Fix access to AWS credentials for planet services

author Tom Hughes <tom@compton.nu>

Sun, 24 Sep 2023 09:55:38 +0000 (10:55 +0100)

committer Tom Hughes <tom@compton.nu>

Sun, 24 Sep 2023 09:55:38 +0000 (10:55 +0100)
author Tom Hughes <tom@compton.nu>
Sun, 24 Sep 2023 09:55:38 +0000 (10:55 +0100)
committer Tom Hughes <tom@compton.nu>
Sun, 24 Sep 2023 09:55:38 +0000 (10:55 +0100)
diff --git a/cookbooks/planet/recipes/notes.rb b/cookbooks/planet/recipes/notes.rb

index f3c91a3e021280db19705cd4091f1ba835b74925..e6329708190daa8201c81069a73dbbb2eade7f37 100644 (file)
--- a/cookbooks/planet/recipes/notes.rb
+++ b/cookbooks/planet/recipes/notes.rb
@@ -57,7 +57,9 @@ systemd_service "planet-notes-dump" do
    exec_start "/usr/local/bin/planet-notes-dump"
    user "planet"
    sandbox :enable_network => true
-  read_write_paths ["/store/planet/notes", "/home/planet/.aws"]
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
+  read_write_paths "/store/planet/notes"
  end
  
  systemd_timer "planet-notes-dump" do
diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb

index 0a25ad959bc44cc9756f5c0fbfd477543b8eed3c..e0a3bcc7e7c6a815dba9d250fa92a9716b9f681a 100644 (file)
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -207,8 +207,9 @@ systemd_service "replication-changesets" do
    user "planet"
    exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
    sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
    read_write_paths [
-    "/home/planet/.aws",
      "/run/replication",
      "/store/planet/replication/changesets"
    ]
author	Tom Hughes <tom@compton.nu>
	Sun, 24 Sep 2023 09:55:38 +0000 (10:55 +0100)
committer	Tom Hughes <tom@compton.nu>
	Sun, 24 Sep 2023 09:55:38 +0000 (10:55 +0100)
cookbooks/planet/recipes/notes.rb		patch \| blob \| history
cookbooks/planet/recipes/replication.rb		patch \| blob \| history