From e136d3edbdb6749d4559939dc9fcbc11d166e34c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 31 May 2017 17:39:57 +0200 Subject: =?UTF-8?q?/lib/systemd/system=20=E2=86=92=20/etc/systemd/system?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../etc/systemd/system/munin-cgi-graph.service | 23 ++++++++++++++++++++++ .../etc/systemd/system/munin-cgi-graph.socket | 11 +++++++++++ .../etc/systemd/system/munin-cgi-html.service | 22 +++++++++++++++++++++ .../files/etc/systemd/system/munin-cgi-html.socket | 11 +++++++++++ 4 files changed, 67 insertions(+) create mode 100644 roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service create mode 100644 roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket create mode 100644 roles/munin-master/files/etc/systemd/system/munin-cgi-html.service create mode 100644 roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket (limited to 'roles/munin-master/files/etc/systemd') diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service new file mode 100644 index 0000000..60ab444 --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service @@ -0,0 +1,23 @@ +[Unit] +Description=Munin CGI Graph Service +After=network.target +PartOf=munin.service +Requires=munin-cgi-graph.socket + +[Service] +StandardInput=socket +User=www-data +Group=munin +ExecStart=/usr/lib/munin/cgi/munin-cgi-graph + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/log/munin +ReadWriteDirectories=-/var/lib/munin/cgi-tmp/munin-cgi-graph + +[Install] +WantedBy=multi-user.target diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket new file mode 100644 index 0000000..d4d2e27 --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Munin CGI Graph Listen Socket + +[Socket] +SocketUser=www-data +SocketGroup=www-data +SocketMode=0600 +ListenStream=/run/munin/cgi-graph.socket + +[Install] +WantedBy=sockets.target diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service new file mode 100644 index 0000000..119d3a2 --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service @@ -0,0 +1,22 @@ +[Unit] +Description=Munin CGI HTML Service +After=network.target +PartOf=munin.service +Requires=munin-cgi-html.socket + +[Service] +StandardInput=socket +User=www-data +Group=munin +ExecStart=/usr/lib/munin/cgi/munin-cgi-html + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/log/munin + +[Install] +WantedBy=multi-user.target diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket new file mode 100644 index 0000000..77be2cf --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Munin CGI HTML Listen Socket + +[Socket] +SocketUser=www-data +SocketGroup=www-data +SocketMode=0600 +ListenStream=/run/munin/cgi-html.socket + +[Install] +WantedBy=sockets.target -- cgit v1.2.3