From e136d3edbdb6749d4559939dc9fcbc11d166e34c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 31 May 2017 17:39:57 +0200 Subject: =?UTF-8?q?/lib/systemd/system=20=E2=86=92=20/etc/systemd/system?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../files/etc/systemd/system/bacula-fd.service | 22 +++++++++++++++++++++ .../files/etc/systemd/system/stunnel4.service | 14 +++++++++++++ .../files/etc/systemd/system/stunnel4@.service | 23 ++++++++++++++++++++++ .../files/lib/systemd/system/bacula-fd.service | 22 --------------------- .../files/lib/systemd/system/stunnel4.service | 14 ------------- .../files/lib/systemd/system/stunnel4@.service | 23 ---------------------- roles/common/tasks/bacula.yml | 4 ++-- roles/common/tasks/stunnel.yml | 4 ++-- 8 files changed, 63 insertions(+), 63 deletions(-) create mode 100644 roles/common/files/etc/systemd/system/bacula-fd.service create mode 100644 roles/common/files/etc/systemd/system/stunnel4.service create mode 100644 roles/common/files/etc/systemd/system/stunnel4@.service delete mode 100644 roles/common/files/lib/systemd/system/bacula-fd.service delete mode 100644 roles/common/files/lib/systemd/system/stunnel4.service delete mode 100644 roles/common/files/lib/systemd/system/stunnel4@.service (limited to 'roles/common') diff --git a/roles/common/files/etc/systemd/system/bacula-fd.service b/roles/common/files/etc/systemd/system/bacula-fd.service new file mode 100644 index 0000000..ee5afe3 --- /dev/null +++ b/roles/common/files/etc/systemd/system/bacula-fd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Bacula File Daemon service +After=network.target + +[Service] +Type=forking +PIDFile=/var/run/bacula/bacula-fd.9102.pid +StandardOutput=syslog +ExecStart=/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=read-only +ProtectSystem=full +PrivateTmp=yes +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/lib +ReadWriteDirectories=-/var/run/bacula + +[Install] +WantedBy=multi-user.target diff --git a/roles/common/files/etc/systemd/system/stunnel4.service b/roles/common/files/etc/systemd/system/stunnel4.service new file mode 100644 index 0000000..990e07b --- /dev/null +++ b/roles/common/files/etc/systemd/system/stunnel4.service @@ -0,0 +1,14 @@ +# This service is actually a systemd target, +# but we are using a service since targets cannot be reloaded. + +[Unit] +Description=SSL tunnel for network daemons (multi-instance-master) + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecReload=/bin/true + +[Install] +WantedBy=multi-user.target diff --git a/roles/common/files/etc/systemd/system/stunnel4@.service b/roles/common/files/etc/systemd/system/stunnel4@.service new file mode 100644 index 0000000..e53d29e --- /dev/null +++ b/roles/common/files/etc/systemd/system/stunnel4@.service @@ -0,0 +1,23 @@ +[Unit] +Description=SSL tunnel for network daemons (instance %i) +After=network.target nss-lookup.target +PartOf=stunnel4.service +ReloadPropagatedFrom=stunnel4.service + +[Service] +ExecStart=/usr/bin/stunnel4 /etc/stunnel/%i.conf +ExecReload=/bin/kill -HUP ${MAINPID} +KillSignal=SIGINT +TimeoutStartSec=120 +TimeoutStopSec=60 +Restart=on-failure + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ + +[Install] +WantedBy=multi-user.target diff --git a/roles/common/files/lib/systemd/system/bacula-fd.service b/roles/common/files/lib/systemd/system/bacula-fd.service deleted file mode 100644 index ee5afe3..0000000 --- a/roles/common/files/lib/systemd/system/bacula-fd.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Bacula File Daemon service -After=network.target - -[Service] -Type=forking -PIDFile=/var/run/bacula/bacula-fd.9102.pid -StandardOutput=syslog -ExecStart=/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf - -# Hardening -NoNewPrivileges=yes -PrivateDevices=yes -ProtectHome=read-only -ProtectSystem=full -PrivateTmp=yes -ReadOnlyDirectories=/ -ReadWriteDirectories=-/var/lib -ReadWriteDirectories=-/var/run/bacula - -[Install] -WantedBy=multi-user.target diff --git a/roles/common/files/lib/systemd/system/stunnel4.service b/roles/common/files/lib/systemd/system/stunnel4.service deleted file mode 100644 index 990e07b..0000000 --- a/roles/common/files/lib/systemd/system/stunnel4.service +++ /dev/null @@ -1,14 +0,0 @@ -# This service is actually a systemd target, -# but we are using a service since targets cannot be reloaded. - -[Unit] -Description=SSL tunnel for network daemons (multi-instance-master) - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/true -ExecReload=/bin/true - -[Install] -WantedBy=multi-user.target diff --git a/roles/common/files/lib/systemd/system/stunnel4@.service b/roles/common/files/lib/systemd/system/stunnel4@.service deleted file mode 100644 index e53d29e..0000000 --- a/roles/common/files/lib/systemd/system/stunnel4@.service +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=SSL tunnel for network daemons (instance %i) -After=network.target nss-lookup.target -PartOf=stunnel4.service -ReloadPropagatedFrom=stunnel4.service - -[Service] -ExecStart=/usr/bin/stunnel4 /etc/stunnel/%i.conf -ExecReload=/bin/kill -HUP ${MAINPID} -KillSignal=SIGINT -TimeoutStartSec=120 -TimeoutStopSec=60 -Restart=on-failure - -# Hardening -NoNewPrivileges=yes -PrivateDevices=yes -ProtectHome=yes -ProtectSystem=full -ReadOnlyDirectories=/ - -[Install] -WantedBy=multi-user.target diff --git a/roles/common/tasks/bacula.yml b/roles/common/tasks/bacula.yml index 35666bd..73a2fa1 100644 --- a/roles/common/tasks/bacula.yml +++ b/roles/common/tasks/bacula.yml @@ -55,8 +55,8 @@ - genkey - name: Copy bacula-fd.service - copy: src=lib/systemd/system/bacula-fd.service - dest=/lib/systemd/system/bacula-fd.service + copy: src=etc/systemd/system/bacula-fd.service + dest=/etc/systemd/system/bacula-fd.service owner=root group=root mode=0644 notify: diff --git a/roles/common/tasks/stunnel.yml b/roles/common/tasks/stunnel.yml index 68469cd..7cb8823 100644 --- a/roles/common/tasks/stunnel.yml +++ b/roles/common/tasks/stunnel.yml @@ -9,8 +9,8 @@ mode=0644 - name: Copy stunnel4 service file - copy: src=lib/systemd/system/{{ item }} - dest=/lib/systemd/system/{{ item }} + copy: src=etc/systemd/system/{{ item }} + dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 notify: -- cgit v1.2.3