Make paths explicit

[chef.git] / cookbooks / planet / recipes / notes.rb

diff --git a/cookbooks/planet/recipes/notes.rb b/cookbooks/planet/recipes/notes.rb
index ffb86243c5f8b766456416a8f9cfb6cfc25466b6..e6329708190daa8201c81069a73dbbb2eade7f37 100644 (file)
--- a/cookbooks/planet/recipes/notes.rb
+++ b/cookbooks/planet/recipes/notes.rb
@@ -17,8 +17,9 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "git"
-include_recipe "awscli"
+include_recipe "planet::aws"
 
 db_passwords = data_bag_item("db", "passwords")
 
@@ -54,8 +55,10 @@ end
 systemd_service "planet-notes-dump" do
   description "Create notes dump"
   exec_start "/usr/local/bin/planet-notes-dump"
-  user "www-data"
+  user "planet"
   sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths "/store/planet/notes"
 end
 
@@ -78,7 +81,7 @@ end
 systemd_service "planet-notes-cleanup" do
   description "Delete old notes dumps"
   exec_start "/usr/local/bin/planet-notes-cleanup"
-  user "www-data"
+  user "planet"
   sandbox true
   read_write_paths "/store/planet/notes"
 end