X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/28326173066466bb20f54bad702b2885b64f925c..7ed67786891a4aae8d8fafad66ba7e2edd0b9449:/cookbooks/mediawiki/recipes/default.rb?ds=inline diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb index 1857ff0bd..d784e7b7f 100644 --- a/cookbooks/mediawiki/recipes/default.rb +++ b/cookbooks/mediawiki/recipes/default.rb @@ -41,6 +41,7 @@ package %w[ composer unzip ffmpeg + firejail ] # Mediawiki enhanced difference engine @@ -82,9 +83,10 @@ apache_module "rewrite" systemd_service "mediawiki-sitemap@" do description "Generate sitemap.xml for %i" - exec_start "/usr/bin/nice /usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/generateSitemap.php --server=https://%i --urlpath=https://%i/ --fspath=/srv/%i --quiet --skip-redirects" + exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/generateSitemap.php --server=https://%i --urlpath=https://%i/ --fspath=/srv/%i --quiet --skip-redirects" user node[:mediawiki][:user] - sandbox true + nice 10 + sandbox :enable_network => true memory_deny_write_execute false restrict_address_families "AF_UNIX" read_write_paths "/srv/%i" @@ -97,9 +99,11 @@ end systemd_service "mediawiki-jobs@" do description "Run mediawiki jobs for %i" - exec_start "/usr/bin/nice /usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=175 --memory-limit=2048M --procs=8 --nothrottle --quiet" + exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=175 --memory-limit=2048M --procs=8" user node[:mediawiki][:user] - sandbox true + nice 10 + runtime_max_sec 3600 + sandbox :enable_network => true memory_deny_write_execute false restrict_address_families "AF_UNIX" read_write_paths "/srv/%i" @@ -113,11 +117,14 @@ end systemd_service "mediawiki-email-jobs@" do description "Run mediawiki email jobs for %i" - exec_start "/usr/bin/nice /usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=55 --type=enotifNotify --memory-limit=2048M --procs=4 --nothrottle --quiet" + exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=55 --type=enotifNotify --memory-limit=2048M --procs=4" user node[:mediawiki][:user] + nice 10 + runtime_max_sec 3600 sandbox :enable_network => true memory_deny_write_execute false restrict_address_families "AF_UNIX" + read_write_paths "/srv/%i" end systemd_timer "mediawiki-email-jobs@" do @@ -126,20 +133,6 @@ systemd_timer "mediawiki-email-jobs@" do on_unit_inactive_sec "1m" end -systemd_service "mediawiki-refresh-links@" do - description "Refresh mediawiki links for %i" - exec_start "/usr/bin/nice /usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/refreshLinks.php --server=https://%i --memory-limit=2048M --quiet" - user node[:mediawiki][:user] - sandbox true - memory_deny_write_execute false - restrict_address_families "AF_UNIX" -end - -systemd_timer "mediawiki-refresh-links@" do - description "Refresh mediawiki links for %i" - on_calendar "Sat 00:05" -end - systemd_service "mediawiki-cleanup-gs" do description "Clean up imagemagick gs_* files" exec_start "/usr/bin/find /tmp -maxdepth 1 -type f -user www-data -mmin +90 -name 'gs_*' -delete"