_languages`                                                       | -                                                | Map from file endings to language names                                                                                                                                  |
-| `app.avatar_url_template`                                                    | (see [`config.default.yml`](config.default.yml)) | URL template for external user avatar images (e.g. from [Dicebear](https://dicebear.com) or [Gravatar](https://gravatar.com))                                            |
+| `app.avatar_url_template` /<br>`WAKAPI_AVATAR_URL_TEMPLATE`                  | (see [`config.default.yml`](config.default.yml)) | URL template for external user avatar images (e.g. from [Dicebear](https://dicebear.com) or [Gravatar](https://gravatar.com))                                            |
 | `server.port` /<br> `WAKAPI_PORT`                                            | `3000`                                           | Port to listen on                                                                                                                                                        |
 | `server.listen_ipv4` /<br> `WAKAPI_LISTEN_IPV4`                              | `127.0.0.1`                                      | IPv4 network address to listen on (leave blank to disable IPv4)                                                                                                          |
 | `server.listen_ipv6` /<br> `WAKAPI_LISTEN_IPV6`                              | `::1`                                            | IPv6 network address to listen on (leave blank to disable IPv6)                                                                                                          |

config/config.go

@@ -70,7 +70,7 @@ type appConfig struct {
 	InactiveDays      int                          `yaml:"inactive_days" default:"7" env:"WAKAPI_INACTIVE_DAYS"`
 	HeartbeatMaxAge   string                       `yaml:"heartbeat_max_age" default:"4320h" env:"WAKAPI_HEARTBEAT_MAX_AGE"`
 	CountCacheTTLMin  int                          `yaml:"count_cache_ttl_min" default:"30" env:"WAKAPI_COUNT_CACHE_TTL_MIN"`
-	AvatarURLTemplate string                       `yaml:"avatar_url_template" default:"api/avatar/{username_hash}.svg"`
+	AvatarURLTemplate string                       `yaml:"avatar_url_template" default:"api/avatar/{username_hash}.svg" env:"WAKAPI_AVATAR_URL_TEMPLATE"`
 	CustomLanguages   map[string]string            `yaml:"custom_languages"`
 	Colors            map[string]map[string]string `yaml:"-"`
 }

etc/wakapi.service

@@ -0,0 +1,53 @@
+[Unit]
+Description=Wakapi
+StartLimitIntervalSec=400
+StartLimitBurst=3
+
+# Optional, in case you're running MySQL / Postgres with Systemd, too
+Requires=mysql.service
+After=mysql.service
+
+[Service]
+Type=simple
+
+# Assuming Wakapi executable is under /opt/wakapi and config file at /etc
+# Feel free to change this
+WorkingDirectory=/opt/wakapi
+ExecStart=/opt/wakapi/wakapi -config /etc/wakapi.yml
+
+# Environment variables, see README for more
+Environment=WAKAPI_DB_HOST=localhost
+Environment=WAKAPI_DB_USER=wakapi
+Environment=WAKAPI_DB_NAME=wakapi
+Environment=WAKAPI_DB_PASSWORD=secretpassword
+Environment=WAKAPI_PASSWORD_SALT=somerandomstring
+
+# TODO: Use Systemd's credentials management (https://systemd.io/CREDENTIALS/) introduced in v247 (%d syntax in v250) once more established
+
+# sudo groupadd wakapi
+# sudo useradd -g wakapi wakapi
+User=wakapi
+Group=wakapi
+
+Restart=on-failure
+RestartSec=90
+
+# Security hardening
+PrivateTmp=true
+PrivateUsers=true
+NoNewPrivileges=true
+ProtectSystem=full
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+PrivateDevices=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ProtectClock=true
+RestrictSUIDSGID=true
+ProtectHostname=true
+ProtectProc=invisible
+
+[Install]
+WantedBy=multi-user.target