app-admin/vault: increase max open files

author Zac Medico <zachary.medico@sony.com>

Mon, 15 Jul 2019 20:42:47 +0000 (13:42 -0700)

committer Zac Medico <zmedico@gentoo.org>

Mon, 15 Jul 2019 20:51:48 +0000 (13:51 -0700)
author Zac Medico <zachary.medico@sony.com>
Mon, 15 Jul 2019 20:42:47 +0000 (13:42 -0700)
committer Zac Medico <zmedico@gentoo.org>
Mon, 15 Jul 2019 20:51:48 +0000 (13:51 -0700)
diff --git a/app-admin/vault/files/vault.initd b/app-admin/vault/files/vault.initd

index d430bb8d39a9b032467b3141b1594dac18a11ef9..e4bd3e7c13d0f76052fe39b4afa7bc1487ff46cb 100644 (file)
--- a/app-admin/vault/files/vault.initd
+++ b/app-admin/vault/files/vault.initd
@@ -1,10 +1,11 @@
  #!/sbin/openrc-run
-# Copyright 2015-2017 Gentoo Foundation
+# Copyright 2015-2019 Gentoo Authors
  # Distributed under the terms of the GNU General Public License v2
  
  description="vault server"
  group=${group:-${RC_SVCNAME}}
  pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"}
+rc_ulimit=${rc_ulimit-"-n 65536"}
  user=${user:-${RC_SVCNAME}}
  
  command="/usr/bin/${RC_SVCNAME}"
diff --git a/app-admin/vault/files/vault.service b/app-admin/vault/files/vault.service

index 3071d03462773dac98d78ff6b312d9e78a14e0d4..939d8cafc24e7ec82d972c30819167cad9c299a1 100644 (file)
--- a/app-admin/vault/files/vault.service
+++ b/app-admin/vault/files/vault.service
@@ -4,15 +4,28 @@ Requires=network-online.target
  After=network-online.target
  
  [Service]
-User=vault
  Environment=VAULT_SERVER_OPTS="-config=/etc/vault.d"
-ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
-CapabilityBoundingSet=CAP_IPC_LOCK
-AmbientCapabilities=CAP_IPC_LOCK
-Capabilities=CAP_IPC_LOCK=ep
+User=vault
+Group=vault
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=yes
+PrivateDevices=yes
  SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK
+Capabilities=CAP_IPC_LOCK+ep
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
+NoNewPrivileges=yes
+ExecStart=/usr/bin/vault server $VAULT_SERVER_OPTS
+ExecReload=/bin/kill --signal HUP $MAINPID
+KillMode=process
+KillSignal=SIGINT
  Restart=on-failure
-SuccessExitStatus=2
+RestartSec=5
+TimeoutStopSec=30
+StartLimitIntervalSec=60
+StartLimitBurst=3
+LimitNOFILE=65536
  
  [Install]
  WantedBy=default.target
diff --git a/app-admin/vault/vault-1.1.2.ebuild b/app-admin/vault/vault-1.1.2-r1.ebuild

similarity index 100%

rename from app-admin/vault/vault-1.1.2.ebuild

rename to app-admin/vault/vault-1.1.2-r1.ebuild
author	Zac Medico <zachary.medico@sony.com>
	Mon, 15 Jul 2019 20:42:47 +0000 (13:42 -0700)
committer	Zac Medico <zmedico@gentoo.org>
	Mon, 15 Jul 2019 20:51:48 +0000 (13:51 -0700)
app-admin/vault/files/vault.initd		patch \| blob \| history
app-admin/vault/files/vault.service		patch \| blob \| history
app-admin/vault/vault-1.1.2-r1.ebuild	[moved from app-admin/vault/vault-1.1.2.ebuild with 100% similarity]	patch \| blob \| history