ansible-roles/roles/vault_agent/templates/vault-agent.service.j2

[Unit]
Description="HashiCorp Vault Agent"
Documentation=https://www.vaultproject.io/docs/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty={{ vault_agent_root_dir }}/etc/vault-agent.hcl
StartLimitIntervalSec=60
StartLimitBurst=6
Before=consul.service
Before=nomad.service
{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %}
PartOf=nomad.service
{% endif %}
{% if vault_agent_consul.consul_pki.enabled %}
PartOf=consul.service
{% endif %}

[Service]
Type=notify
User=root
Group=root
SyslogIdentifier=vault-agent
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE
NoNewPrivileges=yes
ExecStart=/usr/local/bin/vault agent -config={{ vault_agent_root_dir }}/etc/
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
LimitNOFILE=65536
LimitMEMLOCK=infinity

[Install]
WantedBy=multi-user.target
{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %}
RequiredBy=nomad.service
{% endif %}
{% if vault_agent_consul.consul_pki.enabled %}
RequiredBy=consul.service
{% endif %}
Update to 2023-07-08 16:00 2023-07-08 16:00:11 +02:00			`[Unit]`
			`Description="HashiCorp Vault Agent"`
			`Documentation=https://www.vaultproject.io/docs/`
			`Requires=network-online.target`
			`After=network-online.target`
			`ConditionFileNotEmpty={{ vault_agent_root_dir }}/etc/vault-agent.hcl`
			`StartLimitIntervalSec=60`
			`StartLimitBurst=6`
			`Before=consul.service`
			`Before=nomad.service`
			`{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %}`
			`PartOf=nomad.service`
			`{% endif %}`
			`{% if vault_agent_consul.consul_pki.enabled %}`
			`PartOf=consul.service`
			`{% endif %}`

			`[Service]`
			`Type=notify`
			`User=root`
			`Group=root`
			`SyslogIdentifier=vault-agent`
			`ProtectSystem=full`
			`ProtectHome=read-only`
			`PrivateTmp=yes`
			`PrivateDevices=yes`
			`SecureBits=keep-caps`
			`AmbientCapabilities=CAP_IPC_LOCK`
			`CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE`
			`NoNewPrivileges=yes`
			`ExecStart=/usr/local/bin/vault agent -config={{ vault_agent_root_dir }}/etc/`
			`ExecReload=/bin/kill --signal HUP $MAINPID`
			`KillMode=process`
			`KillSignal=SIGINT`
			`Restart=on-failure`
			`RestartSec=5`
			`TimeoutStopSec=30`
			`LimitNOFILE=65536`
			`LimitMEMLOCK=infinity`

			`[Install]`
			`WantedBy=multi-user.target`
			`{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %}`
			`RequiredBy=nomad.service`
			`{% endif %}`
			`{% if vault_agent_consul.consul_pki.enabled %}`
			`RequiredBy=consul.service`
			`{% endif %}`