summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/systemd/system
Commit message (Collapse)AuthorAgeFiles
* Bacula: refactor systemd service files.Guilhem Moulin2020-11-031
| | | | | | Use unit overrides on top of upstream's service files instead of overriding entire service files. In particular, upstream uses flag `-P` so we don't need to use RuntimeDirectory= anymore.
* stunnel4: Harden and socket-activate.Guilhem Moulin2020-05-181
|
* Upgrade baseline to Debian 10.Guilhem Moulin2020-05-162
|
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-251
| | | | | | | | | * Use nftables sets with a timeout * Start daemon with a hardened unit file and restricted Capability Bounding Set. (This requires to change the log path to /var/log/fail2ban/*.) * Skip database as we don't care about persistence. * Refactor jail.local
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-092
|
* bacula-*.service: Don't fork in the background.Guilhem Moulin2018-12-091
| | | | Inspired from /lib/systemd/system/bacula-fd.service.
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-092
| | | | And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’.
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-313