mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
feat: Support caching provisioner assets (#574)
* feat: Add AWS instance identity authentication This allows zero-trust authentication for all AWS instances. Prior to this, AWS instances could be used by passing `CODER_TOKEN` as an environment variable to the startup script. AWS explicitly states that secrets should not be passed in startup scripts because it's user-readable. * feat: Support caching provisioner assets This caches the Terraform binary, and Terraform plugins. Eventually, it could cache other temporary files. * chore: fix linter Co-authored-by: Garrett <garrett@coder.com>
This commit is contained in:
@ -16,6 +16,7 @@ PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
SecureBits=keep-caps
|
||||
AmbientCapabilities=CAP_IPC_LOCK
|
||||
CacheDirectory=coder
|
||||
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
|
||||
NoNewPrivileges=yes
|
||||
ExecStart=/usr/bin/coder start
|
||||
|
Reference in New Issue
Block a user