X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/111155132a3e59d63cd3f8c0e1bbf71905c06051..5f6c31a1fa2ffa34a8d2ce071d8e539f74282817:/cookbooks/gps-tile/recipes/default.rb

diff --git a/cookbooks/gps-tile/recipes/default.rb b/cookbooks/gps-tile/recipes/default.rb
index bc4e4c637..1a8cdbce4 100644
--- a/cookbooks/gps-tile/recipes/default.rb
+++ b/cookbooks/gps-tile/recipes/default.rb
@@ -86,6 +86,18 @@ git "/srv/gps-tile.openstreetmap.org/updater" do
   group "gpstile"
 end
 
+directory "/srv/gps-tile.openstreetmap.org/tracks" do
+  owner "gpstile"
+  group "gpstile"
+  mode "755"
+end
+
+directory "/srv/gps-tile.openstreetmap.org/shapes" do
+  owner "gpstile"
+  group "gpstile"
+  mode "755"
+end
+
 systemd_service "gps-update" do
   description "GPS tile update daemon"
   after ["network.target", "memcached.service"]
@@ -94,12 +106,8 @@ systemd_service "gps-update" do
   working_directory "/srv/gps-tile.openstreetmap.org"
   exec_start "/srv/gps-tile.openstreetmap.org/updater/update"
   nice 10
-  private_tmp true
-  private_devices true
-  protect_system "strict"
-  protect_home true
-  read_write_directories "/srv/gps-tile.openstreetmap.org"
-  no_new_privileges true
+  sandbox :enable_network => true
+  read_write_paths "/srv/gps-tile.openstreetmap.org"
   restart "on-failure"
 end