/lib/systemd/system → /etc/systemd/system

author: Guilhem Moulin <guilhem@fripost.org> 2017-05-31 17:39:57 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2017-05-31 17:39:57 +0200
commit: e136d3edbdb6749d4559939dc9fcbc11d166e34c (patch)
tree: 36e051f5675b003c38bac4fc6eec738698125437 /roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
parent: 789f4f2e1b01873b200b973584d1501ba32e3bfd (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
new file mode 100644
index 0000000..698ad17
--- /dev/null
+++ b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=Bacula Storage Daemon service
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/bacula/bacula-sd.9103.pid
+StandardOutput=syslog
+User=bacula
+Group=tape
+ExecStart=/usr/sbin/bacula-sd -c /etc/bacula/bacula-sd.conf
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/bacula
+ReadWriteDirectories=-/var/run/bacula
+ReadWriteDirectories=/mnt/backup/bacula
+
+[Install]
+WantedBy=multi-user.target
author	Guilhem Moulin <guilhem@fripost.org>	2017-05-31 17:39:57 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2017-05-31 17:39:57 +0200
commit	e136d3edbdb6749d4559939dc9fcbc11d166e34c (patch)
tree	36e051f5675b003c38bac4fc6eec738698125437 /roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
parent	789f4f2e1b01873b200b973584d1501ba32e3bfd (diff)