X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/e4e612e66a9f8af22e80da81814f08a66c2555fd..d2d7922d1e3a80d48c78717397236f471a5be506:/cookbooks/kibana/recipes/default.rb

diff --git a/cookbooks/kibana/recipes/default.rb b/cookbooks/kibana/recipes/default.rb
index 8c7db202f..adc39270d 100644
--- a/cookbooks/kibana/recipes/default.rb
+++ b/cookbooks/kibana/recipes/default.rb
@@ -20,7 +20,7 @@
 
 require "yaml"
 
-include_recipe "apache::ssl"
+include_recipe "apache"
 
 apache_module "proxy_http"
 
@@ -68,6 +68,11 @@ systemd_service "kibana@" do
   after "network.target"
   user "kibana"
   exec_start "/opt/kibana-#{version}/bin/kibana -c /etc/kibana/%i.yml"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
   restart "on-failure"
 end
 
@@ -89,11 +94,11 @@ node[:kibana][:sites].each do |name, details|
   service "kibana@#{name}" do
     action [:enable, :start]
     supports :status => true, :restart => true, :reload => false
+    subscribes :restart, "systemd_service[kibana@]"
   end
 
   ssl_certificate details[:site] do
     domains details[:site]
-    fallback_certificate "openstreetmap"
     notifies :reload, "service[apache2]"
   end