X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/09bf3029df3d69817a84fae6cbbddbac696376aa..2f9e2442103a3cba4280d3e73082dd1225fff60a:/cookbooks/systemd/templates/default/service.erb diff --git a/cookbooks/systemd/templates/default/service.erb b/cookbooks/systemd/templates/default/service.erb index 151b01790..1b63a8d24 100644 --- a/cookbooks/systemd/templates/default/service.erb +++ b/cookbooks/systemd/templates/default/service.erb @@ -1,16 +1,29 @@ # DO NOT EDIT - This file is being maintained by Chef [Unit] +<% if @description -%> Description=<%= @description %> +<% end -%> +<% if @condition_path_exists -%> +ConditionPathExists=<%= Array(@condition_path_exists).join(" ") %> +<% end -%> +<% if @condition_path_exists_glob -%> +ConditionPathExistsGlob=<%= Array(@condition_path_exists_glob).join(" ") %> +<% end -%> <% if @after -%> After=<%= Array(@after).join(" ") %> <% end -%> +<% if @conflicts -%> +Conflicts=<%= Array(@conflicts).join(" ") %> +<% end -%> <% if @wants -%> Wants=<%= Array(@wants).join(" ") %> <% end -%> [Service] +<% if @type -%> Type=<%= @type %> +<% end -%> <% if @limit_nofile -%> LimitNOFILE=<%= @limit_nofile %> <% end -%> @@ -45,16 +58,33 @@ Group=<%= @group %> WorkingDirectory=<%= @working_directory %> <% end -%> <% if @exec_start_pre -%> +<% if @dropin -%> +ExecStartPre= +<% end -%> ExecStartPre=<%= @exec_start_pre %> <% end -%> +<% if @exec_start -%> +<% if @dropin -%> +ExecStart= +<% end -%> ExecStart=<%= @exec_start %> +<% end -%> <% if @exec_start_post -%> +<% if @dropin -%> +ExecStartPost= +<% end -%> ExecStartPost=<%= @exec_start_post %> <% end -%> <% if @exec_stop -%> +<% if @dropin -%> +ExecStop= +<% end -%> ExecStop=<%= @exec_stop %> <% end -%> <% if @exec_reload -%> +<% if @dropin -%> +ExecReload= +<% end -%> ExecReload=<%= @exec_reload %> <% end -%> <% if @runtime_directory -%> @@ -63,6 +93,9 @@ RuntimeDirectory=<%= @runtime_directory %> <% if @runtime_directory_mode -%> RuntimeDirectoryMode=<%= sprintf("0%o", @runtime_directory_mode) %> <% end -%> +<% if @runtime_max_sec -%> +RuntimeMaxSec=<%= @runtime_max_sec %> +<% end -%> <% if @standard_input -%> StandardInput=<%= @standard_input %> <% end -%> @@ -72,6 +105,33 @@ StandardOutput=<%= @standard_output %> <% if @standard_error -%> StandardError=<%= @standard_error %> <% end -%> +<% if @protect_proc -%> +ProtectProc=<%= @protect_proc %> +<% end -%> +<% if @proc_subset -%> +ProcSubset=<%= @proc_subset %> +<% end -%> +<% if @no_new_privileges -%> +NoNewPrivileges=<%= @no_new_privileges %> +<% end -%> +<% if @capability_bounding_set -%> +CapabilityBoundingSet=<%= Array(@capability_bounding_set).sort.uniq.join(" ") %> +<% end -%> +<% if @protect_system -%> +ProtectSystem=<%= @protect_system %> +<% end -%> +<% if @protect_home -%> +ProtectHome=<%= @protect_home %> +<% end -%> +<% if @read_write_paths -%> +ReadWritePaths=<%= Array(@read_write_paths).sort.uniq.join(" ") %> +<% end -%> +<% if @read_only_paths -%> +ReadOnlyPaths=<%= Array(@read_only_paths).sort.uniq.join(" ") %> +<% end -%> +<% if @inaccessible_paths -%> +InaccessiblePaths=<%= Array(@inaccessible_paths).sort.uniq.join(" ") %> +<% end -%> <% if @private_tmp -%> PrivateTmp=<%= @private_tmp %> <% end -%> @@ -81,14 +141,59 @@ PrivateDevices=<%= @private_devices %> <% if @private_network -%> PrivateNetwork=<%= @private_network %> <% end -%> -<% if @protect_system -%> -ProtectSystem=<%= @protect_system %> +<% if @private_ipc -%> +PrivateIPC=<%= @private_ipc %> <% end -%> -<% if @protect_home -%> -ProtectHome=<%= @protect_home %> +<% if @private_users -%> +PrivateUsers=<%= @private_users %> <% end -%> -<% if @no_new_privileges -%> -NoNewPrivileges=<%= @no_new_privileges %> +<% if @protect_hostname -%> +ProtectHostname=<%= @protect_hostname %> +<% end -%> +<% if @protect_clock -%> +ProtectClock=<%= @protect_clock %> +<% end -%> +<% if @protect_kernel_tunables -%> +ProtectKernelTunables=<%= @protect_kernel_tunables %> +<% end -%> +<% if @protect_kernel_modules -%> +ProtectKernelModules=<%= @protect_kernel_modules %> +<% end -%> +<% if @protect_kernel_logs -%> +ProtectKernelLogs=<%= @protect_kernel_logs %> +<% end -%> +<% if @protect_control_groups -%> +ProtectControlGroups=<%= @protect_control_groups %> +<% end -%> +<% if @restrict_address_families -%> +RestrictAddressFamilies=<%= Array(@restrict_address_families).sort.uniq.join(" ") %> +<% end -%> +<% if @restrict_namespaces -%> +RestrictNamespaces=<%= Array(@restrict_namespaces).sort.uniq.join(" ") %> +<% end -%> +<% if @lock_personality -%> +LockPersonality=<%= @lock_personality %> +<% end -%> +<% if @memory_deny_write_execute -%> +MemoryDenyWriteExecute=<%= @memory_deny_write_execute %> +<% end -%> +<% if @restrict_realtime -%> +RestrictRealtime=<%= @restrict_realtime %> +<% end -%> +<% if @restrict_suid_sgid -%> +RestrictSUIDSGID=<%= @restrict_suid_sgid %> +<% end -%> +<% if @remove_ipc -%> +RemoveIPC=<%= @remove_ipc %> +<% end -%> +<% if @system_call_filter -%> +SystemCallFilter=<%= Array(@system_call_filter).join(" ") %> +<% end -%> +<% if @system_call_architectures -%> +SystemCallArchitectures=<%= Array(@system_call_architectures).sort.uniq.join(" ") %> +<% end -%> +<% if @tasks_max -%> +TasksMax=<%= @tasks_max %> <% end -%> <% if @success_exit_status -%> SuccessExitStatus=<%= Array(@success_exit_status).join(" ") %> @@ -96,12 +201,35 @@ SuccessExitStatus=<%= Array(@success_exit_status).join(" ") %> <% if @restart -%> Restart=<%= @restart %> <% end -%> +<% if @timeout_start_sec -%> +TimeoutStartSec=<%= @timeout_start_sec %> +<% end -%> +<% if @timeout_stop_sec -%> +TimeoutStopSec=<%= @timeout_stop_sec %> +<% end -%> +<% if @timeout_abort_sec -%> +TimeoutAbortSec=<%= @timeout_abort_sec %> +<% end -%> <% if @timeout_sec -%> TimeoutSec=<%= @timeout_sec %> <% end -%> <% if @pid_file -%> PIDFile=<%= @pid_file %> <% end -%> +<% if @nice -%> +Nice=<%= @nice %> +<% end -%> +<% if @io_scheduling_class -%> +IOSchedulingClass=<%= @io_scheduling_class %> +<% end -%> +<% if @io_scheduling_priority -%> +IOSchedulingPriority=<%= @io_scheduling_priority %> +<% end -%> +<% if @kill_mode -%> +KillMode=<%= @kill_mode %> +<% end -%> +<% unless @dropin -%> [Install] WantedBy=multi-user.target +<% end -%>