feat: vault systemd esc and updated - hashipi - Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul

commit 3a49aa2cffbd48236ccc7329ca32e01aa9f32ac3
parent 82660d95b1661e9e6499c94eadedf06891e6f88e
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Wed, 10 Aug 2022 13:47:58 +0200

feat: vault systemd esc and updated

https://github.com/hashicorp/vault/blob/main/.release/linux/package/usr/lib/systemd/system/vault.service

Diffstat:
M vault.sh  | 10 ++++------

1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/vault.sh b/vault.sh
@@ -104,7 +104,7 @@ EOF
 chmod 640 /etc/vault.d/vault.hcl
 
 # Configure systemd service unit
-cat << EOF > /etc/systemd/system/vault.service 
+cat << EOF > /etc/systemd/system/vault.service
 [Unit]
 Description="HashiCorp Vault - A tool for managing secrets"
 Documentation=https://www.vaultproject.io/docs/
@@ -115,6 +115,8 @@ StartLimitIntervalSec=60
 StartLimitBurst=3
 
 [Service]
+Type=notify
+EnvironmentFile=-/etc/vault.d/vault.env
 User=vault
 Group=vault
 ProtectSystem=full
@@ -123,19 +125,15 @@ PrivateTmp=yes
 PrivateDevices=yes
 SecureBits=keep-caps
 AmbientCapabilities=CAP_IPC_LOCK
-Capabilities=CAP_IPC_LOCK+ep
 CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
 NoNewPrivileges=yes
 ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
-ExecReload=/bin/kill --signal HUP $MAINPID
+ExecReload=/bin/kill --signal HUP \$MAINPID
 KillMode=process
 KillSignal=SIGINT
 Restart=on-failure
 RestartSec=5
 TimeoutStopSec=30
-StartLimitInterval=60
-StartLimitIntervalSec=60
-StartLimitBurst=3
 LimitNOFILE=65536
 LimitMEMLOCK=infinity

	hashipi Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul
	git clone https://git.in0rdr.ch/hashipi.git
	Log \| Files \| Refs \| README