mirror of
https://github.com/kanidm/kanidm.git
synced 2025-04-26 04:05:38 +02:00
1e91f244a2
* packaging: Use cargo-deb multiarch support This allows building all platforms from one definition, assuming the --multiarch=foreign flag is used. * packaging: Use correct path naming for unixd service files While cargo-deb works around the mistake, better to name them as per the rules: https://github.com/kornelski/cargo-deb/blob/main/systemd.md#systemd-unit-file-naming * docs: Update book chapter on Debian packaging * packaging: Shift Debian builds to a separate build profile * packaging: Add deb for kanidmd
39 lines
871 B
Desktop File
39 lines
871 B
Desktop File
# You should not need to edit this file. Instead, use a drop-in file by running:
|
|
# systemctl edit kanidmd.service
|
|
|
|
[Unit]
|
|
Description=Kanidm Identity Server
|
|
After=time-sync.target network-online.target
|
|
Wants=time-sync.target network-online.target
|
|
Before=radiusd.service
|
|
|
|
[Service]
|
|
Type=notify
|
|
DynamicUser=yes
|
|
User=kanidmd_dyn
|
|
Group=kanidmd
|
|
StateDirectory=kanidmd
|
|
StateDirectoryMode=0750
|
|
CacheDirectory=kanidmd
|
|
CacheDirectoryMode=0750
|
|
RuntimeDirectory=kanidmd
|
|
RuntimeDirectoryMode=0755
|
|
ExecStart=/usr/bin/kanidmd server
|
|
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
MemoryDenyWriteExecute=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|