fayland/haproxy.service

## haproxy.service
[Unit]
Description=HAProxy Load Balancer
Documentation=man:haproxy(1)
Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz
After=network-online.target rsyslog.service
Wants=network-online.target

[Service]
EnvironmentFile=-/etc/default/haproxy
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid"
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
SuccessExitStatus=143
Type=notify

# The following lines leverage SystemD's sandboxing options to provide
# defense in depth protection at the expense of restricting some flexibility
# in your setup (e.g. placement of your configuration files) or possibly
# reduced performance. See systemd.service(5) and systemd.exec(5) for further
# information.

# NoNewPrivileges=true
# ProtectHome=true
# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
# any state files and any other files written using 'ReadWritePaths' or
# 'RuntimeDirectory'.
# ProtectSystem=true
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# If your SystemD version supports them, you can add: @reboot, @swap, @sync
# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io

[Install]
WantedBy=multi-user.target
	[Unit]
	Description=HAProxy Load Balancer
	Documentation=man:haproxy(1)
	Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz
	After=network-online.target rsyslog.service
	Wants=network-online.target

	[Service]
	EnvironmentFile=-/etc/default/haproxy
	Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid"
	ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
	ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
	ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
	ExecReload=/bin/kill -USR2 $MAINPID
	KillMode=mixed
	Restart=always
	SuccessExitStatus=143
	Type=notify

	# The following lines leverage SystemD's sandboxing options to provide
	# defense in depth protection at the expense of restricting some flexibility
	# in your setup (e.g. placement of your configuration files) or possibly
	# reduced performance. See systemd.service(5) and systemd.exec(5) for further
	# information.

	# NoNewPrivileges=true
	# ProtectHome=true
	# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
	# any state files and any other files written using 'ReadWritePaths' or
	# 'RuntimeDirectory'.
	# ProtectSystem=true
	# ProtectKernelTunables=true
	# ProtectKernelModules=true
	# ProtectControlGroups=true
	# If your SystemD version supports them, you can add: @reboot, @swap, @sync
	# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io

	[Install]
	WantedBy=multi-user.target