summaryrefslogtreecommitdiffstats
path: root/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-05-31 17:39:57 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-05-31 17:39:57 +0200
commite136d3edbdb6749d4559939dc9fcbc11d166e34c (patch)
tree36e051f5675b003c38bac4fc6eec738698125437 /roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
parent789f4f2e1b01873b200b973584d1501ba32e3bfd (diff)
/lib/systemd/system → /etc/systemd/system
Diffstat (limited to 'roles/bacula-sd/files/etc/systemd/system/bacula-sd.service')
-rw-r--r--roles/bacula-sd/files/etc/systemd/system/bacula-sd.service24
1 files changed, 24 insertions, 0 deletions
diff --git a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
new file mode 100644
index 0000000..698ad17
--- /dev/null
+++ b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=Bacula Storage Daemon service
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/bacula/bacula-sd.9103.pid
+StandardOutput=syslog
+User=bacula
+Group=tape
+ExecStart=/usr/sbin/bacula-sd -c /etc/bacula/bacula-sd.conf
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/bacula
+ReadWriteDirectories=-/var/run/bacula
+ReadWriteDirectories=/mnt/backup/bacula
+
+[Install]
+WantedBy=multi-user.target