]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/otrs/recipes/default.rb
Make nftables block various invalid TCP flag combinations
[chef.git] / cookbooks / otrs / recipes / default.rb
index 4cd24ada6650faa30f3f1c94afdd525d4c817afe..0b391a62cc3479cede8e5b1bfcfe32d962e296eb 100644 (file)
@@ -19,6 +19,7 @@
 
 include_recipe "accounts"
 include_recipe "apache"
 
 include_recipe "accounts"
 include_recipe "apache"
+include_recipe "exim"
 include_recipe "postgresql"
 include_recipe "tools"
 
 include_recipe "postgresql"
 include_recipe "tools"
 
@@ -28,6 +29,8 @@ package "libapache2-mod-perl2"
 package "libapache2-reload-perl"
 
 package %w[
 package "libapache2-reload-perl"
 
 package %w[
+  tar
+  bzip2
   libcrypt-eksblowfish-perl
   libdatetime-perl
   libgd-gd2-perl
   libcrypt-eksblowfish-perl
   libdatetime-perl
   libgd-gd2-perl
@@ -35,6 +38,7 @@ package %w[
   libgd-text-perl
   libjson-xs-perl
   libmail-imapclient-perl
   libgd-text-perl
   libjson-xs-perl
   libmail-imapclient-perl
+  libmoo-perl
   libnet-ldap-perl
   libpdf-api2-perl
   libsoap-lite-perl
   libnet-ldap-perl
   libpdf-api2-perl
   libsoap-lite-perl
@@ -115,10 +119,9 @@ systemd_service "otrs" do
   group "otrs"
   exec_start "/opt/otrs/bin/otrs.Daemon.pl start"
   private_tmp true
   group "otrs"
   exec_start "/opt/otrs/bin/otrs.Daemon.pl start"
   private_tmp true
-  private_devices true
-  protect_system "full"
+  protect_system "strict"
   protect_home true
   protect_home true
-  no_new_privileges true
+  read_write_paths ["/opt/otrs-#{version}/var", "/var/log/exim4", "/var/spool/exim4"]
 end
 
 service "otrs" do
 end
 
 service "otrs" do