chore!: separated galaxy deps and own collections; modified ansible script generation to use two paths for collections
REQUIRES REGENERATING ansible.cfg!
This commit is contained in:
parent
4af69c31ce
commit
888590ed9f
188 changed files with 30 additions and 30 deletions
|
@ -0,0 +1,39 @@
|
|||
[Unit]
|
||||
Description="HashiCorp Vault"
|
||||
Requires=network-online.target
|
||||
After=network-online.target
|
||||
StartLimitIntervalSec=120
|
||||
StartLimitBurst=4
|
||||
ConditionCapability=CAP_IPC_LOCK
|
||||
ConditionCapability=CAP_SYSLOG
|
||||
ConditionFileNotEmpty={{ hc_vault_root_dir }}/config/main.hcl
|
||||
ConditionPathIsDirectory={{ hc_vault_root_dir }}/tls
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
[Service]
|
||||
AmbientCapabilities=CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=CAP_IPC_LOCK CAP_SYSLOG
|
||||
EnvironmentFile={{ hc_vault_root_dir }}/config/vault.env
|
||||
ExecStart={{ hc_vault_binary_path }} server -config={{ hc_vault_root_dir }}/config/main.hcl
|
||||
Group={{ hc_vault_runas }}
|
||||
KillMode=process
|
||||
KillSignal=SIGINT
|
||||
LimitCORE=0
|
||||
LimitMEMLOCK=infinity
|
||||
LimitNOFILE=65536
|
||||
LockPersonality=yes
|
||||
NoNewPrivileges=yes
|
||||
OOMScoreAdjust=-500
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=full
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
SecureBits=keep-caps
|
||||
TimeoutSec=30
|
||||
Type=notify-reload
|
||||
UMask=0077
|
||||
User={{ hc_vault_runas }}
|
Loading…
Add table
Add a link
Reference in a new issue