#
-# Cookbook Name:: geodns
+# Cookbook:: geodns
# Recipe:: default
#
-# Copyright 2011, OpenStreetMap Foundation
+# Copyright:: 2011, OpenStreetMap Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
#
+include_recipe "geoipupdate"
+
+servers = search(:node, "roles:geodns").collect(&:name).sort
+
+servers << "dummy.example.com" if servers.empty?
+
package %w[
- geoipupdate
gdnsd
]
-execute "geoipdate" do
- command "geoipupdate"
- user "root"
- group "root"
- not_if { ::File.exist?("/var/lib/GeoIP/GeoLite2-Country.mmdb") }
-end
-
directory "/etc/gdnsd/config.d" do
owner "nobody"
group "nogroup"
- mode 0o755
+ mode "755"
+end
+
+%w[nominatim].each do |zone|
+ %w[map resource weighted].each do |type|
+ template "/etc/gdnsd/config.d/#{zone}.#{type}" do
+ action :create_if_missing
+ source "zone.#{type}.erb"
+ owner "nobody"
+ group "nogroup"
+ mode "644"
+ variables :zone => zone
+ end
+ end
end
template "/etc/gdnsd/config" do
source "config.erb"
owner "root"
group "root"
- mode 0o644
+ mode "644"
notifies :restart, "service[gdnsd]"
end
source "geo.erb"
owner "root"
group "root"
- mode 0o644
+ mode "644"
+ variables :servers => servers
notifies :restart, "service[gdnsd]"
end
user "root"
exec_start "/bin/systemctl reload-or-restart gdnsd"
standard_output "null"
- private_tmp true
- private_devices true
- protect_system "full"
- protect_home true
- no_new_privileges true
+ sandbox true
+ restrict_address_families "AF_UNIX"
end
systemd_path "gdnsd-reload" do
projects / chef.git / blobdiff