X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/29a5abe37175eaa75fdf19cda4cfec57cd387e3c..dac0912b3cd3dd0437a23e83162a79a283d286a0:/cookbooks/mediawiki/recipes/default.rb

diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb
index af0e645a0..0cae80cdc 100644
--- a/cookbooks/mediawiki/recipes/default.rb
+++ b/cookbooks/mediawiki/recipes/default.rb
@@ -87,6 +87,7 @@ systemd_service "mediawiki-sitemap@" do
   nice 10
   sandbox :enable_network => true
   memory_deny_write_execute false
+  restrict_address_families "AF_UNIX"
   read_write_paths "/srv/%i"
 end
 
@@ -102,6 +103,7 @@ systemd_service "mediawiki-jobs@" do
   nice 10
   sandbox :enable_network => true
   memory_deny_write_execute false
+  restrict_address_families "AF_UNIX"
   read_write_paths "/srv/%i"
 end
 
@@ -118,6 +120,8 @@ systemd_service "mediawiki-email-jobs@" do
   nice 10
   sandbox :enable_network => true
   memory_deny_write_execute false
+  restrict_address_families "AF_UNIX"
+  read_write_paths "/srv/%i"
 end
 
 systemd_timer "mediawiki-email-jobs@" do
@@ -128,11 +132,13 @@ end
 
 systemd_service "mediawiki-refresh-links@" do
   description "Refresh mediawiki links for %i"
-  exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/refreshLinks.php --server=https://%i --memory-limit=2048M --quiet"
+  exec_start "/usr/bin/php -d memory_limit=4096M -d error_reporting=22517 /srv/%i/w/maintenance/refreshLinks.php --server=https://%i --memory-limit=2048M --quiet"
   user node[:mediawiki][:user]
   nice 10
   sandbox :enable_network => true
   memory_deny_write_execute false
+  restrict_address_families "AF_UNIX"
+  read_write_paths "/srv/%i"
 end
 
 systemd_timer "mediawiki-refresh-links@" do