WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/collections/ansible_collections/nullified/infrastructure/roles/vault/templates/vault-unit.service.j2
NaeiKinDus ddf406fd37
feat(vault): add a HashiCorp Vault role
2024-06-26 00:00:00 +00:00

39 lines
962 B
Django/Jinja
Raw Blame History

[Unit]
Description="HashiCorp Vault"
Requires=network-online.target
After=network-online.target
StartLimitIntervalSec=120
StartLimitBurst=4
ConditionCapability=CAP_IPC_LOCK
ConditionCapability=CAP_SYSLOG
ConditionFileNotEmpty={{ hc_vault_root_dir }}/config/main.hcl
ConditionPathIsDirectory={{ hc_vault_root_dir }}/tls
[Install]
WantedBy=multi-user.target
[Service]
AmbientCapabilities=CAP_IPC_LOCK
CapabilityBoundingSet=CAP_IPC_LOCK CAP_SYSLOG
EnvironmentFile={{ hc_vault_root_dir }}/config/vault.env
ExecStart={{ hc_vault_binary_path }} server -config={{ hc_vault_root_dir }}/config/main.hcl
Group={{ hc_vault_runas }}
KillMode=process
KillSignal=SIGINT
LimitCORE=0
LimitMEMLOCK=infinity
LimitNOFILE=65536
LockPersonality=yes
NoNewPrivileges=yes
OOMScoreAdjust=-500
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
Restart=on-failure
RestartSec=5
SecureBits=keep-caps
TimeoutSec=30
Type=notify-reload
UMask=0077
User={{ hc_vault_runas }}
Reference in a new issue View git blame Copy permalink