diff options
Diffstat (limited to 'roles/vpn/templates/headscale.service.j2')
| -rw-r--r-- | roles/vpn/templates/headscale.service.j2 | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/vpn/templates/headscale.service.j2 b/roles/vpn/templates/headscale.service.j2 new file mode 100644 index 0000000..46267f0 --- /dev/null +++ b/roles/vpn/templates/headscale.service.j2 @@ -0,0 +1,26 @@ +[Unit] +Description=headscale coordination server +After=syslog.target +After=network.target + +[Service] +Type=simple +Environment=GIN_MODE=release +User={{ headscale_user_name }} +Group={{ headscale_user_group }} +ExecStart={{ headscale_binary_path }} serve +ExecReload=kill -HUP $MAINPID +Restart=always +RestartSec=5 + +# Optional security enhancements +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=strict +ProtectHome=yes +ReadWritePaths={{ headscale_var_data_dir }} {{ headscale_pid_dir }} +AmbientCapabilities=CAP_NET_BIND_SERVICE +RuntimeDirectory={{ headscale_user_name }} + +[Install] +WantedBy=multi-user.target |