- exec_start_pre "/bin/rm -f /run/mapserver-fastcgi/layer-#{new_resource.site}.socket"
- exec_start "/usr/bin/spawn-fcgi -n -b 8192 -s /run/mapserver-fastcgi/layer-#{new_resource.site}.socket -M 0666 -P /run/mapserver-fastcgi/layer-#{new_resource.site}.pid -- /usr/bin/multiwatch -f 8 --signal=TERM -- /usr/lib/cgi-bin/mapserv"
- private_tmp true
- private_devices true
- private_network true
- protect_system "full"
- protect_home true
- no_new_privileges true
- restart "always"
- pid_file "/run/mapserver-fastcgi/layer-#{new_resource.site}.pid"
+ exec_start "/usr/bin/multiwatch -f 8 --signal=TERM -- /usr/lib/cgi-bin/mapserv"
+ standard_input "socket"
+ sandbox true
+ restrict_address_families "AF_UNIX"
+ not_if { new_resource.uses_tiler }
+ end
+
+ systemd_socket "mapserv-fcgi-#{new_resource.site}" do
+ description "Map server for #{new_resource.site} layer socket"
+ socket_user "imagery"
+ socket_group "imagery"
+ listen_stream "/run/mapserver-fastcgi/layer-#{new_resource.site}.socket"
+ not_if { new_resource.uses_tiler }