Disabled NoNewPrivileges security restriction to allow the service to
execute sudo commands for system shutdown and reboot. Also expanded PATH
to include /sbin and /usr/sbin directories.
Changes:
- Commented out NoNewPrivileges=true to allow sudo privilege escalation
- Added /sbin and /usr/sbin to PATH environment variable
- Keeps other security hardening (PrivateTmp, user/group isolation)
Why this is needed:
The NoNewPrivileges flag prevents any process from gaining additional
privileges, which blocks sudo even with proper sudoers configuration.
This is safe to disable for this use case because:
1. Service runs as specific user (berwn)
2. Sudoers file restricts to only /sbin/shutdown and /sbin/reboot
3. No other privilege escalation paths in the application
This fixes the issue where reboot works with 'make start' but not as
a systemd service.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated service to use uv run with absolute path to avoid
PATH issues in systemd environment.
Service file changes:
- ExecStart: Uses absolute path to uv (/home/berwn/.local/bin/uv)
- Runs: uv run --no-project python rotary_phone_web.py
- This ensures uv manages dependencies correctly
Install script improvements:
- Auto-detects uv location with 'which uv'
- Falls back to $HOME/.local/bin/uv if not in PATH
- Validates uv exists before proceeding
- Substitutes actual uv path into service file
- Shows detected uv path in output
This fixes:
ModuleNotFoundError: No module named 'waitress'
Now uv properly manages the virtual environment and
dependencies are available to the service.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed service to run python3 directly instead of 'make start'
to avoid dependency on uv being installed system-wide.
Service file changes:
- ExecStart: /usr/bin/python3 rotary_phone_web.py (instead of make)
- User/Group: berwn (match actual user, not hardcoded pi)
- WorkingDirectory: /home/berwn/wedding-phone
- PATH includes user's .local/bin for any user-installed packages
Install script improvements:
- Automatically substitutes correct username
- Substitutes correct home directory in PATH
- Substitutes correct working directory
- More robust sed replacements with proper escaping
This fixes the error:
make: uv: No such file or directory
make: *** [Makefile:8: start] Error 127
Now the service works regardless of whether uv is installed,
as it uses system python3 which is always available.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
**Issues Fixed:**
- Removed [tool.uv.scripts] (not supported by UV)
- Updated requires-python from >=3.7 to >=3.8 (Flask requirement)
- Removed tool.uv.dev-dependencies (deprecated)
**Makefile Added:**
- make start - Run the wedding phone system
- make test - Run audio tests
- make install - Install dependencies
- make clean - Clean temporary files
- make help - Show available commands
**Service Updated:**
- Changed ExecStart from 'uv run start' to 'make start'
- Uses Makefile for proper UV execution
**Documentation Updated:**
- Primary method now uses Make commands
- Added UV direct commands as alternative
- Updated file structure to include Makefile
**Usage:**
```bash
# Recommended
make start
# Alternative
uv run python rotary_phone_web.py
# Service uses make internally
sudo systemctl start wedding-phone
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
**UV Integration:**
- Updated pyproject.toml with [tool.uv.scripts]
- Added 'uv run start' to launch wedding phone
- Added 'uv run test' to run audio tests
- Refactored main code into main() function
- Added proper entry point for package installation
**Systemd Service:**
- Created wedding-phone.service template
- Service runs with UV for dependency management
- Automatic restart on failure
- Proper security hardening (NoNewPrivileges, PrivateTmp)
- GPIO and audio group access configured
**Service Installer:**
- Created install_service.sh automated installer
- Auto-detects project path and user
- Checks for UV installation and dependencies
- Configures service file with correct paths
- Option to enable and start immediately
- Provides helpful command reference
**Installer Features:**
- Validates config.json exists (creates from example if missing)
- Installs UV dependencies automatically
- Updates service file paths dynamically
- Color-coded output for clarity
- Error checking at each step
- Clean installation process
**Usage:**
```bash
# Run directly with UV
uv run start
# Install as system service
./install_service.sh
# Service management
sudo systemctl start wedding-phone
sudo systemctl stop wedding-phone
sudo journalctl -u wedding-phone -f
```
**Documentation:**
- Updated README with UV commands
- Added service installation guide
- Removed old manual systemd instructions
- Added service management commands
- Updated file structure documentation
**Benefits:**
- Easier to run (single command)
- Automatic startup on boot
- Better dependency management
- Professional service integration
- Simplified installation process
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
