4:02 p.m.
On 7/9/19 3:52 PM, Eric Gustavsson wrote:
[Unit]
Description=Bitwarden
Wants=syslog.service
[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden
[Install]
WantedBy=multi-user.target
[Unit]
Description=Bitwarden
Wants=syslog.service
[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden
[Install]
WantedBy=multi-user.target
Why are you recreating the service each time. Why not just create the container and then
start and stop the container within the unit file.
/usr/bin/podman create \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecStart=/usr/bin/podman start bitwarden
ExecStop=-/usr/bin/podman stop bitwarden
ExecReload-/usr/bin/podman restart bitwarden
Also why do yo need to disable SELinux separation?
Does
-v /home/spytec/Bitwarden/bw-data/:/data/:Z \
Allow you to work?