2019-08-05 01:29:15 +02:00
|
|
|
[Unit]
|
2021-04-30 13:49:31 +02:00
|
|
|
Description=vaultwarden Server (Rust Edition)
|
|
|
|
Documentation=https://github.com/dani-garcia/vaultwarden
|
2019-08-05 01:29:15 +02:00
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
2021-04-30 13:49:31 +02:00
|
|
|
# The user/group vaultwarden is run under. the working directory (see below) should allow write and read access to this user/group
|
2019-08-05 01:29:15 +02:00
|
|
|
User=__APP__
|
|
|
|
Group=__APP__
|
2022-01-14 21:31:33 +01:00
|
|
|
WorkingDirectory=__FINALPATH__/live/
|
2022-01-23 19:54:02 +01:00
|
|
|
ReadWriteDirectories=__FINALPATH__/live/ __DATADIR__
|
|
|
|
EnvironmentFile=__FINALPATH__/live/.env
|
2021-04-30 13:49:31 +02:00
|
|
|
ExecStart=__FINALPATH__/live/vaultwarden
|
2022-01-14 21:31:33 +01:00
|
|
|
|
2019-08-05 01:29:15 +02:00
|
|
|
# Set reasonable connection and process limits
|
|
|
|
LimitNOFILE=1048576
|
|
|
|
LimitNPROC=64
|
2022-01-14 21:31:33 +01:00
|
|
|
|
|
|
|
# Sandboxing options to harden security
|
|
|
|
# Depending on specificities of your service/app, you may need to tweak these
|
|
|
|
# .. but this should be a good baseline
|
|
|
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
|
|
|
PrivateTmp=yes
|
|
|
|
PrivateDevices=yes
|
2022-01-24 00:17:50 +01:00
|
|
|
ProtectHome=false
|
2020-01-27 21:42:10 +01:00
|
|
|
ProtectSystem=strict
|
2019-08-05 01:29:15 +02:00
|
|
|
|
|
|
|
[Install]
|
2020-12-01 22:04:05 +01:00
|
|
|
WantedBy=multi-user.target
|