Skip to content

Instantly share code, notes, and snippets.

@avoidik

avoidik/README.md

Last active January 30, 2022 19:05
Show Gist options
  • Save avoidik/65e99c4fa7802facd21c9a198489f0aa to your computer and use it in GitHub Desktop.
Save avoidik/65e99c4fa7802facd21c9a198489f0aa to your computer and use it in GitHub Desktop.
Download ZIP
systemd service with dynamic user
Raw
README.md 
cat > /etc/default/step-ca <<'EOF'
STEPPATH="/etc/step-ca"
PASSWORD_FILE="/etc/step-ca/passwd"
CONFIG_FILE="/etc/step-ca/config/ca.json"
STEP_CA_TOKEN="..."
EOF

cat > /etc/systemd/system/step-ca.service <<'EOF'
[Unit]
Description=step-ca
After=syslog.target network.target local-fs.target remote-fs.target nss-lookup.target

[Service]
DynamicUser=true
ConfigurationDirectory=step-ca
WorkingDirectory=/etc/step-ca
EnvironmentFile=-/etc/default/step-ca
ExecStart=/usr/local/bin/step-ca --password-file $PASSWORD_FILE $CONFIG_FILE
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment