Use systemd unit files for stunnel4.

author: Guilhem Moulin <guilhem@fripost.org> 2016-05-11 18:07:09 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2016-05-12 11:33:55 +0200
commit: 90d498034b891123350785a134402172de477f4f (patch)
tree: a6e3c924054c3f689cdaffffe3a479e88fb97282 /roles/common/files/lib/systemd/system/stunnel4@.service
parent: e370313ad5895871479fffc922e3c72c0375dbf2 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/roles/common/files/lib/systemd/system/stunnel4@.service b/roles/common/files/lib/systemd/system/stunnel4@.service
new file mode 100644
index 0000000..e53d29e
--- /dev/null
+++ b/roles/common/files/lib/systemd/system/stunnel4@.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=SSL tunnel for network daemons (instance %i)
+After=network.target nss-lookup.target
+PartOf=stunnel4.service
+ReloadPropagatedFrom=stunnel4.service
+
+[Service]
+ExecStart=/usr/bin/stunnel4 /etc/stunnel/%i.conf
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutStartSec=120
+TimeoutStopSec=60
+Restart=on-failure
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+
+[Install]
+WantedBy=multi-user.target
author	Guilhem Moulin <guilhem@fripost.org>	2016-05-11 18:07:09 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2016-05-12 11:33:55 +0200
commit	90d498034b891123350785a134402172de477f4f (patch)
tree	a6e3c924054c3f689cdaffffe3a479e88fb97282 /roles/common/files/lib/systemd/system/stunnel4@.service
parent	e370313ad5895871479fffc922e3c72c0375dbf2 (diff)