2022-12-14 21:41:29 +01:00
|
|
|
[Unit]
|
|
|
|
|
Description=Authentik in Docker
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
Type=exec
|
2022-12-17 03:53:55 +01:00
|
|
|
#User=authentik-docker
|
2022-12-14 21:41:29 +01:00
|
|
|
WorkingDirectory={{ docker_compose_config_dir }}/authentik
|
|
|
|
|
ExecStart=docker compose up postgresql redis server worker
|
|
|
|
|
Restart=on-failure
|
|
|
|
|
RestartSec=30s
|
|
|
|
|
|
|
|
|
|
# Optional hardening to improve security
|
2022-12-17 03:53:55 +01:00
|
|
|
#ReadWritePaths={{ docker_volumes_dir }}/ /tmp/ {{ docker_compose_config_dir }}/
|
|
|
|
|
#NoNewPrivileges=yes
|
2022-12-14 21:41:29 +01:00
|
|
|
#MemoryDenyWriteExecute=true
|
2022-12-17 03:53:55 +01:00
|
|
|
#PrivateDevices=yes
|
|
|
|
|
#PrivateTmp=yes
|
|
|
|
|
#ProtectHome=yes
|
|
|
|
|
#ProtectSystem=strict
|
|
|
|
|
#ProtectControlGroups=true
|
|
|
|
|
#RestrictSUIDSGID=true
|
|
|
|
|
#RestrictRealtime=true
|
|
|
|
|
#LockPersonality=true
|
|
|
|
|
#ProtectKernelLogs=true
|
|
|
|
|
#ProtectKernelTunables=true
|
|
|
|
|
#ProtectHostname=true
|
|
|
|
|
#ProtectKernelModules=true
|
|
|
|
|
#PrivateUsers=true
|
|
|
|
|
#ProtectClock=true
|
|
|
|
|
#SystemCallArchitectures=native
|
|
|
|
|
#SystemCallErrorNumber=EPERM
|
|
|
|
|
#SystemCallFilter=@system-service
|
2022-12-14 21:41:29 +01:00
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=multi-user.target
|
