ansible-galaxy
/
galaxy-caddy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update service file with some security features

This commit is contained in:
Wilfried OLLIVIER 2020-03-20 14:32:45 +01:00
parent dc8d6f48ba
commit aa0fbef9ab
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
templates/caddy.service.j2
View File

@ -4,14 +4,22 @@ Documentation=https://caddyserver.com/docs
After=network.target
[Service]
# Service config and instructions
WorkingDirectory={{ caddy_home }}
User=caddy
LimitNOFILE=8192
PIDFile={{ caddy_home }}/caddy.pid
ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -pidfile={{ caddy_home }}/caddy.pid
ExecStart=/usr/bin/caddy -agree=true -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile
ExecReload=/bin/kill -USR1 $MAINPID
Restart=on-failure
StartLimitInterval=600
TimeoutStopSec=5s
KillSignal=SIGQUIT
# Service security
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
ReadWritePaths={{ caddy_home }}
ReadWriteDirectories={{ caddy_home }}
[Install]
WantedBy=multi-user.target