diff options
Diffstat (limited to 'roles/munin-master/files/etc/systemd/system')
4 files changed, 67 insertions, 0 deletions
diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service new file mode 100644 index 0000000..60ab444 --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service @@ -0,0 +1,23 @@ +[Unit] +Description=Munin CGI Graph Service +After=network.target +PartOf=munin.service +Requires=munin-cgi-graph.socket + +[Service] +StandardInput=socket +User=www-data +Group=munin +ExecStart=/usr/lib/munin/cgi/munin-cgi-graph + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/log/munin +ReadWriteDirectories=-/var/lib/munin/cgi-tmp/munin-cgi-graph + +[Install] +WantedBy=multi-user.target diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket new file mode 100644 index 0000000..d4d2e27 --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Munin CGI Graph Listen Socket + +[Socket] +SocketUser=www-data +SocketGroup=www-data +SocketMode=0600 +ListenStream=/run/munin/cgi-graph.socket + +[Install] +WantedBy=sockets.target diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service new file mode 100644 index 0000000..119d3a2 --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service @@ -0,0 +1,22 @@ +[Unit] +Description=Munin CGI HTML Service +After=network.target +PartOf=munin.service +Requires=munin-cgi-html.socket + +[Service] +StandardInput=socket +User=www-data +Group=munin +ExecStart=/usr/lib/munin/cgi/munin-cgi-html + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/log/munin + +[Install] +WantedBy=multi-user.target diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket new file mode 100644 index 0000000..77be2cf --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Munin CGI HTML Listen Socket + +[Socket] +SocketUser=www-data +SocketGroup=www-data +SocketMode=0600 +ListenStream=/run/munin/cgi-html.socket + +[Install] +WantedBy=sockets.target |