This PR should be merged after the new website is deployed. - [x] Rename files - [x] Add front matter section to all `.md` files in the book (necessary for Zola) - [x] Change all internal links to use Zola's linking system that checks broken links - [x] Some updates to documentation contents and organization Co-authored-by: Alex Auvolat <alex@adnab.me> Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/213 Co-authored-by: Alex <alex@adnab.me> Co-committed-by: Alex <alex@adnab.me>
1.7 KiB
+++ title = "Starting Garage with systemd" weight = 15 +++
We make some assumptions for this systemd deployment.
-
Your garage binary is located at
/usr/local/bin/garage
. -
Your configuration file is located at
/etc/garage.toml
. -
Your
garage.toml
must be set withmetadata_dir=/var/lib/garage/meta
anddata_dir=/var/lib/garage/data
. This is mandatory to usesystemd
hardening feature Dynamic User. Note that in your host filesystem, Garage data will be held in/var/lib/private/garage
.
Create a file named /etc/systemd/system/garage.service
:
[Unit]
Description=Garage Data Store
After=network-online.target
Wants=network-online.target
[Service]
Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1'
ExecStart=/usr/local/bin/garage server
StateDirectory=garage
DynamicUser=true
ProtectHome=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
A note on hardening: garage will be run as a non privileged user, its user id is dynamically allocated by systemd. It cannot access (read or write) home folders (/home, /root and /run/user), the rest of the filesystem can only be read but not written, only the path seen as /var/lib/garage is writable as seen by the service (mapped to /var/lib/private/garage on your host). Additionnaly, the process can not gain new privileges over time.
To start the service then automatically enable it at boot:
sudo systemctl start garage
sudo systemctl enable garage
To see if the service is running and to browse its logs:
sudo systemctl status garage
sudo journalctl -u garage
If you want to modify the service file, do not forget to run systemctl daemon-reload
to inform systemd
of your modifications.