cp system/* /etc/systemd/system/
cp default/* /etc/default/
systemctl daemon-reload
systemctl enable --now needroleshere.socket
systemctl enable --now needroleshere-ecs-relative.socket
The following tricks are implemented in files under system/.
As using both DynamicUser=
and PreserveRuntimeDirectory=
lets RuntimeDirectory
private but we want a stable RuntimeDirectory can be shared with multiple units; Without PreserveRuntimeDirectory=
, RuntimeDirectory=
are subject for ereasure every time a unit starts or stops (systemd#5394)
To workaround this problem, we need a dedicated systemd unit to hold RuntimeDirectory
.
Enable and start:
You can use this socket unit simultaneously with the primary needroleshere.socket.
It is possible to use systemd unit template for the needroleshere bind
service unit explained at README.
then systemctl enable [email protected]
to pair with somethingawesome.service
.
the systemd units utilize DynamicUser=
. As long as you keep same User=/Group= and a username specified to User= does not exist, you can use a dynamically allocated user with a static gid.
DynamicUser=yes
User=needroleshere
Group=certificateallowed