mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 20:47:01 +01:00
32 lines
800 B
Desktop File
32 lines
800 B
Desktop File
# You should not need to edit this file. Instead, use a drop-in file as described in:
|
|
# /usr/lib/systemd/system/kanidmd.service.d/custom.conf
|
|
|
|
[Unit]
|
|
Description=Kanidm IPA Sync Service
|
|
After=time-sync.target network-online.target
|
|
Wants=time-sync.target network-online.target
|
|
|
|
[Service]
|
|
Type=exec
|
|
DynamicUser=yes
|
|
LoadCredential=config:/etc/kanidm/ipa-sync
|
|
Environment=KANIDM_IPA_SYNC_CONFIG=%d/config
|
|
ExecStart=/usr/sbin/kanidm-ipa-sync --schedule
|
|
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|