# limitations under the License.
#
-include_recipe "apt"
+include_recipe "apt::maxmind"
license_keys = data_bag_item("geoipupdate", "license-keys")
-package "geoip-database" do
- action :purge
-end
-
-package "geoip-database-contrib" do
- action :purge
-end
-
-package "geoipupdate" do
- action :purge
- only_if { ::File.exist?("/etc/cron.d/geoipupdate") }
-end
-
package "geoipupdate"
template "/etc/GeoIP.conf" do
command "geoipupdate"
user "root"
group "root"
- not_if { ENV.key?("TEST_KITCHEN") || node[:geoipupdate][:editions].all? { |edition| ::File.exist?("/usr/share/GeoIP/#{edition}.mmdb") } }
-end
-
-systemd_service "geoipdate" do
- action :delete
+ not_if { kitchen? || node[:geoipupdate][:editions].all? { |edition| ::File.exist?("#{node[:geoipupdate][:directory]}/#{edition}.mmdb") } }
end
systemd_service "geoipupdate" do
description "Update GeoIP databases"
user "root"
exec_start "/usr/bin/geoipupdate"
- private_tmp true
- private_devices true
- protect_system "strict"
- protect_home true
- read_write_paths "/usr/share/GeoIP"
+ sandbox :enable_network => true
+ read_write_paths node[:geoipupdate][:directory]
end
systemd_timer "geoipupdate" do
description "Update GeoIP databases"
on_boot_sec "15m"
on_unit_active_sec "7d"
- randomized_delay_sec "4h"
+ randomized_delay_sec "5d"
end
service "geoipupdate.timer" do
action [:enable, :start]
end
-
-directory "/var/lib/GeoIP" do
- action :delete
- recursive true
-end