X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/8635e6f1a4ff863b9f447416f40088dbeedcc7a1..58368b10fb37cfcd56738324f90942a8fd8e3793:/cookbooks/supybot/recipes/default.rb?ds=inline diff --git a/cookbooks/supybot/recipes/default.rb b/cookbooks/supybot/recipes/default.rb index d8e3f8efe..7545ff331 100644 --- a/cookbooks/supybot/recipes/default.rb +++ b/cookbooks/supybot/recipes/default.rb @@ -1,14 +1,14 @@ # -# Cookbook Name:: supybot +# Cookbook:: supybot # Recipe:: default # -# Copyright 2013, OpenStreetMap Foundation +# Copyright:: 2013, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -17,23 +17,25 @@ # limitations under the License. # +include_recipe "accounts" + users = data_bag_item("supybot", "users") passwords = data_bag_item("supybot", "passwords") -package "supybot" -package "python-git" +package "limnoria" +package "python3-git" directory "/etc/supybot" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end template "/etc/supybot/supybot.conf" do source "supybot.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" variables :passwords => passwords end @@ -41,84 +43,85 @@ template "/etc/supybot/channels.conf" do source "channels.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/git.conf" do source "git.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/ignores.conf" do source "ignores.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/userdata.conf" do source "userdata.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/users.conf" do source "users.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" variables :passwords => users end directory "/var/lib/supybot" do owner "root" group "root" - mode 0o755 + mode "755" end directory "/var/lib/supybot/data" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/lib/supybot/backup" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/lib/supybot/git" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/log/supybot" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/usr/local/lib/supybot" do owner "root" group "root" - mode 0o755 + mode "755" end directory "/usr/local/lib/supybot/plugins" do owner "root" group "root" - mode 0o755 + mode "755" end git "/usr/local/lib/supybot/plugins/Git" do action :sync - repository "git://github.com/openstreetmap/supybot-git" + repository "https://github.com/openstreetmap/supybot-git" revision "master" + depth 1 user "root" group "root" end @@ -128,11 +131,8 @@ systemd_service "supybot" do after "network.target" user "supybot" exec_start "/usr/bin/supybot /etc/supybot/supybot.conf" - private_tmp true - private_devices true - protect_system true - protect_home true - no_new_privileges true + sandbox :enable_network => true + read_write_paths ["/etc/supybot", "/var/lib/supybot", "/var/log/supybot"] restart "on-failure" end