We make some assumptions for this systemd deployment.
Your garage binary is located at
Your configuration file is located at
garage.tomlmust be set with
data_dir=/var/lib/garage/data. This is mandatory to use
systemdhardening feature Dynamic User. Note that in your host filesystem, Garage data will be held in
Create a file named
[Unit] Description=Garage Data Store After=network-online.target Wants=network-online.target [Service] Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1' ExecStart=/usr/local/bin/garage server StateDirectory=garage DynamicUser=true ProtectHome=true NoNewPrivileges=true [Install] WantedBy=multi-user.target
A note on hardening: garage will be run as a non privileged user, its user id is dynamically allocated by systemd. It cannot access (read or write) home folders (/home, /root and /run/user), the rest of the filesystem can only be read but not written, only the path seen as /var/lib/garage is writable as seen by the service (mapped to /var/lib/private/garage on your host). Additionnaly, the process can not gain new privileges over time.
To start the service then automatically enable it at boot:
sudo systemctl start garage sudo systemctl enable garage
To see if the service is running and to browse its logs:
sudo systemctl status garage sudo journalctl -u garage
If you want to modify the service file, do not forget to run
systemd of your modifications.