Merge remote-tracking branch 'github/pull/501'

author Tom Hughes <tom@compton.nu>

Sun, 26 Jun 2022 19:27:56 +0000 (20:27 +0100)

committer Tom Hughes <tom@compton.nu>

Sun, 26 Jun 2022 19:27:56 +0000 (20:27 +0100)
author Tom Hughes <tom@compton.nu>
Sun, 26 Jun 2022 19:27:56 +0000 (20:27 +0100)
committer Tom Hughes <tom@compton.nu>
Sun, 26 Jun 2022 19:27:56 +0000 (20:27 +0100)
diff --git a/cookbooks/accounts/files/default/matt/.ssh/authorized_keys b/cookbooks/accounts/files/default/matt/.ssh/authorized_keys

index a5f67e78a2ac26650a84124e7e74ca7aabd09ab6..de66ccbbc370fd30d3d4c1f19a623ccdcac586a3 100644 (file)
--- a/cookbooks/accounts/files/default/matt/.ssh/authorized_keys
+++ b/cookbooks/accounts/files/default/matt/.ssh/authorized_keys
@@ -1,2 +1,3 @@
  # DO NOT EDIT - This file is being maintained by Chef - use authorized_keys2 instead
  ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyBrnrkjzAJqXtRP0MFKlc3v4fTnrRzzebIFH8YpFRCaLKpIXWVbg5BqXuxHB/vqf/1Gknycb7bgLPbhWr+b50D+nnodiJ35HPqrQVLG6nsqxnbbVXO1IR7KsctL+Wr3GW5pBeWct9GAALn8ACAR8zZ/4V6qXDgUvh0inefcqpks1YgdPdyAGLMFy7hzI5lY8kGh58kVPXMpyJLVnGX0yUjrip9IkPrGBvMDiGDiPwLOfKGDR0s1An1GK2i4k2rPxkZzdQSbqZXaaCw3MNJkDvwSmQNQp4Rprfy5BqptwJg4PLnGGePfYbzsqYA0/Pq4ccO+NPCDxZxb2XuVjgXEg8Q== matt@horntail.openstreetmap.org
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDntpfnmWsP/9nh3JvT/AuNz3t4azrH54vKLrdtovYQ14QC66GA9EyAJel2eamyhevHQw5JU3Ic6H0ycXZus6QNn5vZKBn72/HXc/mvfRO2F5PvWVVF5LROoe1YBmYJugqpRwFekt9pIs49bbu3lZolnmmVT/uQP3sTFgErc/eqBtzgB+0OYijddQl3otzOZaZh1o4YaUvyutVb8ND3D1xgPxavWKW8B3BTDLF/Lr0wyh+CTWc1LtXVifIWpe9Muv+l+iww8AScyryLdMfcrUY+k76HwmkLbNV01hWMbfnB+4KoshFHnpmFN/Q4maoEXQpwP1II3iEKVs6QWFc4dImREtpiUJm5XeznlmfBuMac2gZPyPqSQPoUmxDTV7+umbcpw5IMGKFom6GJJJN2Az40TqNoQBAwnrJrmxzvLU8POpfYdZZfPLUB8l9nELGvIMhbRTBVpq6t99AxqvHlk3hc6yPTBFfltiBDB62QyOIEggbecnMaD1VvAkrthRITNJ9h0zdvrXM+X0pMo1QM8dBqRvrbBD7fr3gy2Oo+/XMsxf6Q8Fd7iu8oU8HYCwDexqZ8y9Nb54dOglWzSEPsTBAWf6PtBtZaXZ/VnNy3zjnJuOA99STQmqH5OPCY0eg6yRE6TILj9J4wWAXytXL9lF5YAW8JIT4+8pa4WhJoUGQz1w== zerebubuth@gmail.com
diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb

index 5c07ae2314689a1acb1b13afdffa007a8b92c46d..629186fe2ee905eb634a19d6f97c684e4e4968a6 100644 (file)
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -155,6 +155,40 @@ template "/etc/replication/users-agreed.conf" do
    variables :password => db_passwords["planetdiff"]
  end
  
+systemd_service "users-agreed" do
+  description "Update list of users accepting CTs"
+  user "planet"
+  exec_start "/usr/local/bin/users-agreed"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
+end
+
+systemd_timer "users-agreed" do
+  description "Update list of users accepting CTs"
+  on_calendar "7:00"
+end
+
+systemd_service "users-deleted" do
+  description "Update list of deleted users"
+  user "planet"
+  exec_start "/usr/local/bin/users-deleted"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
+end
+
+systemd_timer "users-deleted" do
+  description "Update list of deleted users"
+  on_calendar "17:00"
+end
+
  ## Changeset replication
  
  directory "/store/planet/replication/changesets" do
@@ -171,6 +205,25 @@ template "/etc/replication/changesets.conf" do
    variables :password => db_passwords["planetdiff"]
  end
  
+systemd_service "replication-changesets" do
+  description "Changesets replication"
+  user "planet"
+  exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
+end
+
+systemd_timer "replication-changesets" do
+  description "Changesets replication"
+  on_boot_sec 60
+  on_unit_active_sec 60
+  accuracy_sec 5
+end
+
  ## Minutely replication
  
  directory "/store/planet/replication/minute" do
@@ -342,26 +395,16 @@ end
  ## Enable/disable feeds
  
  if node[:planet][:replication] == "enabled"
-  cron_d "users-agreed" do
-    minute "0"
-    hour "7"
-    user "planet"
-    command "/usr/local/bin/users-agreed"
-    mailto "zerebubuth@gmail.com"
+  service "users-agreed.timer" do
+    action [:enable, :start]
    end
  
-  cron_d "users-deleted" do
-    minute "0"
-    hour "17"
-    user "planet"
-    command "/usr/local/bin/users-deleted"
-    mailto "zerebubuth@gmail.com"
+  service "users-deleted.timer" do
+    action [:enable, :start]
    end
  
-  cron_d "replication-changesets" do
-    user "planet"
-    command "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
-    mailto "zerebubuth@gmail.com"
+  service "replication-changesets.timer" do
+    action [:enable, :start]
    end
  
    service "replication-minutely.timer" do
@@ -380,16 +423,16 @@ if node[:planet][:replication] == "enabled"
      action [:enable, :start]
    end
  else
-  cron_d "users-agreed" do
-    action :delete
+  service "users-agreed.timer" do
+    action [:stop, :disable]
    end
  
-  cron_d "users-deleted" do
-    action :delete
+  service "users-deleted.timer" do
+    action [:stop, :disable]
    end
  
-  cron_d "replication-changesets" do
-    action :delete
+  service "replication-changesets.timer" do
+    action [:stop, :disable]
    end
  
    service "replication-minutely.timer" do
author	Tom Hughes <tom@compton.nu>
	Sun, 26 Jun 2022 19:27:56 +0000 (20:27 +0100)
committer	Tom Hughes <tom@compton.nu>
	Sun, 26 Jun 2022 19:27:56 +0000 (20:27 +0100)
cookbooks/accounts/files/default/matt/.ssh/authorized_keys		patch \| blob \| history
cookbooks/planet/recipes/replication.rb		patch \| blob \| history