kanidm/platform/opensuse/kanidmd.service

37 lines
895 B
SYSTEMD
Raw Normal View History

2021-06-15 23:59:41 +02:00
# You should not need to edit this file. Instead, use a drop-in file as described in:
# /usr/lib/systemd/system/kanidmd.service.d/custom.conf
[Unit]
Description=Kanidm Identity Server
After=time-sync.target network-online.target
Wants=time-sync.target network-online.target
2021-06-15 23:59:41 +02:00
Before=radiusd.service
[Service]
Type=notify
2021-06-15 23:59:41 +02:00
DynamicUser=yes
StateDirectory=kanidm
StateDirectoryMode=0750
CacheDirectory=kanidmd
CacheDirectoryMode=0750
RuntimeDirectory=kanidmd
RuntimeDirectoryMode=0755
2021-06-15 23:59:41 +02:00
ExecStart=/usr/sbin/kanidmd server -c /etc/kanidm/server.toml
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
2021-06-15 23:59:41 +02:00
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target