X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/d60d5afdd9dc5db8150d2c2785499f8548548791..6da8c71cb11f27690cb9a3a6cbbbec813e2a3ba2:/cookbooks/supybot/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/supybot/recipes/default.rb b/cookbooks/supybot/recipes/default.rb index 10119e056..7545ff331 100644 --- a/cookbooks/supybot/recipes/default.rb +++ b/cookbooks/supybot/recipes/default.rb @@ -28,14 +28,14 @@ package "python3-git" directory "/etc/supybot" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end template "/etc/supybot/supybot.conf" do source "supybot.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" variables :passwords => passwords end @@ -43,78 +43,78 @@ template "/etc/supybot/channels.conf" do source "channels.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/git.conf" do source "git.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/ignores.conf" do source "ignores.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/userdata.conf" do source "userdata.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" end template "/etc/supybot/users.conf" do source "users.conf.erb" owner "supybot" group "supybot" - mode 0o644 + mode "644" variables :passwords => users end directory "/var/lib/supybot" do owner "root" group "root" - mode 0o755 + mode "755" end directory "/var/lib/supybot/data" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/lib/supybot/backup" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/lib/supybot/git" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/var/log/supybot" do owner "supybot" group "supybot" - mode 0o755 + mode "755" end directory "/usr/local/lib/supybot" do owner "root" group "root" - mode 0o755 + mode "755" end directory "/usr/local/lib/supybot/plugins" do owner "root" group "root" - mode 0o755 + mode "755" end git "/usr/local/lib/supybot/plugins/Git" do @@ -131,11 +131,8 @@ systemd_service "supybot" do after "network.target" user "supybot" exec_start "/usr/bin/supybot /etc/supybot/supybot.conf" - private_tmp true - private_devices true - protect_system true - protect_home true - no_new_privileges true + sandbox :enable_network => true + read_write_paths ["/etc/supybot", "/var/lib/supybot", "/var/log/supybot"] restart "on-failure" end