X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/45dde9418dd342bb1a632d82559201c0b3becf1a..8e010de9a9d26d57220d326e69bb0440098cf22e:/cookbooks/supybot/recipes/default.rb diff --git a/cookbooks/supybot/recipes/default.rb b/cookbooks/supybot/recipes/default.rb index d1c1ea32d..7545ff331 100644 --- a/cookbooks/supybot/recipes/default.rb +++ b/cookbooks/supybot/recipes/default.rb @@ -17,23 +17,25 @@ # limitations under the License. # +include_recipe "accounts" + users = data_bag_item("supybot", "users") passwords = data_bag_item("supybot", "passwords") -package "supybot" -package "python-git" +package "limnoria" +package "python3-git" directory "/etc/supybot" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end template "/etc/supybot/supybot.conf" do source "supybot.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" variables :passwords => passwords end @@ -41,84 +43,85 @@ template "/etc/supybot/channels.conf" do source "channels.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/git.conf" do source "git.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/ignores.conf" do source "ignores.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/userdata.conf" do source "userdata.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/users.conf" do source "users.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" variables :passwords => users end directory "/var/lib/supybot" do owner "root" group "root" - mode 0o755 + mode "755" end directory "/var/lib/supybot/data" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/lib/supybot/backup" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/lib/supybot/git" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/log/supybot" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/usr/local/lib/supybot" do owner "root" group "root" - mode 0o755 + mode "755" end directory "/usr/local/lib/supybot/plugins" do owner "root" group "root" - mode 0o755 + mode "755" end git "/usr/local/lib/supybot/plugins/Git" do action :sync - repository "git://github.com/openstreetmap/supybot-git" + repository "https://github.com/openstreetmap/supybot-git" revision "master" + depth 1 user "root" group "root" end @@ -128,11 +131,8 @@ systemd_service "supybot" do after "network.target" user "supybot" exec_start "/usr/bin/supybot /etc/supybot/supybot.conf" - private_tmp true - private_devices true - protect_system true - protect_home true - no_new_privileges true + sandbox :enable_network => true + read_write_paths ["/etc/supybot", "/var/lib/supybot", "/var/log/supybot"] restart "on-failure" end