summaryrefslogtreecommitdiffstats
path: root/roles/common/files
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-18 15:51:54 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-18 15:51:54 +0200
commit42df93debccbcb1a18cd377b6de0b5b20527312f (patch)
treeacb669efd9b6f9d0d80e9563d2940192b3753925 /roles/common/files
parentf3e90041c28a74c94d06f419889691f533422c2f (diff)
stunnel4: Harden and socket-activate.
Diffstat (limited to 'roles/common/files')
-rw-r--r--roles/common/files/etc/systemd/system/stunnel4@.service5
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/common/files/etc/systemd/system/stunnel4@.service b/roles/common/files/etc/systemd/system/stunnel4@.service
index 1a30599..4d69702 100644
--- a/roles/common/files/etc/systemd/system/stunnel4@.service
+++ b/roles/common/files/etc/systemd/system/stunnel4@.service
@@ -1,10 +1,15 @@
[Unit]
Description=SSL tunnel for network daemons (instance %i)
+Documentation=man:stunnel4(8)
After=network.target nss-lookup.target
PartOf=stunnel4.service
ReloadPropagatedFrom=stunnel4.service
[Service]
+DynamicUser=yes
+; force dynamic user/group allocation (stunnel4 user exists already)
+User=_stunnel4-%i
+Group=_stunnel4-%i
ExecStart=/usr/bin/stunnel4 /etc/stunnel/%i.conf
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT