X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/8fa2b7a61816cbdfc611f3db9373ec30b21f2915..9584cda7a747710c42f2d4b2bd876c4014f1ad6f:/cookbooks/systemd/templates/default/service.erb diff --git a/cookbooks/systemd/templates/default/service.erb b/cookbooks/systemd/templates/default/service.erb index eff7b8308..197d8bddf 100644 --- a/cookbooks/systemd/templates/default/service.erb +++ b/cookbooks/systemd/templates/default/service.erb @@ -19,11 +19,20 @@ Conflicts=<%= Array(@conflicts).join(" ") %> <% if @wants -%> Wants=<%= Array(@wants).join(" ") %> <% end -%> +<% if @requires -%> +Requires=<%= Array(@requires).join(" ") %> +<% end -%> +<% if @joins_namespace_of -%> +JoinsNamespaceOf=<%= Array(@joins_namespace_of).join(" ") %> +<% end -%> [Service] <% if @type -%> Type=<%= @type %> <% end -%> +<% if @notify_access -%> +NotifyAccess=<%= @notify_access %> +<% end -%> <% if @limit_nofile -%> LimitNOFILE=<%= @limit_nofile %> <% end -%> @@ -54,32 +63,54 @@ User=<%= @user %> <% if @group -%> Group=<%= @group %> <% end -%> +<% if @dynamic_user -%> +DynamicUser=<%= @dynamic_user %> +<% end -%> <% if @working_directory -%> WorkingDirectory=<%= @working_directory %> <% end -%> +<% if @umask -%> +UMask=<%= @umask %> +<% end -%> <% if @exec_start_pre -%> <% if @dropin -%> ExecStartPre= <% end -%> -ExecStartPre=<%= @exec_start_pre %> +<% Array(@exec_start_pre).each do |exec_start_pre| -%> +ExecStartPre=<%= exec_start_pre %> +<% end -%> <% end -%> <% if @exec_start -%> <% if @dropin -%> ExecStart= <% end -%> -ExecStart=<%= @exec_start %> +<% Array(@exec_start).each do |exec_start| -%> +ExecStart=<%= exec_start %> +<% end -%> <% end -%> <% if @exec_start_post -%> <% if @dropin -%> ExecStartPost= <% end -%> -ExecStartPost=<%= @exec_start_post %> +<% Array(@exec_start_post).each do |exec_start_post| -%> +ExecStartPost=<%= exec_start_post %> +<% end -%> <% end -%> <% if @exec_stop -%> <% if @dropin -%> ExecStop= <% end -%> -ExecStop=<%= @exec_stop %> +<% Array(@exec_stop).each do |exec_stop| -%> +ExecStop=<%= exec_stop %> +<% end -%> +<% end -%> +<% if @exec_stop_post -%> +<% if @dropin -%> +ExecStopPost= +<% end -%> +<% Array(@exec_stop_post).each do |exec_stop_post| -%> +ExecStopPost=<%= exec_stop_post %> +<% end -%> <% end -%> <% if @exec_reload -%> <% if @dropin -%> @@ -87,12 +118,42 @@ ExecReload= <% end -%> ExecReload=<%= @exec_reload %> <% end -%> +<% if @runtime_max_sec -%> +RuntimeMaxSec=<%= @runtime_max_sec %> +<% end -%> <% if @runtime_directory -%> RuntimeDirectory=<%= @runtime_directory %> <% end -%> <% if @runtime_directory_mode -%> RuntimeDirectoryMode=<%= sprintf("0%o", @runtime_directory_mode) %> <% end -%> +<% if @runtime_directory_preserve -%> +RuntimeDirectoryPreserve=<%= @runtime_directory_preserve %> +<% end -%> +<% if @state_directory -%> +StateDirectory=<%= @state_directory %> +<% end -%> +<% if @state_directory_mode -%> +StateDirectoryMode=<%= sprintf("0%o", @state_directory_mode) %> +<% end -%> +<% if @cache_directory -%> +CacheDirectory=<%= @cache_directory %> +<% end -%> +<% if @cache_directory_mode -%> +CacheDirectoryMode=<%= sprintf("0%o", @cache_directory_mode) %> +<% end -%> +<% if @logs_directory -%> +LogsDirectory=<%= @logs_directory %> +<% end -%> +<% if @logs_directory_mode -%> +LogsDirectoryMode=<%= sprintf("0%o", @logs_directory_mode) %> +<% end -%> +<% if @configuration_directory -%> +ConfigurationDirectory=<%= @configuration_directory %> +<% end -%> +<% if @configuration_directory_mode -%> +ConfigurationDirectoryMode=<%= sprintf("0%o", @configuration_directory_mode) %> +<% end -%> <% if @standard_input -%> StandardInput=<%= @standard_input %> <% end -%> @@ -102,14 +163,26 @@ StandardOutput=<%= @standard_output %> <% if @standard_error -%> StandardError=<%= @standard_error %> <% end -%> -<% if @private_tmp -%> -PrivateTmp=<%= @private_tmp %> +<% if @protect_proc && node[:lsb][:release].to_f >= 22.04 -%> +ProtectProc=<%= @protect_proc %> <% end -%> -<% if @private_devices -%> -PrivateDevices=<%= @private_devices %> +<% if @proc_subset && node[:lsb][:release].to_f >= 22.04 -%> +ProcSubset=<%= @proc_subset %> <% end -%> -<% if @private_network -%> -PrivateNetwork=<%= @private_network %> +<% if @bind_paths -%> +BindPaths=<%= Array(@bind_paths).sort.uniq.join(" ") %> +<% end -%> +<% if @bind_read_only_paths -%> +BindReadOnlyPaths=<%= Array(@bind_read_only_paths).sort.uniq.join(" ") %> +<% end -%> +<% if @no_new_privileges -%> +NoNewPrivileges=<%= @no_new_privileges %> +<% end -%> +<% if @capability_bounding_set -%> +CapabilityBoundingSet=<%= Array(@capability_bounding_set).sort.uniq.join(" ") %> +<% end -%> +<% if @ambient_capabilities -%> +AmbientCapabilities=<%= Array(@ambient_capabilities).sort.uniq.join(" ") %> <% end -%> <% if @protect_system -%> ProtectSystem=<%= @protect_system %> @@ -118,19 +191,73 @@ ProtectSystem=<%= @protect_system %> ProtectHome=<%= @protect_home %> <% end -%> <% if @read_write_paths -%> -ReadWritePaths=<%= Array(@read_write_paths).join(" ") %> +ReadWritePaths=<%= Array(@read_write_paths).sort.uniq.join(" ") %> <% end -%> <% if @read_only_paths -%> -ReadOnlyPaths=<%= Array(@read_only_paths).join(" ") %> +ReadOnlyPaths=<%= Array(@read_only_paths).sort.uniq.join(" ") %> <% end -%> <% if @inaccessible_paths -%> -InaccessiblePaths=<%= Array(@inaccessible_paths).join(" ") %> +InaccessiblePaths=<%= Array(@inaccessible_paths).sort.uniq.join(" ") %> +<% end -%> +<% if @private_tmp -%> +PrivateTmp=<%= @private_tmp %> +<% end -%> +<% if @private_devices -%> +PrivateDevices=<%= @private_devices %> +<% end -%> +<% if @private_network -%> +PrivateNetwork=<%= @private_network %> +<% end -%> +<% if @private_ipc && node[:lsb][:release].to_f >= 22.04 -%> +PrivateIPC=<%= @private_ipc %> +<% end -%> +<% if @private_users -%> +PrivateUsers=<%= @private_users %> +<% end -%> +<% if @protect_hostname -%> +ProtectHostname=<%= @protect_hostname %> +<% end -%> +<% if @protect_clock -%> +ProtectClock=<%= @protect_clock %> +<% end -%> +<% if @protect_kernel_tunables -%> +ProtectKernelTunables=<%= @protect_kernel_tunables %> +<% end -%> +<% if @protect_kernel_modules -%> +ProtectKernelModules=<%= @protect_kernel_modules %> +<% end -%> +<% if @protect_kernel_logs -%> +ProtectKernelLogs=<%= @protect_kernel_logs %> +<% end -%> +<% if @protect_control_groups -%> +ProtectControlGroups=<%= @protect_control_groups %> <% end -%> <% if @restrict_address_families -%> -RestrictAddressFamilies=<%= Array(@restrict_address_families).join(" ") %> +RestrictAddressFamilies=<%= Array(@restrict_address_families).sort.uniq.join(" ") %> <% end -%> -<% if @no_new_privileges -%> -NoNewPrivileges=<%= @no_new_privileges %> +<% if @restrict_namespaces -%> +RestrictNamespaces=<%= Array(@restrict_namespaces).sort.uniq.join(" ") %> +<% end -%> +<% if @lock_personality -%> +LockPersonality=<%= @lock_personality %> +<% end -%> +<% if @memory_deny_write_execute -%> +MemoryDenyWriteExecute=<%= @memory_deny_write_execute %> +<% end -%> +<% if @restrict_realtime -%> +RestrictRealtime=<%= @restrict_realtime %> +<% end -%> +<% if @restrict_suid_sgid -%> +RestrictSUIDSGID=<%= @restrict_suid_sgid %> +<% end -%> +<% if @remove_ipc -%> +RemoveIPC=<%= @remove_ipc %> +<% end -%> +<% if @system_call_filter -%> +SystemCallFilter=<%= Array(@system_call_filter).join(" ") %> +<% end -%> +<% if @system_call_architectures -%> +SystemCallArchitectures=<%= Array(@system_call_architectures).sort.uniq.join(" ") %> <% end -%> <% if @tasks_max -%> TasksMax=<%= @tasks_max %> @@ -141,6 +268,18 @@ SuccessExitStatus=<%= Array(@success_exit_status).join(" ") %> <% if @restart -%> Restart=<%= @restart %> <% end -%> +<% if @restart_sec -%> +RestartSec=<%= @restart_sec %> +<% end -%> +<% if @timeout_start_sec -%> +TimeoutStartSec=<%= @timeout_start_sec %> +<% end -%> +<% if @timeout_stop_sec -%> +TimeoutStopSec=<%= @timeout_stop_sec %> +<% end -%> +<% if @timeout_abort_sec -%> +TimeoutAbortSec=<%= @timeout_abort_sec %> +<% end -%> <% if @timeout_sec -%> TimeoutSec=<%= @timeout_sec %> <% end -%>