X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/0448b4742dafcd3cde4869d39b603f6f612c8fa7..cafa41ad8ae8ad9f367b34a0dfcc27161b049eeb:/cookbooks/planet/recipes/dump.rb?ds=sidebyside diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb index fdc9c7c46..39c8196dd 100644 --- a/cookbooks/planet/recipes/dump.rb +++ b/cookbooks/planet/recipes/dump.rb @@ -115,16 +115,31 @@ systemd_service "planetdump@" do user "www-data" exec_start "/usr/local/bin/planetdump %i" memory_max "64G" - private_tmp true - private_devices true - protect_system "full" - protect_home true - read_write_paths "/var/log/exim4" + sandbox true + read_write_paths [ + "/store/planetdump", + "/store/planet/pbf", + "/store/planet/planet", + "/var/log/exim4", + "/var/spool/exim4" + ] end -cron_d "planet-dump-mirror" do - minute "*/10" +systemd_service "planet-dump-mirror" do + description "Update planet dump mirrors" + exec_start "/usr/local/bin/planet-mirror-redirect-update" user "www-data" - command "/usr/local/bin/planet-mirror-redirect-update" - mailto "horntail-www-data-cron@firefishy.com" + sandbox :enable_network => true + memory_deny_write_execute false + read_write_paths "/store/planet/.htaccess" +end + +systemd_timer "planet-dump-mirror" do + description "Update planet dump mirrors" + on_boot_sec "10min" + on_unit_inactive_sec "10min" +end + +service "planet-dump-mirror.timer" do + action [:enable, :start] end