X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/aeaa46f3071de018b5c5e0f5678cb5b4082e3ddc..00bc7e2e46dba86663711b6b020d509ca64ed089:/cookbooks/geodns/recipes/default.rb

diff --git a/cookbooks/geodns/recipes/default.rb b/cookbooks/geodns/recipes/default.rb
index 43643c2f9..8afa85cc5 100644
--- a/cookbooks/geodns/recipes/default.rb
+++ b/cookbooks/geodns/recipes/default.rb
@@ -19,6 +19,10 @@
 
 include_recipe "geoipupdate"
 
+servers = search(:node, "roles:geodns").collect(&:name).sort
+
+servers << "dummy.example.com" if servers.empty?
+
 package %w[
   gdnsd
 ]
@@ -29,7 +33,7 @@ directory "/etc/gdnsd/config.d" do
   mode "755"
 end
 
-%w[tile nominatim].each do |zone|
+%w[nominatim].each do |zone|
   %w[map resource weighted].each do |type|
     template "/etc/gdnsd/config.d/#{zone}.#{type}" do
       action :create_if_missing
@@ -55,6 +59,7 @@ template "/etc/gdnsd/zones/geo.openstreetmap.org" do
   owner "root"
   group "root"
   mode "644"
+  variables :servers => servers
   notifies :restart, "service[gdnsd]"
 end
 
@@ -69,11 +74,8 @@ systemd_service "gdnsd-reload" do
   user "root"
   exec_start "/bin/systemctl reload-or-restart gdnsd"
   standard_output "null"
-  private_tmp true
-  private_devices true
-  protect_system "full"
-  protect_home true
-  no_new_privileges true
+  sandbox true
+  restrict_address_families "AF_UNIX"
 end
 
 systemd_path "gdnsd-reload" do