Merge pull request #204 from kylemanna/docs_systemd

Document systemd service usage

Author: kylemanna

README.md

@@ -56,6 +56,10 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
         $ dig google.com  # won't use the search directives in resolv.conf
         $ nslookup google.com # will use search
 
+* Consider setting up a [systemd service](/docs/systemd.md) for automatic
+  start-up at boot time and restart in the event the OpenVPN daemon or Docker
+  crashes.
+
 ## How Does It Work?
 
 Initialize the volume container using the `kylemanna/openvpn` image with the
@@ -166,7 +170,7 @@ of a guarantee in the future.
   volume for re-use across containers
 * Addition of tls-auth for HMAC security
 
-## Tested On
+## Originally Tested On
 
 * Docker hosts:
   * server a [Digital Ocean](https://www.digitalocean.com/?refcode=d19f7fe88c94) Droplet with 512 MB RAM running Ubuntu 14.04
@@ -175,8 +179,3 @@ of a guarantee in the future.
      * OpenVPN core 3.0 android armv7a thumb2 32-bit
   * OS X Mavericks with Tunnelblick 3.4beta26 (build 3828) using openvpn-2.3.4
   * ArchLinux OpenVPN pkg 2.3.4-1
-  * 
-
-## Having permissions issues with Selinux enabled?
-
-See [this](docs/selinux.md)

docs/systemd.md

@@ -0,0 +1,37 @@
+# Docker + OpenVPN systemd Service
+
+The systemd service aims to make the update and invocation of the
+`docker-openvpn` container seamless.  It automatically downloads the latest
+`docker-openvpn` image and instantiates a Docker container with that image.  At
+shutdown it cleans-up the old container.
+
+In the event the service dies (crashes, or is killed) systemd will attempt to
+restart the service every 10 seconds until the service is stopped with
+`systemctl stop [email protected]`.
+
+A number of IPv6 hacks are incorporated to workaround Docker shortcomings and
+are harmless for those not using IPv6.
+
+To use and enable automatic start by systemd:
+
+1. Create a Docker volume container named `ovpn-data-NAME` where `NAME` is the
+   user's choice to describe the use of the container.  In the example
+   configuration given in the [README](/README.md) `NAME=data`.
+2. Initialize the data container according to the [docker-openvpn
+   README](/README.md), but don't start the container. Stop the Docker
+   container if started.
+3. Download the [[email protected]](https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service)
+   file to `/etc/systemd/system`:
+
+        curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/[email protected]
+
+4. Enable and start the service with:
+
+        systemctl enable --now [email protected]
+
+5. Verify service start-up with:
+
+        systemctl status [email protected]
+        journalctl --unit [email protected]
+
+For more information, see the [systemd manual pages](https://www.freedesktop.org/software/systemd/man/index.html).

init/[email protected]

@@ -1,3 +1,35 @@
+#
+# Docker + OpenVPN systemd service
+#
+# Author: Kyle Manna <[email protected]>
+# Source: https://github.com/kylemanna/docker-openvpn
+#
+# This service aims to make the update and invocation of the docker-openvpn
+# container seemless.  It automatically downloads the latest docker-openvpn
+# image and instantiates a Docker container with that image.  At shutdown it
+# cleans-up the old container.
+#
+# In the event the service dies (crashes, or is killed) systemd will attempt
+# to restart the service every 10 seconds until the service is stopped with
+# `systemctl stop docker-openvpn@NAME`.
+#
+# A number of IPv6 hacks are incorporated to workaround Docker shortcomings and
+# are harmless for those not using IPv6.
+#
+# To use:
+# 1. Create a Docker volume container named `ovpn-data-NAME` where NAME is the
+#    user's choice to describe the use of the container.
+# 2. Initialize the data container according to the docker-openvpn README, but
+#    don't start the container. Stop the docker container if started.
+# 3. Download this service file to /etc/systemd/service/[email protected]
+# 4. Enable and start the service template with:
+#    `systemctl enable --now [email protected]`
+# 5. Verify service start-up with:
+#    `systemctl status [email protected]`
+#    `journalctl --unit [email protected]`
+# 
+# For more information, see the systemd manual pages.
+#
 [Unit]
 Description=OpenVPN Docker Container
 Documentation=https://github.com/kylemanna/docker-openvpn