diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-11-03 03:15:10 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-11-03 03:37:11 +0100 |
| commit | ead9aaa3dd7ca48012b2b21cc930ee73c8eaa9d3 (patch) | |
| tree | b656f589d1ff4d4b0d245afad3d8d22ce5e65368 /roles/bacula-dir | |
| parent | 24616de43c39da3fe7efd72426fce078a3afdaea (diff) | |
Bacula: refactor systemd service files.
Use unit overrides on top of upstream's service files instead of
overriding entire service files. In particular, upstream uses flag `-P`
so we don't need to use RuntimeDirectory= anymore.
Diffstat (limited to 'roles/bacula-dir')
| -rw-r--r-- | roles/bacula-dir/files/etc/systemd/system/bacula-director.service.d/override.conf (renamed from roles/bacula-dir/files/etc/systemd/system/bacula-director.service) | 14 | ||||
| -rw-r--r-- | roles/bacula-dir/tasks/main.yml | 14 |
2 files changed, 10 insertions, 18 deletions
diff --git a/roles/bacula-dir/files/etc/systemd/system/bacula-director.service b/roles/bacula-dir/files/etc/systemd/system/bacula-director.service.d/override.conf index 8b2f5ff..f0d36c4 100644 --- a/roles/bacula-dir/files/etc/systemd/system/bacula-director.service +++ b/roles/bacula-dir/files/etc/systemd/system/bacula-director.service.d/override.conf @@ -1,14 +1,4 @@ -[Unit] -Description=Bacula Director service -After=network.target - [Service] -Type=simple -StandardOutput=syslog -User=bacula -Group=bacula -ExecStart=/usr/sbin/bacula-dir -f -c /etc/bacula/bacula-dir.conf - # Hardening NoNewPrivileges=yes PrivateDevices=yes @@ -16,12 +6,8 @@ ProtectHome=yes ProtectSystem=strict ReadWriteDirectories=-/var/lib/bacula ReadWriteDirectories=-/var/log/bacula -RuntimeDirectory=bacula PrivateDevices=yes ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 - -[Install] -WantedBy=multi-user.target diff --git a/roles/bacula-dir/tasks/main.yml b/roles/bacula-dir/tasks/main.yml index 2f7ab25..2fdb35b 100644 --- a/roles/bacula-dir/tasks/main.yml +++ b/roles/bacula-dir/tasks/main.yml @@ -12,7 +12,7 @@ notify: - Restart bacula-director -# Create with: +# Populate with: # echo bconsole $(pwgen -sn 64 1) | sudo tee -a /etc/bacula/passwords-dir # echo $sd-sd $(pwgen -sn 64 1) | sudo tee -a /etc/bacula/passwords-dir # echo $fd-fd $(pwgen -sn 64 1) | sudo tee -a /etc/bacula/passwords-dir @@ -41,9 +41,15 @@ notify: - Restart bacula-director -- name: Copy bacula-director.service - copy: src=etc/systemd/system/bacula-director.service - dest=/etc/systemd/system/bacula-director.service +- name: Create /etc/systemd/system/bacula-director.service.d + file: path=/etc/systemd/system/bacula-director.service.d + state=directory + owner=root group=root + mode=0755 + +- name: Copy bacula-director.service override + copy: src=etc/systemd/system/bacula-director.service.d/override.conf + dest=/etc/systemd/system/bacula-director.service.d/override.conf owner=root group=root mode=0644 notify: |