Date: Wednesday, October 12, 2022 @ 00:26:09 Author: grawlinson Revision: 1327744
chore: vaultwarden; add renamed systemd files Added: vaultwarden/trunk/systemd.service vaultwarden/trunk/sysusers.conf vaultwarden/trunk/tmpfiles.conf Deleted: vaultwarden/trunk/vaultwarden.service vaultwarden/trunk/vaultwarden.sysusers.conf vaultwarden/trunk/vaultwarden.tmpfiles ---------------------------+ systemd.service | 54 ++++++++++++++++++++++++++++++++++++++++++++ sysusers.conf | 1 tmpfiles.conf | 3 ++ vaultwarden.service | 54 -------------------------------------------- vaultwarden.sysusers.conf | 1 vaultwarden.tmpfiles | 3 -- 6 files changed, 58 insertions(+), 58 deletions(-) Added: systemd.service =================================================================== --- systemd.service (rev 0) +++ systemd.service 2022-10-12 00:26:09 UTC (rev 1327744) @@ -0,0 +1,54 @@ +[Unit] +Description=Vaultwarden Server +Documentation=https://github.com/dani-garcia/vaultwarden +After=network.target + +[Service] +ExecStart=/usr/bin/vaultwarden +WorkingDirectory=/var/lib/vaultwarden +User=vaultwarden +Group=vaultwarden + +# Allow vaultwarden to bind ports in the range of 0-1024 and restrict it to +# that capability +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +# If vaultwarden is run at ports >1024, you should apply these options via a +# drop-in file +#CapabilityBoundingSet= +#AmbientCapabilities= +#PrivateUsers=yes + +NoNewPrivileges=yes + +LimitNOFILE=1048576 +UMask=0077 + +ProtectSystem=strict +ProtectHome=yes +ReadWritePaths=/var/lib/vaultwarden /var/log/vaultwarden.log +PrivateTmp=yes +PrivateDevices=yes +ProtectHostname=yes +ProtectClock=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RemoveIPC=yes + +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native + +EnvironmentFile=/etc/vaultwarden.env + +[Install] +WantedBy=multi-user.target Added: sysusers.conf =================================================================== --- sysusers.conf (rev 0) +++ sysusers.conf 2022-10-12 00:26:09 UTC (rev 1327744) @@ -0,0 +1 @@ +u vaultwarden - "vaultwarden user" Added: tmpfiles.conf =================================================================== --- tmpfiles.conf (rev 0) +++ tmpfiles.conf 2022-10-12 00:26:09 UTC (rev 1327744) @@ -0,0 +1,3 @@ +d /var/lib/vaultwarden 0750 vaultwarden vaultwarden +h /var/lib/vaultwarden - - - - +C +f /var/log/vaultwarden.log 0640 vaultwarden vaultwarden Deleted: vaultwarden.service =================================================================== --- vaultwarden.service 2022-10-12 00:25:11 UTC (rev 1327743) +++ vaultwarden.service 2022-10-12 00:26:09 UTC (rev 1327744) @@ -1,54 +0,0 @@ -[Unit] -Description=Vaultwarden Server -Documentation=https://github.com/dani-garcia/vaultwarden -After=network.target - -[Service] -ExecStart=/usr/bin/vaultwarden -WorkingDirectory=/var/lib/vaultwarden -User=vaultwarden -Group=vaultwarden - -# Allow vaultwarden to bind ports in the range of 0-1024 and restrict it to -# that capability -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE - -# If vaultwarden is run at ports >1024, you should apply these options via a -# drop-in file -#CapabilityBoundingSet= -#AmbientCapabilities= -#PrivateUsers=yes - -NoNewPrivileges=yes - -LimitNOFILE=1048576 -UMask=0077 - -ProtectSystem=strict -ProtectHome=yes -ReadWritePaths=/var/lib/vaultwarden /var/log/vaultwarden.log -PrivateTmp=yes -PrivateDevices=yes -ProtectHostname=yes -ProtectClock=yes -ProtectKernelTunables=yes -ProtectKernelModules=yes -ProtectKernelLogs=yes -ProtectControlGroups=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -LockPersonality=yes -MemoryDenyWriteExecute=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes -RemoveIPC=yes - -SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources -SystemCallArchitectures=native - -EnvironmentFile=/etc/vaultwarden.env - -[Install] -WantedBy=multi-user.target Deleted: vaultwarden.sysusers.conf =================================================================== --- vaultwarden.sysusers.conf 2022-10-12 00:25:11 UTC (rev 1327743) +++ vaultwarden.sysusers.conf 2022-10-12 00:26:09 UTC (rev 1327744) @@ -1 +0,0 @@ -u vaultwarden - "vaultwarden user" Deleted: vaultwarden.tmpfiles =================================================================== --- vaultwarden.tmpfiles 2022-10-12 00:25:11 UTC (rev 1327743) +++ vaultwarden.tmpfiles 2022-10-12 00:26:09 UTC (rev 1327744) @@ -1,3 +0,0 @@ -d /var/lib/vaultwarden 0750 vaultwarden vaultwarden -h /var/lib/vaultwarden - - - - +C -f /var/log/vaultwarden.log 0640 vaultwarden vaultwarden
