# limitations under the License.
#
+include_recipe "accounts"
include_recipe "git"
package %w[
libprotobuf-dev
osmpbf-bin
pbzip2
- php-cli
- php-curl
mktorrent
xmlstarlet
libxml2-utils
end
directory "/store/planetdump" do
- owner "www-data"
- group "www-data"
+ owner "planet"
+ group "planet"
mode "755"
recursive true
end
-%w[planetdump planetdump-trigger planet-mirror-redirect-update].each do |program|
+%w[planetdump planetdump-trigger].each do |program|
template "/usr/local/bin/#{program}" do
source "#{program}.erb"
owner "root"
systemd_service "planetdump@" do
description "Planet dump for %i"
- user "www-data"
+ user "planet"
exec_start "/usr/local/bin/planetdump %i"
memory_max "64G"
- sandbox true
+ sandbox :enable_network => true
+ protect_home "tmpfs"
+ bind_paths "/home/planet"
read_write_paths [
"/store/planetdump",
"/store/planet/pbf",
action [:enable, :start]
subscribes :restart, "template[/usr/local/bin/planetdump-trigger]"
end
-
-systemd_service "planet-dump-mirror" do
- description "Update planet dump mirrors"
- exec_start "/usr/local/bin/planet-mirror-redirect-update"
- user "www-data"
- sandbox :enable_network => true
- memory_deny_write_execute false
- read_write_paths "/store/planet/.htaccess"
-end
-
-systemd_timer "planet-dump-mirror" do
- description "Update planet dump mirrors"
- on_boot_sec "10min"
- on_unit_inactive_sec "10min"
-end
-
-service "planet-dump-mirror.timer" do
- action [:enable, :start]
-end