mirror of
https://github.com/roles-ansible/ansible_role_acmetool.git
synced 2024-08-16 12:29:49 +02:00
21 lines
553 B
Django/Jinja
21 lines
553 B
Django/Jinja
[Unit]
|
|
Description=Reconcile Let's Encrypt certificates
|
|
Documentation=man:acmetool(8)
|
|
After=nss-lookup.target
|
|
After={{ acme_systemd_start_after }}
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/bin/acmetool --batch reconcile
|
|
TimeoutStartSec=5min
|
|
CapabilityBoundingSet=CAP_CHOWN CAP_NET_BIND_SERVICE
|
|
NoNewPrivileges=yes
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/var/lib/acme /run/acme /etc/nginx
|
|
ProtectHome=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectControlGroups=yes
|
|
RestrictRealtime=yes
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|