version "1.0.0"
supports "ubuntu"
depends "apt"
+depends "systemd"
license_keys = data_bag_item("geoipupdate", "license-keys")
+package "geoip-database" do
+ action :purge
+end
+
+package "geoip-database-contrib" do
+ action :purge
+end
+
+package "geoipupdate" do
+ action :purge
+ only_if { ::File.exist?("/etc/cron.d/geoipupdate") }
+end
+
package "geoipupdate"
template "/etc/GeoIP.conf" do
variables :license_keys => license_keys
end
-execute "geoipdate" do
+execute "geoipupdate" do
command "geoipupdate"
user "root"
group "root"
not_if { ENV.key?("TEST_KITCHEN") || node[:geoipupdate][:editions].all? { |edition| ::File.exist?("/usr/share/GeoIP/#{edition}.mmdb") } }
end
+systemd_service "geoipdate" do
+ action :delete
+end
+
+systemd_service "geoipupdate" do
+ description "Update GeoIP databases"
+ user "root"
+ exec_start "/usr/bin/geoipupdate"
+ private_tmp true
+ private_devices true
+ protect_system "strict"
+ protect_home true
+ read_write_paths "/usr/share/GeoIP"
+end
+
+systemd_timer "geoipupdate" do
+ description "Update GeoIP databases"
+ on_boot_sec "15m"
+ on_unit_active_sec "7d"
+ randomized_delay_sec "4h"
+end
+
+service "geoipupdate.timer" do
+ action [:enable, :start]
+end
+
directory "/var/lib/GeoIP" do
action :delete
recursive true
property :private_network, [true, false]
property :protect_system, [TrueClass, FalseClass, String]
property :protect_home, [TrueClass, FalseClass, String]
+property :read_write_paths, [String, Array]
+property :read_only_paths, [String, Array]
+property :inaccessible_paths, [String, Array]
property :restrict_address_families, [String, Array]
property :no_new_privileges, [true, false]
property :tasks_max, Integer
<% if @protect_home -%>
ProtectHome=<%= @protect_home %>
<% end -%>
+<% if @read_write_paths -%>
+ReadWritePaths=<%= Array(@read_write_paths).join(" ") %>
+<% end -%>
+<% if @read_only_paths -%>
+ReadOnlyPaths=<%= Array(@read_only_paths).join(" ") %>
+<% end -%>
+<% if @inaccessible_paths -%>
+InaccessiblePaths=<%= Array(@inaccessible_paths).join(" ") %>
+<% end -%>
<% if @restrict_address_families -%>
RestrictAddressFamilies=<%= Array(@restrict_address_families).join(" ") %>
<% end -%>
ruby#{new_resource.ruby}-dev
imagemagick
nodejs
- geoip-database
tzdata
]
line.gsub!(/^( *)#geonames_username:.*$/, "\\1geonames_username: \"openstreetmap\"")
- line.gsub!(/^( *)#geoip_database:.*$/, "\\1geoip_database: \"/usr/share/GeoIP/GeoIPv6.dat\"")
line.gsub!(/^( *)#maxmind_database:.*$/, "\\1maxmind_database: \"/usr/share/GeoIP/GeoLite2-Country.mmdb\"")
if new_resource.gpx_dir
"support_email" => "support@openstreetmap.org",
"email_return_path" => "bounces@openstreetmap.org",
"geonames_username" => "openstreetmap",
- "geoip_database" => "/usr/share/GeoIP/GeoIPv6.dat",
"maxmind_database" => "/usr/share/GeoIP/GeoLite2-Country.mmdb"
)
projects / chef.git / commitdiff