diff options
author | Christian Pointner <equinox@spreadspace.org> | 2024-01-28 02:11:05 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2024-01-28 02:11:05 +0100 |
commit | 24b4917d8186551bcf987b72d1c3588e4705096a (patch) | |
tree | 4cba19d0999095ac27edafc9f88513fdaa80ab16 /roles/whawty/auth/store/templates/systemd.service.j2 | |
parent | move ch-auth-legacy to _graveyard_ (diff) |
finalize whawty/auth roles for now
Diffstat (limited to 'roles/whawty/auth/store/templates/systemd.service.j2')
-rw-r--r-- | roles/whawty/auth/store/templates/systemd.service.j2 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/roles/whawty/auth/store/templates/systemd.service.j2 b/roles/whawty/auth/store/templates/systemd.service.j2 index 2fe45642..7e066901 100644 --- a/roles/whawty/auth/store/templates/systemd.service.j2 +++ b/roles/whawty/auth/store/templates/systemd.service.j2 @@ -1,9 +1,9 @@ [Unit] -Description=sync for whawty-auth store {{ whawty_auth_store.name }} +Description=sync for whawty-auth store {{ item.key }} [Service] Type=simple -ExecStart=/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/run.sh +ExecStart=/etc/whawty/auth/.store-{{ item.key }}-sync/run.sh # systemd hardening-options AmbientCapabilities=CAP_CHOWN CAP_FOWNER @@ -20,7 +20,7 @@ ProtectHome=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=strict -ReadWritePaths={{ whawty_auth_store.config.basedir }} +ReadWritePaths={{ item.value.config.basedir }} RemoveIPC=true RestrictNamespaces=true RestrictRealtime=true |