include_recipe "networking"
+writable_paths = []
hosts_allow = {}
hosts_deny = {}
node[:rsyncd][:modules].each do |name, details|
+ writable_paths << details[:path] if details[:write_only]
+
hosts_allow[name] = details[:hosts_allow] || []
if details[:nodes_allow]
package "rsync"
+systemd_service "rsync-override" do
+ service "rsync"
+ dropin "override"
+ exec_start "/usr/bin/rsync --daemon --no-detach"
+ nice 10
+ read_write_paths writable_paths.sort
+ notifies :restart, "service[rsync]"
+end
+
service "rsync" do
action [:enable, :start]
supports :status => true, :restart => true
source "rsync.erb"
owner "root"
group "root"
- mode 0o644
+ mode "644"
notifies :restart, "service[rsync]"
end
source "rsyncd.conf.erb"
owner "root"
group "root"
- mode 0o644
+ mode "644"
variables :hosts_allow => hosts_allow, :hosts_deny => hosts_deny
end
action :accept
source "net"
dest "fw"
- proto "tcp:syn"
+ proto "tcp"
dest_ports "rsync"
- source_ports "1024:"
+ source_ports "1024-65535"
end