# limitations under the License.
#
+include_recipe "geoipupdate"
+
+servers = search(:node, "roles:geodns").collect(&:name).sort
+
+servers << "dummy.example.com" if servers.empty?
+
package %w[
- geoipupdate
gdnsd
]
-execute "geoipdate" do
- command "geoipupdate"
- user "root"
- group "root"
- not_if { ::File.exist?("/var/lib/GeoIP/GeoLite2-Country.mmdb") }
-end
-
directory "/etc/gdnsd/config.d" do
owner "nobody"
group "nogroup"
- mode 0o755
+ mode "755"
+end
+
+%w[nominatim].each do |zone|
+ %w[map resource weighted].each do |type|
+ template "/etc/gdnsd/config.d/#{zone}.#{type}" do
+ action :create_if_missing
+ source "zone.#{type}.erb"
+ owner "nobody"
+ group "nogroup"
+ mode "644"
+ variables :zone => zone
+ end
+ end
end
template "/etc/gdnsd/config" do
source "config.erb"
owner "root"
group "root"
- mode 0o644
+ mode "644"
notifies :restart, "service[gdnsd]"
end
source "geo.erb"
owner "root"
group "root"
- mode 0o644
+ mode "644"
+ variables :servers => servers
notifies :restart, "service[gdnsd]"
end
standard_output "null"
private_tmp true
private_devices true
- protect_system "full"
+ protect_system "strict"
protect_home true
no_new_privileges true
end