A "proper" vault systemd file

[Justin DynamicD]

Just asking if anyone has seen what they consider a "proper" systemd file so setting vault.  I've been using the scripts in https://registry.terraform.io/modules/hashicorp/vault/aws/ to setup my vault system but don't use the run script as that assumes I want to use Supervisor to manage my process and I'd rather use the native systemd in Ubuntu.

So ... after a little digging I came up with this for my systemd file and just wanted to get some feedback (particularly on the reload command) to see if it aligns with the "sane way to do things".

[Unit]

Description=Daemon for Vault

Requires=network-online.target

After=network-online.target consul.service

[Service]

User=vault

Group=vault

ExecStart=/opt/vault/bin/vault server $OPTIONS -config /opt/vault/config

ExecReload=/bin/kill -SIGHUP $MAINPID

ExecStop=/opt/vault/bin/vault operator step-down

KillMode=process

LimitMEMLOCK=infinity

Restart=on-failure

StartLimitInterval=20

StartLimitBurst=5

TimeoutStartSec=0

RestartSec=5

[Install]

WantedBy=multi-user.target

 Anyway, just looking for feedback at this point as I try to cleanup and standardize things.

Regards,

Justin

[Nathan Basanese]

  // , I have. 

https://github.com/chrismatteson/vault-101/blob/master/scripts/install-systemd-scripts.sh#L16-L32

[Chris Hoffman]

The Vault deployment guide has some sample systemd configs that might be useful for comparison.

https://learn.hashicorp.com/vault/operations/ops-deployment-guide

Chris