From 0448b4742dafcd3cde4869d39b603f6f612c8fa7 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 2 Nov 2022 20:48:26 +0000
Subject: [PATCH] Add private_devices to some additional services

---
 cookbooks/otrs/recipes/default.rb      | 1 +
 cookbooks/planet/recipes/dump.rb       | 1 +
 cookbooks/prometheus/recipes/server.rb | 1 +
 3 files changed, 3 insertions(+)

diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb
index a42e22eb0..d124bf43a 100644
--- a/cookbooks/otrs/recipes/default.rb
+++ b/cookbooks/otrs/recipes/default.rb
@@ -119,6 +119,7 @@ systemd_service "otrs" do
   group "otrs"
   exec_start "/opt/otrs/bin/otrs.Daemon.pl start"
   private_tmp true
+  private_devices true
   protect_system "full"
   protect_home true
   read_write_paths "/var/log/exim4"
diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index 345da7548..fdc9c7c46 100644
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -116,6 +116,7 @@ systemd_service "planetdump@" do
   exec_start "/usr/local/bin/planetdump %i"
   memory_max "64G"
   private_tmp true
+  private_devices true
   protect_system "full"
   protect_home true
   read_write_paths "/var/log/exim4"
diff --git a/cookbooks/prometheus/recipes/server.rb b/cookbooks/prometheus/recipes/server.rb
index 6414b4bba..eff5a0fee 100644
--- a/cookbooks/prometheus/recipes/server.rb
+++ b/cookbooks/prometheus/recipes/server.rb
@@ -159,6 +159,7 @@ systemd_service "promscale" do
   exec_start "/opt/promscale/bin/promscale --db.uri postgresql:///promscale?host=/run/postgresql&port=5432 --db.connections-max 400"
   limit_nofile 16384
   private_tmp true
+  protect_devices true
   protect_system "strict"
   protect_home true
   no_new_privileges true
-- 
2.43.2