X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/db8cff3ccb090c53b831f7f5e0b3a7f7e3d858c8..794cc957324de66edab45373053be3e601090f1f:/cookbooks/blogs/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/blogs/recipes/default.rb b/cookbooks/blogs/recipes/default.rb index c4d425a56..0fb2cc7aa 100644 --- a/cookbooks/blogs/recipes/default.rb +++ b/cookbooks/blogs/recipes/default.rb @@ -42,22 +42,24 @@ git "/srv/blogs.openstreetmap.org" do depth 1 user "blogs" group "blogs" - notifies :run, "bundle_install[/srv/blogs.openstreetmap.org]", :immediately end bundle_install "/srv/blogs.openstreetmap.org" do action :nothing - options "--deployment" - user "root" - group "root" - notifies :run, "bundle_exec[/srv/blogs.openstreetmap.org]", :immediately + options "--deployment --without development test" + environment "BUNDLE_PATH" => "vendor/bundle" + user "blogs" + group "blogs" + subscribes :run, "git[/srv/blogs.openstreetmap.org]", :immediately end bundle_exec "/srv/blogs.openstreetmap.org" do action :nothing command "pluto build -t osm -o build" + environment "BUNDLE_PATH" => "vendor/bundle" user "blogs" group "blogs" + subscribes :run, "git[/srv/blogs.openstreetmap.org]", :immediately end ssl_certificate "blogs.openstreetmap.org" do @@ -82,12 +84,8 @@ systemd_service "blogs-update" do description "Update blog aggregator" exec_start "/usr/local/bin/blogs-update" user "blogs" - private_tmp true - private_devices true - protect_system "strict" - protect_home true + sandbox :enable_network => true read_write_paths "/srv/blogs.openstreetmap.org" - no_new_privileges true end systemd_timer "blogs-update" do