summaryrefslogtreecommitdiffstats
path: root/roles/bacula-sd
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-11-03 03:15:10 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-11-03 03:37:11 +0100
commitead9aaa3dd7ca48012b2b21cc930ee73c8eaa9d3 (patch)
treeb656f589d1ff4d4b0d245afad3d8d22ce5e65368 /roles/bacula-sd
parent24616de43c39da3fe7efd72426fce078a3afdaea (diff)
Bacula: refactor systemd service files.
Use unit overrides on top of upstream's service files instead of overriding entire service files. In particular, upstream uses flag `-P` so we don't need to use RuntimeDirectory= anymore.
Diffstat (limited to 'roles/bacula-sd')
-rw-r--r--roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf (renamed from roles/bacula-sd/files/etc/systemd/system/bacula-sd.service)14
-rw-r--r--roles/bacula-sd/tasks/main.yml14
2 files changed, 10 insertions, 18 deletions
diff --git a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf
index 61ba01d..e4ed970 100644
--- a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
+++ b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf
@@ -1,14 +1,4 @@
[Unit]
-Description=Bacula Storage Daemon service
-After=network.target
-
-[Service]
-Type=simple
-StandardOutput=syslog
-User=bacula
-Group=tape
-ExecStart=/usr/sbin/bacula-sd -f -c /etc/bacula/bacula-sd.conf
-
# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
@@ -16,12 +6,8 @@ ProtectHome=yes
ProtectSystem=strict
ReadWriteDirectories=-/var/lib/bacula
ReadWriteDirectories=/mnt/backup/bacula
-RuntimeDirectory=bacula
PrivateDevices=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_INET AF_INET6
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/bacula-sd/tasks/main.yml b/roles/bacula-sd/tasks/main.yml
index 93958a8..f30fe7f 100644
--- a/roles/bacula-sd/tasks/main.yml
+++ b/roles/bacula-sd/tasks/main.yml
@@ -1,7 +1,7 @@
- name: Install bacula-sd
apt: pkg=bacula-sd
-# Create with:
+# Populate with:
# echo $director-dir $(pwgen -sn 64 1) | sudo tee -a /etc/bacula/passwords-sd
- name: Ensure /etc/bacula/passwords-sd exists
file: path=/etc/bacula/passwords-sd
@@ -17,9 +17,15 @@
notify:
- Restart bacula-sd
-- name: Copy bacula-sd.service
- copy: src=etc/systemd/system/bacula-sd.service
- dest=/etc/systemd/system/bacula-sd.service
+- name: Create /etc/systemd/system/bacula-sd.service.d
+ file: path=/etc/systemd/system/bacula-sd.service.d
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy bacula-sd.service override
+ copy: src=etc/systemd/system/bacula-sd.service.d/override.conf
+ dest=/etc/systemd/system/bacula-sd.service.d/override.conf
owner=root group=root
mode=0644
notify: