From e136d3edbdb6749d4559939dc9fcbc11d166e34c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 31 May 2017 17:39:57 +0200
Subject: =?UTF-8?q?/lib/systemd/system=20=E2=86=92=20/etc/systemd/system?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../files/etc/systemd/system/stunnel4@.service     | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/common/files/etc/systemd/system/stunnel4@.service

(limited to 'roles/common/files/etc/systemd/system/stunnel4@.service')

diff --git a/roles/common/files/etc/systemd/system/stunnel4@.service b/roles/common/files/etc/systemd/system/stunnel4@.service
new file mode 100644
index 0000000..e53d29e
--- /dev/null
+++ b/roles/common/files/etc/systemd/system/stunnel4@.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=SSL tunnel for network daemons (instance %i)
+After=network.target nss-lookup.target
+PartOf=stunnel4.service
+ReloadPropagatedFrom=stunnel4.service
+
+[Service]
+ExecStart=/usr/bin/stunnel4 /etc/stunnel/%i.conf
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutStartSec=120
+TimeoutStopSec=60
+Restart=on-failure
+
+# Hardening
+NoNewPrivileges=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3