2022-08-31 13:00:17 +02:00
|
|
|
[Unit]
|
|
|
|
|
Description="HashiCorp Vault - A tool for managing secrets"
|
|
|
|
|
Documentation=https://www.vaultproject.io/docs/
|
|
|
|
|
Requires=network-online.target
|
|
|
|
|
After=network-online.target
|
|
|
|
|
ConditionFileNotEmpty={{ vault_root_dir }}/etc/vault.hcl
|
|
|
|
|
StartLimitIntervalSec=60
|
|
|
|
|
StartLimitBurst=3
|
|
|
|
|
|
2023-07-03 00:00:20 +02:00
|
|
|
# Vault version {{ vault_current_version }}
|
2022-08-31 13:00:17 +02:00
|
|
|
[Service]
|
|
|
|
|
Type=notify
|
|
|
|
|
User={{ vault_user }}
|
|
|
|
|
Group={{ vault_user }}
|
|
|
|
|
ProtectSystem=full
|
|
|
|
|
ProtectHome=read-only
|
|
|
|
|
PrivateTmp=yes
|
|
|
|
|
PrivateDevices=yes
|
|
|
|
|
SecureBits=keep-caps
|
|
|
|
|
AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
|
|
|
|
|
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
|
|
|
|
|
NoNewPrivileges=yes
|
2023-07-03 00:00:20 +02:00
|
|
|
ExecStart=/usr/local/bin/vault server -config={{ vault_root_dir }}/etc/
|
2022-08-31 13:00:17 +02:00
|
|
|
ExecReload=/bin/kill --signal HUP $MAINPID
|
2024-04-17 12:01:07 +02:00
|
|
|
{%- if vault_unseal_keys | length > 0 +%}
|
|
|
|
|
ExecStartPost=!{{ vault_root_dir }}/bin/unseal }}
|
|
|
|
|
{%- endif +%}
|
2022-08-31 13:00:17 +02:00
|
|
|
KillMode=process
|
|
|
|
|
KillSignal=SIGINT
|
|
|
|
|
Restart=on-failure
|
|
|
|
|
RestartSec=5
|
2022-09-08 18:00:11 +02:00
|
|
|
StartLimitInterval=0
|
2022-08-31 13:00:17 +02:00
|
|
|
TimeoutStopSec=30
|
|
|
|
|
LimitNOFILE=65536
|
|
|
|
|
LimitMEMLOCK=infinity
|
2024-04-11 17:01:01 +02:00
|
|
|
OOMScoreAdjust=-500
|
2022-08-31 13:00:17 +02:00
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
|
|
