40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
|
[Unit]
|
||
|
|
Description=Cosmian KMS Server
|
||
|
|
Documentation=https://github.com/Cosmian/kms
|
||
|
|
After=network.target
|
||
|
|
{% if kms.database.typ == "mysql" %}
|
||
|
|
After=mysql.service
|
||
|
|
Wants=mysql.service
|
||
|
|
{% elif kms.database.typ == "postgresql" %}
|
||
|
|
After=postgresql.service
|
||
|
|
Wants=postgresql.service
|
||
|
|
{% elif kms.database.typ == "redis" %}
|
||
|
|
After=redis.service
|
||
|
|
Wants=redis.service
|
||
|
|
{% endif %}
|
||
|
|
|
||
|
|
[Service]
|
||
|
|
Type=simple
|
||
|
|
User={{ kms.run_user.name }}
|
||
|
|
Group={{ kms.run_user.group }}
|
||
|
|
Environment=COSMIAN_KMS_CONF={{ kms.config_path }}/{{ kms.config_file }}
|
||
|
|
Environment=RUST_LOG={{ kms.log_level }}{% if kms.fips_mode %},cosmian_kms_server=debug{% endif %}
|
||
|
|
|
||
|
|
WorkingDirectory={{ kms.work_path }}
|
||
|
|
ExecStart={{ kms.run_path }} --config-file {{ kms.config_path }}/{{ kms.config_file }}
|
||
|
|
Restart=always
|
||
|
|
RestartSec=10
|
||
|
|
|
||
|
|
# Security settings
|
||
|
|
NoNewPrivileges=true
|
||
|
|
PrivateTmp=true
|
||
|
|
ProtectSystem=strict
|
||
|
|
ProtectHome=true
|
||
|
|
ReadWritePaths={{ kms.work_path }} {{ kms.config_path }}{% if kms.database.typ == "sqlite" %} {{ kms.database.path | dirname }}{% endif %}
|
||
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||
|
|
|
||
|
|
# Resource limits
|
||
|
|
LimitNOFILE=65536
|
||
|
|
|
||
|
|
[Install]
|
||
|
|
WantedBy=multi-user.target
|