-memcached_servers = node[:web][:memcached_servers]
-
-cgimap_init = edit_file "#{cgimap_directory}/scripts/cgimap.init" do |line|
- line.gsub!(/^CGIMAP_HOST=.*;/, "CGIMAP_HOST=#{database_host};")
- line.gsub!(/^CGIMAP_DBNAME=.*;/, "CGIMAP_DBNAME=openstreetmap;")
- line.gsub!(/^CGIMAP_USERNAME=.*;/, "CGIMAP_USERNAME=rails;")
- line.gsub!(/^CGIMAP_PASSWORD=.*;/, "CGIMAP_PASSWORD=#{db_passwords['rails']};")
- line.gsub!(/^CGIMAP_PIDFILE=.*;/, "CGIMAP_PIDFILE=#{pid_directory}/cgimap.pid;")
- line.gsub!(/^CGIMAP_LOGFILE=.*;/, "CGIMAP_LOGFILE=#{log_directory}/cgimap.log;")
- line.gsub!(/^CGIMAP_MEMCACHE=.*;/, "CGIMAP_MEMCACHE=#{memcached_servers.join(',')};")
- line.gsub!(/^CGIMAP_RATELIMIT=.*;/, "CGIMAP_RATELIMIT=204800;")
-
- line.gsub!(%r{--pidfile \$CGIMAP_PIDFILE --exec /home/rails/bin/openstreetmap-cgimap}, "--pidfile $CGIMAP_PIDFILE")
-
- line.gsub!(%r{/home/rails/bin/openstreetmap-cgimap}, "#{cgimap_directory}/openstreetmap-cgimap")
-
- if database_readonly
- line.gsub!(/--daemon/, "--daemon --readonly")
- end
-
- line
-end
-
-file "/etc/init.d/cgimap" do
- owner "root"
- group "root"
- mode 0o755
- content cgimap_init
+memcached_servers = node[:web][:memcached_servers] || []
+
+switches = database_readonly ? " --readonly" : ""
+
+systemd_service "cgimap" do
+ description "OpenStreetMap API Server"
+ type "forking"
+ environment_file "CGIMAP_HOST" => database_host,
+ "CGIMAP_DBNAME" => "openstreetmap",
+ "CGIMAP_USERNAME" => "cgimap",
+ "CGIMAP_PASSWORD" => db_passwords["cgimap"],
+ "CGIMAP_OAUTH_HOST" => node[:web][:database_host],
+ "CGIMAP_UPDATE_HOST" => node[:web][:database_host],
+ "CGIMAP_PIDFILE" => "#{node[:web][:pid_directory]}/cgimap.pid",
+ "CGIMAP_LOGFILE" => "#{node[:web][:log_directory]}/cgimap.log",
+ "CGIMAP_MEMCACHE" => memcached_servers.join(","),
+ "CGIMAP_RATELIMIT" => "204800",
+ "CGIMAP_MAXDEBT" => "250"
+ user "rails"
+ exec_start "/usr/bin/openstreetmap-cgimap --daemon --port 8000 --instances 30#{switches}"
+ exec_reload "/bin/kill -HUP $MAINPID"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
+ restart "on-failure"
+ pid_file "#{node[:web][:pid_directory]}/cgimap.pid"