From 30f3411c6929397a20459e3be3454ce1b51649a6 Mon Sep 17 00:00:00 2001
From: Dennis Eriksen <d@ennis.no>
Date: Mon, 3 May 2021 14:40:47 +0200
Subject: renaming bitwarden_rs to vaultwarden

---
 mkosi.extra/etc/systemd/system/vaultwarden.service | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 mkosi.extra/etc/systemd/system/vaultwarden.service

(limited to 'mkosi.extra/etc/systemd/system/vaultwarden.service')

diff --git a/mkosi.extra/etc/systemd/system/vaultwarden.service b/mkosi.extra/etc/systemd/system/vaultwarden.service
new file mode 100644
index 0000000..6000845
--- /dev/null
+++ b/mkosi.extra/etc/systemd/system/vaultwarden.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Vaultwarden Server (Rust Edition)
+Documentation=https://github.com/dani-garcia/vaultwarden
+After=network.target
+
+[Service]
+# The user/group vaultwarden is run under. the working directory (see below) should allow write and read access to this user/group
+User=vaultwarden
+Group=vaultwarden
+# The location of the .env file for configuration
+EnvironmentFile=/etc/vaultwarden/vaultwarden.env
+# The location of the compiled binary
+ExecStart=/usr/local/bin/vaultwarden
+# Set reasonable connection and process limits
+LimitNOFILE=1048576
+LimitNPROC=64
+# Isolate vaultwarden from the rest of the system
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=strict
+# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
+WorkingDirectory=/var/lib/vaultwarden
+ReadWriteDirectories=/var/lib/vaultwarden
+# Allow vaultwarden to bind ports in the range of 0-1024
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3