diff options
author | Christian Pointner <equinox@spreadspace.org> | 2019-02-24 21:16:18 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2019-02-24 21:16:18 +0100 |
commit | fbea0c32817aa91aeedd07705931ca36fb911c52 (patch) | |
tree | 17cba6af4a156336b796157b9483861ae331f8fb /roles/elevate/dolmetsch-raspi/templates | |
parent | added helene to k8s-emc and ip addresses for liquid truth (diff) |
added sytemd units for forlmetschctl(d)
Diffstat (limited to 'roles/elevate/dolmetsch-raspi/templates')
-rw-r--r-- | roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2 | 18 | ||||
-rw-r--r-- | roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2 | 17 |
2 files changed, 35 insertions, 0 deletions
diff --git a/roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2 b/roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2 new file mode 100644 index 00000000..53ce6734 --- /dev/null +++ b/roles/elevate/dolmetsch-raspi/templates/dolmetschctl.service.j2 @@ -0,0 +1,18 @@ +[Unit] +Description=dolmetschctl Client + +[Service] +{# TODO: remove hardcoded IP #} +ExecStart=/opt/dolmetschctl/bin/dolmetschctl 192.168.48.102:8234 +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=strict +ProtectHome=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_INET AF_INET6 + +[Install] +WantedBy=multi-user.target diff --git a/roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2 b/roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2 new file mode 100644 index 00000000..d26d1313 --- /dev/null +++ b/roles/elevate/dolmetsch-raspi/templates/dolmetschctld.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=dolmetschctl Server + +[Service] +ExecStart=/opt/dolmetschctl/bin/dolmetschctld +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=strict +ProtectHome=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_INET AF_INET6 + +[Install] +WantedBy=multi-user.target |