description "Update GeoIP databases"
user "root"
exec_start "/usr/bin/geoipupdate"
- private_tmp true
- private_devices true
- protect_system "strict"
- protect_home true
+ sandbox :enable_network => true
read_write_paths node[:geoipupdate][:directory]
- no_new_privileges true
end
systemd_timer "geoipupdate" do
description "Update GeoIP databases"
on_boot_sec "15m"
on_unit_active_sec "7d"
- randomized_delay_sec "4h"
+ randomized_delay_sec "5d"
end
service "geoipupdate.timer" do