-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsshguard-podman.service
More file actions
24 lines (20 loc) · 962 Bytes
/
sshguard-podman.service
File metadata and controls
24 lines (20 loc) · 962 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[Unit]
Description=sshguard
After=network-online.target iptables-restore.service
Requires=network-online.target
[Service]
TimeoutStartSec=0
ExecStartPre=-/usr/bin/podman rm --force %n
ExecStart=/opt/bin/podman run --rm \
--name=%n \
--net=host \
--cap-add=CAP_NET_ADMIN,CAP_NET_RAW \
--mount volume=dev-log,target=/dev/log --volume dev-log,kind=host,source=/dev/log,readOnly=true \
--mount volume=journal,target=/var/log/journal --volume journal,kind=host,source=/var/log/journal,readOnly=true \
--mount volume=config,target=/var/db/sshguard --volume config,kind=host,source=/var/db/sshguard \
--mount volume=run-xtables,target=/run/xtables.lock --volume run-xtables,kind=host,source=/run/xtables.lock \
chillichef/coreos-sshguard:latest \
-a 120 -b /var/db/sshguard/blacklist.db
ExecStop=/usr/bin/podman stop %n
[Install]
WantedBy=multi-user.target