diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-11-03 03:15:10 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-11-03 03:37:11 +0100 |
commit | ead9aaa3dd7ca48012b2b21cc930ee73c8eaa9d3 (patch) | |
tree | b656f589d1ff4d4b0d245afad3d8d22ce5e65368 /roles/bacula-sd | |
parent | 24616de43c39da3fe7efd72426fce078a3afdaea (diff) |
Bacula: refactor systemd service files.
Use unit overrides on top of upstream's service files instead of
overriding entire service files. In particular, upstream uses flag `-P`
so we don't need to use RuntimeDirectory= anymore.
Diffstat (limited to 'roles/bacula-sd')
-rw-r--r-- | roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf (renamed from roles/bacula-sd/files/etc/systemd/system/bacula-sd.service) | 14 | ||||
-rw-r--r-- | roles/bacula-sd/tasks/main.yml | 14 |
2 files changed, 10 insertions, 18 deletions
diff --git a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf index 61ba01d..e4ed970 100644 --- a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service +++ b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf @@ -1,14 +1,4 @@ [Unit] -Description=Bacula Storage Daemon service -After=network.target - -[Service] -Type=simple -StandardOutput=syslog -User=bacula -Group=tape -ExecStart=/usr/sbin/bacula-sd -f -c /etc/bacula/bacula-sd.conf - # Hardening NoNewPrivileges=yes PrivateDevices=yes @@ -16,12 +6,8 @@ ProtectHome=yes ProtectSystem=strict ReadWriteDirectories=-/var/lib/bacula ReadWriteDirectories=/mnt/backup/bacula -RuntimeDirectory=bacula PrivateDevices=yes ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_INET AF_INET6 - -[Install] -WantedBy=multi-user.target diff --git a/roles/bacula-sd/tasks/main.yml b/roles/bacula-sd/tasks/main.yml index 93958a8..f30fe7f 100644 --- a/roles/bacula-sd/tasks/main.yml +++ b/roles/bacula-sd/tasks/main.yml @@ -1,7 +1,7 @@ - name: Install bacula-sd apt: pkg=bacula-sd -# Create with: +# Populate with: # echo $director-dir $(pwgen -sn 64 1) | sudo tee -a /etc/bacula/passwords-sd - name: Ensure /etc/bacula/passwords-sd exists file: path=/etc/bacula/passwords-sd @@ -17,9 +17,15 @@ notify: - Restart bacula-sd -- name: Copy bacula-sd.service - copy: src=etc/systemd/system/bacula-sd.service - dest=/etc/systemd/system/bacula-sd.service +- name: Create /etc/systemd/system/bacula-sd.service.d + file: path=/etc/systemd/system/bacula-sd.service.d + state=directory + owner=root group=root + mode=0755 + +- name: Copy bacula-sd.service override + copy: src=etc/systemd/system/bacula-sd.service.d/override.conf + dest=/etc/systemd/system/bacula-sd.service.d/override.conf owner=root group=root mode=0644 notify: |