diff --git a/examples/systemd/kanidm-unixd-tasks.service b/examples/systemd/kanidm-unixd-tasks.service new file mode 100644 index 000000000..98e64a97d --- /dev/null +++ b/examples/systemd/kanidm-unixd-tasks.service @@ -0,0 +1,31 @@ +# You should not need to edit this file. Instead, use a drop-in file: +# systemctl edit kanidm-unixd-tasks.service + +[Unit] +Description=Kanidm Local Tasks +After=chronyd.service ntpd.service network-online.target kanidm-unixd.service + +[Service] +User=root +Type=simple +ExecStart=/usr/local/sbin/kanidm_unixd_tasks + +ReadWritePaths=/home /var/run/kanidm-unixd + +CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateNetwork=true +PrivateTmp=true +ProtectClock=true +ProtectControlGroups=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX + +[Install] +WantedBy=multi-user.target diff --git a/examples/systemd/kanidm-unixd.service b/examples/systemd/kanidm-unixd.service new file mode 100644 index 000000000..229d427ea --- /dev/null +++ b/examples/systemd/kanidm-unixd.service @@ -0,0 +1,18 @@ +# You should not need to edit this file. Instead, use a drop-in file by running: +# systemctl edit kanidm-unixd-tasks.service + +[Unit] +Description=Kanidm Local Client Resolver +After=chronyd.service ntpd.service network-online.target + +[Service] +DynamicUser=yes +Type=simple +ExecStart=/usr/local/sbin/kanidm_unixd + +CacheDirectory=kanidm-unixd +RuntimeDirectory=kanidm-unixd +UMask=0027 + +[Install] +WantedBy=multi-user.target diff --git a/examples/systemd/kanidmd.service b/examples/systemd/kanidmd.service new file mode 100644 index 000000000..f65b2890b --- /dev/null +++ b/examples/systemd/kanidmd.service @@ -0,0 +1,20 @@ +# You should not need to edit this file. Instead, use a drop-in file by running: +# systemctl edit kanidm-unixd-tasks.service + +[Unit] +Description=Kanidm, the IDM for rustaceans +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple + +ExecStart=/usr/local/sbin/kanidmd server --config=/etc/kanidm/server.toml +Restart=on-failure +RestartSec=15s +WorkingDirectory=/var/lib/kanidm +DynamicUser=yes +StateDirectory=kanidm + +[Install] +WantedBy=multi-user.target diff --git a/platform/debian/kanidm-unixd/rules b/platform/debian/kanidm-unixd/rules index 2a0f753ec..22bd97758 100755 --- a/platform/debian/kanidm-unixd/rules +++ b/platform/debian/kanidm-unixd/rules @@ -12,7 +12,7 @@ BINDIR=${PKGDIR}/usr/sbin/ SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE} %: - dh $@ + dh $@ --with systemd override_dh_auto_clean: @@ -25,6 +25,25 @@ override_dh_auto_test: override_dh_shlibdeps: override_dh_strip: +# Do the systemd things +override_dh_installinit: + install -g root -o root \ + examples/systemd/${PACKAGE}.service \ + debian/ + dh_systemd_enable -p${PACKAGE} --name=${PACKAGE} ${PACKAGE}.service + dh_installinit -p${PACKAGE} --no-start --noscripts + dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade + + install -g root -o root \ + examples/systemd/${PACKAGE}-tasks.service \ + debian/ + dh_systemd_enable -p${PACKAGE} --name=${PACKAGE}-tasks ${PACKAGE}-tasks.service + dh_installinit -p${PACKAGE} --no-start --noscripts + dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade + +override_dh_systemd_start: + echo "Not running dh_systemd_start" + override_dh_auto_install: mkdir -p ${BINDIR} install \ diff --git a/platform/debian/kanidmd/rules b/platform/debian/kanidmd/rules index 3d9895b5b..d16eabf49 100755 --- a/platform/debian/kanidmd/rules +++ b/platform/debian/kanidmd/rules @@ -14,7 +14,7 @@ BINDIR=${PKGDIR}/usr/sbin/ SHARED_DIR=${PKGDIR}/usr/share/${PACKAGE} %: - dh $@ + dh $@ --with systemd override_dh_auto_clean: # cargo clean @@ -31,6 +31,19 @@ override_dh_auto_test: override_dh_shlibdeps: override_dh_strip: + +# Do the systemd things +override_dh_installinit: + install -g root -o root \ + examples/systemd/${PACKAGE}.service \ + debian/ + dh_systemd_enable -p${PACKAGE} --name=${PACKAGE} ${PACKAGE}.service + dh_installinit -p${PACKAGE} --no-start --noscripts + dh_systemd_start -p${PACKAGE} --no-restart-on-upgrade + +override_dh_systemd_start: + echo "Not running dh_systemd_start" + override_dh_auto_install: mkdir -p ${BINDIR} install \