diff options
Diffstat (limited to 'roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2')
-rw-r--r-- | roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2 | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2 b/roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2 new file mode 100644 index 0000000..883359b --- /dev/null +++ b/roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2 @@ -0,0 +1,35 @@ +[Unit] +Description=Vaultwarden Server +Documentation=https://github.com/dani-garcia/vaultwarden +Wants=gssproxy.service +After=network-online.target nss-user-lookup.target gssproxy.service + +[Service] +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +DevicePolicy=closed +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +LockPersonality=yes +ReadWritePaths={{ vaultwarden_data_dir }} + +User={{ vaultwarden_user }} +Group={{ vaultwarden_user }} + +Environment=DATA_FOLDER={{ vaultwarden_data_dir }} +Environment=WEB_VAULT_FOLDER={{ vaultwarden_web_dir }} +Environment=GSS_USE_PROXY=yes +EnvironmentFile=/etc/sysconfig/vaultwarden + +ExecStart={{ vaultwarden_source_dir }}/target/release/vaultwarden + +[Install] +WantedBy=multi-user.target |