aboutsummaryrefslogtreecommitdiffstats
path: root/roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2')
-rw-r--r--roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j235
1 files changed, 35 insertions, 0 deletions
diff --git a/roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2 b/roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2
new file mode 100644
index 0000000..883359b
--- /dev/null
+++ b/roles/vaultwarden/templates/etc/systemd/system/vaultwarden.service.j2
@@ -0,0 +1,35 @@
+[Unit]
+Description=Vaultwarden Server
+Documentation=https://github.com/dani-garcia/vaultwarden
+Wants=gssproxy.service
+After=network-online.target nss-user-lookup.target gssproxy.service
+
+[Service]
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+DevicePolicy=closed
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+LockPersonality=yes
+ReadWritePaths={{ vaultwarden_data_dir }}
+
+User={{ vaultwarden_user }}
+Group={{ vaultwarden_user }}
+
+Environment=DATA_FOLDER={{ vaultwarden_data_dir }}
+Environment=WEB_VAULT_FOLDER={{ vaultwarden_web_dir }}
+Environment=GSS_USE_PROXY=yes
+EnvironmentFile=/etc/sysconfig/vaultwarden
+
+ExecStart={{ vaultwarden_source_dir }}/target/release/vaultwarden
+
+[Install]
+WantedBy=multi-user.target
generated by cgit (git 2.34.1) at 2024-09-19 12:02:56 -0400