#
package %w[
- geoip-database-contrib
+ geoipupdate
gdnsd
]
-service "gdnsd" do
- action [:enable, :start]
- supports :status => true, :restart => true, :reload => true
+execute "geoipdate" do
+ command "geoipupdate"
+ user "root"
+ group "root"
+ not_if { ::File.exist?("/var/lib/GeoIP/GeoLite2-Country.mmdb") }
+end
+
+directory "/etc/gdnsd/config.d" do
+ owner "nobody"
+ group "nogroup"
+ mode 0o755
end
template "/etc/gdnsd/config" do
notifies :restart, "service[gdnsd]"
end
+service "gdnsd" do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => true
+end
+
+systemd_service "gdnsd-reload" do
+ description "Reload gdnsd configuration"
+ type "simple"
+ user "root"
+ exec_start "/bin/systemctl reload-or-restart gdnsd"
+ standard_output "null"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
+end
+
+systemd_path "gdnsd-reload" do
+ description "Reload gdnsd configuration"
+ path_changed "/etc/gdnsd/config.d"
+end
+
+service "gdnsd-reload.path" do
+ action [:enable, :start]
+ subscribes :restart, "systemd_path[gdnsd-reload]"
+end
+
firewall_rule "accept-dns-udp" do
action :accept
source "net"