Creates systemd unit config.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
No provider.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| description | A human readable name for the unit. This is used by systemd (and other UIs) as the label for the unit, so this string should identify the unit rather than describe it, despite the name. 'Apache2 Web Server' is a good example. |
string |
"" |
no |
| documentation | A list of URIs referencing documentation for this unit or its configuration. Accepted are only URIs of the types "http://", "https://", "file:", "info:", "man:". |
list(string) |
[] |
no |
| wants | Configures requirement dependencies on other units. | list(string) |
[] |
no |
| requires | Similar to wants, but declares a stronger dependency. |
list(string) |
[] |
no |
| before | Ensures that the configured unit is started before the listed unit begins starting up. | list(string) |
[] |
no |
| after | Ensures the opposite, that the listed unit is fully started up before the configured unit is started. | list(string) |
[ |
no |
| conflicts | Configures negative requirement dependencies. If a unit has a conflicts setting on another unit, starting the former will stop the latter and vice versa. |
list(string) |
[] |
no |
| on_failure | List of one or more units that are activated when this unit enters the 'failed' state. | list(string) |
[] |
no |
| propagates_reload_to | List of one or more units where reload requests on this unit will be propagated to this unit. | list(string) |
[] |
no |
| reload_propagated_from | List of one or more units where reload requests on the other unit will be propagated to this unit. | list(string) |
[] |
no |
| default_dependencies | If true, a few default dependencies will implicitly be created for the unit. The actual dependencies created depend on the unit type. |
bool |
true |
no |
| condition_architecture | Check whether the system is running on a specific architecture. | string |
"" |
no |
| condition_virtualization | Check whether the system is executed in a virtualized environment and optionally test whether it is a specific implementation. | string |
"" |
no |
| condition_first_boot | This condition may be used to conditionalize units on whether the system is booting up for the first time. | bool |
false |
no |
| condition_ac_power | This condition may be used to conditionalize units on whether the system is booting up for the first time. | bool |
false |
no |
| condition_path_exists | Check for the exists of a file. If the specified absolute path name does not exist, the condition will fail. If the absolute path name passed to condition is prefixed with an exclamation mark ("!"), the test is negated, and the unit is only started if the path does not exist. |
list(string) |
[] |
no |
| condition_path_is_directory | Similar to condition_path_exists but verifies that a certain path exists and is a directory. |
list(string) |
[] |
no |
| condition_path_is_symbolic_link | Similar to condition_path_exists but verifies that a certain path exists and is a symbolic link. |
list(string) |
[] |
no |
| condition_path_is_mount_point | Similar to condition_path_exists but verifies that a certain path exists and is a mount point. |
list(string) |
[] |
no |
| condition_path_is_read_write | Similar to condition_path_exists but verifies that the underlying file system is readable and writable (i.e. not mounted read-only). |
list(string) |
[] |
no |
| condition_directory_not_empty | Similar to condition_path_exists but verifies that a certain path exists and is a non-empty directory. |
list(string) |
[] |
no |
| condition_file_not_empty | Similar to condition_path_exists but verifies that a certain path exists and refers to a regular file with a non-zero size. |
list(string) |
[] |
no |
| condition_file_is_executable | Similar to condition_path_exists but verifies that a certain path exists, is a regular file, and marked executable. |
list(string) |
[] |
no |
| condition_memory | Verify that the specified amount of system memory is available to the current system. Takes a memory size in bytes as argument, optionally prefixed with a comparison operator "<", "<=", "=", "!=", ">=", ">". On bare-metal systems compares the amount of physical memory in the system with the specified size, adhering to the specified comparison operator. In containers compares the amount of memory assigned to the container instead. |
string |
"" |
no |
| condition_cpus | Verify that the specified number of CPUs is available to the current system. Takes a number of CPUs as argument, optionally prefixed with a comparison operator "<", "<=", "=", "!=", ">=", ">". Compares the number of CPUs in the CPU affinity mask configured of the service manager itself with the specified number, adhering to the specified comparison operator. On physical systems the number of CPUs in the affinity mask of the service manager usually matches the number of physical CPUs, but in special and virtual environments might differ. In particular, in containers the affinity mask usually matches the number of CPUs assigned to the container and not the physically available ones. |
string |
"" |
no |
| wanted_by | n/a | list(string) |
[ |
no |
| required_by | n/a | list(string) |
[] |
no |
| aliases | Service unit aliases. | list(string) |
[] |
no |
| also | n/a | list(string) |
[] |
no |
| user | n/a | string |
"" |
no |
| group | n/a | string |
"" |
no |
| service_type | n/a | string |
"simple" |
no |
| remain_after_exit | n/a | bool |
false |
no |
| bus_name | n/a | string |
"" |
no |
| notify_access | n/a | string |
"" |
no |
| restart | Configures whether the service shall be restarted when the service process exits, is killed, or a timeout is reached. | string |
"on-failure" |
no |
| watchdog_sec | n/a | number |
0 |
no |
| restart_sec | n/a | number |
0 |
no |
| nice | n/a | number |
0 |
no |
| private_tmp | If true, sets up a new file system namespace for the executed processes and mountsprivate /tmp and /var/tmp directories inside it that are not shared by processes outside of the namespace. |
bool |
false |
no |
| protect_system | If true, mounts the /usr and the boot loader directories (/boot and /efi) read-only for processes invoked by this unit.If set to full, the /etc directory is mounted read-only, too.If set to strict the entire file system hierarchy is mounted read-only, except for the API file system subtrees /dev, /proc and /sys. |
string |
"" |
no |
| protect_home | If true, the directories /home, /root, and /run/user are made inaccessible and empty for processes invoked by this unit.If set to read-only, the three directories are made read-only instead.If set to tmpfs, temporary file systems are mounted on the three directories in read-only mode. |
string |
"" |
no |
| exec_start_pre | n/a | list(string) |
[] |
no |
| exec_start_post | n/a | list(string) |
[] |
no |
| exec_start | n/a | list(string) |
[] |
no |
| exec_stop | n/a | list(string) |
[] |
no |
| exec_stop_post | n/a | list(string) |
[] |
no |
| exec_reload | n/a | list(string) |
[] |
no |
| pid_file | Path to PID file. | string |
"" |
no |
| working_directory | Working directory path. | list(string) |
[] |
no |
| runtime_directory | Runtime directory path. | list(string) |
[] |
no |
| state_directory | State directory path. | list(string) |
[] |
no |
| cache_directory | Cache directory path. | list(string) |
[] |
no |
| logs_directory | Logs directory path. | list(string) |
[] |
no |
| configuration_directory | Configuration directory path. | list(string) |
[] |
no |
| runtime_directory_preserve | If set to no, the directories specified in runtime_directory are always removed when the service stops.If set to restart the directories are preserved when the service is both automatically and manually restarted.If set to yes, then the directories are not removed when the service is stopped. |
string |
"" |
no |
| standard_output | Controls where file descriptor 1 (stdout) of the executed processes is connected to. Takes one of inherit, null, tty, journal, kmsg, journal+console, kmsg+console, file:path, append:path, socket or fd:name. |
string |
"" |
no |
| standard_input | Controls where file descriptor 0 (STDIN) of the executed processes is connected to. Takes one of null, tty, tty-force, tty-fail, data, file:path, socket or fd:name. |
string |
"" |
no |
| sockets | Working directory path. | list(string) |
[] |
no |
| permissions_start_only | Permissions start only. | bool |
false |
no |
| no_new_privileges | If true, ensures that the service process and all its children can never gain new privileges through execve(). |
bool |
false |
no |
| ignore_sigpipe | Ignore SIGPIPE. | bool |
false |
no |
| kill_mode | Specifies how processes of this unit shall be killed. One of control-group, mixed, process, none. | string |
"" |
no |
| kill_signal | Specifies which signal to use when stopping a service. This controls the signal that is sent as first step of shutting down a unit, and is usually followed by SIGKILL." |
string |
"" |
no |
| restart_kill_signal | Specifies which signal to use when restarting a service. | string |
"" |
no |
| watchdog_signal | Specifies which signal to use to terminate the service when the watchdog timeout expires. | string |
"" |
no |
| send_sighup | Specifies whether to send SIGHUP to remaining processes immediately after sending the signal configured with kill_signal. |
bool |
false |
no |
| send_sigkill | Specifies whether to send SIGKILL to remaining processes after a timeout, if the normal shutdown procedure left processes of the service around. |
bool |
true |
no |
| selinux_context | n/a | string |
"" |
no |
| apparmor_profile | n/a | string |
"" |
no |
| capability_bounding_set | Controls which capabilities to include in the capability bounding set for the executed process. | list(string) |
[] |
no |
| ambient_capabilities | Controls which capabilities to include in the ambient capability set for the executed process. | list(string) |
[] |
no |
| environment | Sets environment variables for executed processes. | list(string) |
[] |
no |
| environment_file | Similar to environment but reads the environment variables from a text file. |
list(string) |
[] |
no |
| lock_personality | If set, locks down the personality(2) system call so that the kernel execution domain may not be changed from the default or the personality selected. | bool |
false |
no |
| oom_score_adjust | Sets the adjustment value for the Linux kernel's Out-Of-Memory (OOM) killer score for executed processes. | number |
0 |
no |
| timeout_sec | n/a | number |
0 |
no |
| timeout_start_sec | n/a | number |
0 |
no |
| timeout_stop_sec | n/a | number |
0 |
no |
| timeout_abort_sec | n/a | number |
0 |
no |
| memory_deny_write_execute | If set, attempts to create memory mappings that are writable and executable at the same time, or to change existing memory mappings to become executable, or mapping shared memory segments as executable are prohibited. |
bool |
false |
no |
| file_descriptor_store_max | n/a | number |
0 |
no |
| limit_cpu | n/a | string |
"" |
no |
| limit_fsize | n/a | string |
"" |
no |
| limit_data | n/a | string |
"" |
no |
| limit_stack | n/a | string |
"" |
no |
| limit_core | n/a | string |
"" |
no |
| limit_rss | n/a | string |
"" |
no |
| limit_nofile | n/a | string |
"" |
no |
| limit_as | n/a | string |
"" |
no |
| limit_nproc | n/a | string |
"" |
no |
| limit_memlock | n/a | string |
"" |
no |
| limit_locks | n/a | string |
"" |
no |
| limit_sigpending | n/a | string |
"" |
no |
| limit_msqueue | n/a | string |
"" |
no |
| limit_nice | n/a | string |
"" |
no |
| limit_rptprio | n/a | string |
"" |
no |
| limit_rttime | n/a | string |
"" |
no |
| tasks_max | n/a | string |
"" |
no |
| Name | Description |
|---|---|
| content | Generated unit file content. |
| checksum | Checksum of content. |