summaryrefslogtreecommitdiffstats
path: root/roles/bacula-sd/files
diff options
context:
space:
mode:
Diffstat (limited to 'roles/bacula-sd/files')
-rw-r--r--roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf13
-rw-r--r--roles/bacula-sd/files/lib/systemd/system/bacula-sd.service14
2 files changed, 13 insertions, 14 deletions
diff --git a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf
new file mode 100644
index 0000000..b228078
--- /dev/null
+++ b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service.d/override.conf
@@ -0,0 +1,13 @@
+[Service]
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=strict
+ReadWriteDirectories=-/var/lib/bacula
+ReadWriteDirectories=/mnt/backup/bacula
+PrivateDevices=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_INET AF_INET6
diff --git a/roles/bacula-sd/files/lib/systemd/system/bacula-sd.service b/roles/bacula-sd/files/lib/systemd/system/bacula-sd.service
deleted file mode 100644
index 4c3f81d..0000000
--- a/roles/bacula-sd/files/lib/systemd/system/bacula-sd.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Bacula Storage Daemon service
-After=network.target
-
-[Service]
-Type=forking
-PIDFile=/var/run/bacula/bacula-sd.9113.pid
-StandardOutput=syslog
-User=bacula
-Group=tape
-ExecStart=/usr/sbin/bacula-sd -c /etc/bacula/bacula-sd.conf
-
-[Install]
-WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 15:55:03 +0000