service "chef-server" do
action [:enable, :start]
+ subscribes :restart, "systemd_service[chef-server]"
end
apache_module "alias"
after "network.target"
user "kibana"
exec_start "/opt/kibana-#{version}/bin/kibana -c /etc/kibana/%i.yml"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
restart "on-failure"
end
service "kibana@#{name}" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => false
+ subscribes :restart, "systemd_service[kibana@]"
end
ssl_certificate details[:site] do
exec_start "/usr/sbin/squid -N $SQUID_ARGS"
exec_reload "/usr/sbin/squid -k reconfigure"
exec_stop "/usr/sbin/squid -k shutdown"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
restart "on-failure"
timeout_sec 0
end
private_network true
protect_system "full"
protect_home true
+ no_new_privileges true
restart "on-failure"
end
service "renderd" do
action [:enable, :start]
+ subscribes :restart, "systemd_service[renderd]"
end
directory "/srv/tile.openstreetmap.org/tiles" do
private_devices true
protect_system "full"
protect_home true
+ no_new_privileges true
restart "on-failure"
end
private_devices true
protect_system "full"
protect_home true
+ no_new_privileges true
restart "on-failure"
pid_file "#{node[:web][:pid_directory]}/cgimap.pid"
end
private_network true
protect_system "full"
protect_home true
+ no_new_privileges true
restart "on-failure"
end
projects / chef.git / commitdiff