Created
February 14, 2018 07:45
-
-
Save sq3/17137d21db1b157fa2b87c52e56baba9 to your computer and use it in GitHub Desktop.
Revisions
-
sq3 created this gist
Feb 14, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,48 @@ # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. [Unit] Description=nspawn container nextcloud Documentation=man:systemd-nspawn(1) PartOf=machines.target Before=machines.target After=network.target [Service] ExecStart=/usr/bin/systemd-nspawn \ --quiet \ --keep-unit \ --boot \ --link-journal=try-guest \ --network-veth -U \ --settings=override \ --machine=nextcloud \ --bind=/srv/data/machines/nextcloud/data:/var/opt/nextcloud/data \ --bind=/srv/data/machines/nextcloud/mariadb:/var/lib/mysql \ KillMode=mixed Type=notify RestartForceExitStatus=133 SuccessExitStatus=133 Slice=machine.slice Delegate=yes TasksMax=16384 # Enforce a strict device policy, similar to the one nspawn configures # when it allocates its own scope unit. Make sure to keep these # policies in sync if you change them! DevicePolicy=closed DeviceAllow=/dev/net/tun rwm DeviceAllow=char-pts rw # nspawn itself needs access to /dev/loop-control and /dev/loop, to # implement the --image= option. Add these here, too. DeviceAllow=/dev/loop-control rw DeviceAllow=block-loop rw DeviceAllow=block-blkext rw [Install] WantedBy=machines.target