add systemd service example files

2 years ago · 6dd1f41212
parent 7c36193a14
commit 6dd1f41212
2 changed files with 29 additions and 0 deletions
--- a/etc/systemd-vaultd.service
+++ b/etc/systemd-vaultd.service
@ -0,0 +1,21 @@
+[Unit]
+Description=systemd-vault daemon
+Requires=systemd-vaultd.socket
+
+[Service]
+ExecStart=/usr/bin/systemd-vaultd
+Restart=yes
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateUsers=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+RestrictAddressFamilies=AF_UNIX
+MemoryDenyWriteExecute=yes
+SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io
+
+[Install]
+Also=systemd-vaultd.socket
--- a/etc/systemd-vaultd.socket
+++ b/etc/systemd-vaultd.socket
@ -0,0 +1,8 @@
+[Unit]
+Description=systemd-vault activation socket
+
+[Socket]
+ListenStream=/run/systemd-vaultd/sock
+
+[Install]
+WantedBy=sockets.target