packages/coredns-deployment
1
0
Fork 0
mirror of https://github.com/notherealmarco/coredns-deployment.git synced 2025-05-05 12:32:34 +02:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions

Systemd sysusers directory (#68)

Browse source 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
This commit is contained in:
Lorenzo Fontana 2018-04-06 12:26:50 +02:00 committed by Miek Gieben
parent 73c6d4de27
commit 39c9f7ed76
3 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
systemd/README.md
View file

@ -3,3 +3,7 @@
Use `coredns.service` as a systemd service file. It defaults to using a "coredns" user with Use `coredns.service` as a systemd service file. It defaults to using a "coredns" user with
a homedir of `/var/lib/coredns` and the binary lives in `/usr/bin` and the config in a homedir of `/var/lib/coredns` and the binary lives in `/usr/bin` and the config in
`/etc/coredns/Corefile`. `/etc/coredns/Corefile`.
In order to work, the systemd unit needs a user named `coredns`, an handy way to provide
it is to use the `systemd-sysusers` service by installing the `coredns-sysusers.conf` file in the
`sysusers.d` folder (e.g: `/usr/lib/sysusers.d`).

1
systemd/coredns-sysusers.conf Normal file
View file

@ -0,0 +1 @@
u coredns - "CoreDNS is a DNS server that chains plugins " /

6
systemd/coredns.service
View file

@ -7,9 +7,9 @@ After=network.target
PermissionsStartOnly=true PermissionsStartOnly=true
LimitNOFILE=1048576 LimitNOFILE=1048576
LimitNPROC=512 LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true NoNewPrivileges=true
User=coredns User=coredns
WorkingDirectory=~ WorkingDirectory=~
ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile