:user => "root",
:path => "/store/backup",
:events => %w[IN_CREATE IN_MOVED_TO],
- :command => "/usr/bin/systemctl start planetdump@$#"
+ :command => "/bin/systemctl start planetdump@$#"
}
include_recipe "git"
pbzip2
php-cli
php-curl
+ mktorrent
+ xmlstarlet
+ libxml2-utils
]
directory "/opt/planet-dump-ng" do
owner "root"
group "root"
- mode 0o755
+ mode "755"
end
git "/opt/planet-dump-ng" do
action :sync
repository "https://github.com/zerebubuth/planet-dump-ng.git"
- revision "v1.1.8"
+ revision "v1.2.6"
depth 1
user "root"
group "root"
directory "/store/planetdump" do
owner "www-data"
group "www-data"
- mode 0o755
+ mode "755"
recursive true
end
source "#{program}.erb"
owner "root"
group "root"
- mode 0o755
+ mode "755"
end
end
user "www-data"
exec_start "/usr/local/bin/planetdump %i"
memory_max "64G"
- private_tmp true
- private_devices true
- private_network true
- protect_system "full"
- protect_home true
- no_new_privileges true
+ sandbox true
+ read_write_paths [
+ "/store/planetdump",
+ "/store/planet/pbf",
+ "/store/planet/planet",
+ "/var/log/exim4",
+ "/var/spool/exim4"
+ ]
end
-cron_d "planet-dump-mirror" do
- minute "*/10"
+systemd_service "planet-dump-mirror" do
+ description "Update planet dump mirrors"
+ exec_start "/usr/local/bin/planet-mirror-redirect-update"
user "www-data"
- command "/usr/local/bin/planet-mirror-redirect-update"
- mailto "horntail-www-data-cron@firefishy.com"
+ sandbox :enable_network => true
+ memory_deny_write_execute false
+ read_write_paths "/store/planet/.htaccess"
+end
+
+systemd_timer "planet-dump-mirror" do
+ description "Update planet dump mirrors"
+ on_boot_sec "10min"
+ on_unit_inactive_sec "10min"
+end
+
+service "planet-dump-mirror.timer" do
+ action [:enable, :start]
end