generated from NethServer/ns8-kickstart
/
crowdsec.service
51 lines (47 loc) · 1.55 KB
/
crowdsec.service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#
# Copyright (C) 2022 Nethesis S.r.l.
# SPDX-License-Identifier: GPL-3.0-or-later
#
#
# This systemd unit starts a crowdsec instance using Podman.
# Most parts of this file come from podman-generate-systemd.
#
[Unit]
Description=crowdsec server
After=network.target
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
EnvironmentFile=/var/lib/nethserver/%N/state/environment
WorkingDirectory=/var/lib/nethserver/%N/state
SyslogIdentifier=%N
Restart=always
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.cid
ExecStartPre=/bin/mkdir -vp crowdsec_config/postoverflows/s01-whitelist
ExecStartPre=/bin/mkdir -vp crowdsec_config/parsers/s02-enrich
ExecStartPre=/usr/local/bin/runagent -m %N expand-configuration
ExecStartPre=/usr/local/bin/runagent -m %N expand-smarthost
SuccessExitStatus=143
ExecStart=/usr/bin/podman run \
--detach \
--init \
--privileged \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.cid \
--cgroups=no-conmon \
--replace --name=%N \
--network=host \
--env DISABLE_ONLINE_API=${DISABLE_ONLINE_API} \
--volume ./crowdsec_config:/etc/crowdsec:Z \
--volume %N-data:/var/lib/crowdsec/data:Z \
--volume ${CROWDSEC_JOURNAL}:/run/log/journal \
${CROWDSEC_IMAGE}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.cid -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.cid
ExecReload=/usr/local/bin/runagent -m %N expand-configuration
ExecReload=/usr/local/bin/runagent -m %N expand-smarthost
ExecReload=/usr/bin/podman kill -s HUP %N
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=default.target