X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/1198cc96af6115a360c08e95ecb7654c83f944ef..4a8dfbb37eb52d92e42b71635aca4b0656ef2dbc:/cookbooks/planet/recipes/dump.rb?ds=sidebyside

diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index 1d1d170bf..d56575011 100644
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -21,7 +21,7 @@ node.default[:incron][:planetdump] = {
   :user => "root",
   :path => "/store/backup",
   :events => %w[IN_CREATE IN_MOVED_TO],
-  :command => "/usr/bin/systemctl start planetdump@$#"
+  :command => "/bin/systemctl start planetdump@$#"
 }
 
 include_recipe "git"
@@ -47,18 +47,21 @@ package %w[
   pbzip2
   php-cli
   php-curl
+  mktorrent
+  xmlstarlet
+  libxml2-utils
 ]
 
 directory "/opt/planet-dump-ng" do
   owner "root"
   group "root"
-  mode 0o755
+  mode "755"
 end
 
 git "/opt/planet-dump-ng" do
   action :sync
   repository "https://github.com/zerebubuth/planet-dump-ng.git"
-  revision "v1.1.8"
+  revision "v1.2.6"
   depth 1
   user "root"
   group "root"
@@ -94,7 +97,7 @@ end
 directory "/store/planetdump" do
   owner "www-data"
   group "www-data"
-  mode 0o755
+  mode "755"
   recursive true
 end
 
@@ -103,7 +106,7 @@ end
     source "#{program}.erb"
     owner "root"
     group "root"
-    mode 0o755
+    mode "755"
   end
 end
 
@@ -112,12 +115,14 @@ systemd_service "planetdump@" do
   user "www-data"
   exec_start "/usr/local/bin/planetdump %i"
   memory_max "64G"
-  private_tmp true
-  private_devices true
-  private_network true
-  protect_system "full"
-  protect_home true
-  no_new_privileges true
+  sandbox true
+  read_write_paths [
+    "/store/planetdump",
+    "/store/planet/pbf",
+    "/store/planet/planet",
+    "/var/log/exim4",
+    "/var/spool/exim4"
+  ]
 end
 
 cron_d "planet-dump-mirror" do