Initial commit with haproxy service
This commit is contained in:
Alex
commit
29497278df
GPG Key ID:
F92BA85F61F4C173
|
|
@ -0,0 +1,7 @@
|
||||||
|
- name: Run service actions
|
||||||
|
loop: "{{ systemd }}"
|
||||||
|
systemd:
|
||||||
|
name: '{{ item.name }}'
|
||||||
|
enabled: "{% if item.enabled %}yes{% else %}no{% endif %}"
|
||||||
|
state: "{{ item.action }}"
|
||||||
|
daemon_reload: "{% if item.daemon_reload %}yes{% else %}no{% endif %}"
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
- name: Create override directories
|
||||||
|
loop: "{{ systemd }}"
|
||||||
|
file:
|
||||||
|
follow: yes
|
||||||
|
path: "/etc/systemd/system/{{ item.name }}.service.d/"
|
||||||
|
state: directory
|
||||||
|
- name: Template service overrides
|
||||||
|
loop: "{{ systemd }}"
|
||||||
|
template:
|
||||||
|
follow: yes
|
||||||
|
src: "{{ item.name }}.service.j2"
|
||||||
|
dest: "/etc/systemd/system/{{ item.name }}.service.d/override.conf"
|
||||||
|
handlers: Run service actions
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
[Service]
|
||||||
|
User=nobody
|
||||||
|
Group=nogroup
|
||||||
|
|
||||||
|
Environment=
|
||||||
|
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/haproxy.pid"
|
||||||
|
|
||||||
|
ProtectHome=true
|
||||||
|
ProtectSystem=true
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
RuntimeDirectory=haproxy
|
||||||
|
|
||||||
|
NoNewPrivileges=true
|
||||||
|
RestrictSUIDSGID=yes
|
||||||
|
MemoryDenyWriteExecute=yes
|
||||||
|
SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
LockPersonality=yes
|
||||||
Reference in New Issue