kosmos/strfry-cookbook
8
0
Fork 0
Code Issues Pull Requests Releases 1 Activity

Add stryfry policy option

Browse Source
This commit is contained in:
Râu Cao
2024-06-11 22:55:51 +02:00
parent 65b6d65527
commit a4756377b4
3 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
recipes/default.rb
View File

@@ -55,8 +55,8 @@ group node["strfry"]["group"]
user node["strfry"]["user"] do
gid node["strfry"]["group"]
manage_home false
shell "/usr/sbin/nologin"
manage_home true
shell "/bin/bash"
end
directory node["strfry"]["db_path"] do
@@ -76,7 +76,8 @@ template "/etc/strfry.conf" do
real_ip_header: node["strfry"]["real_ip_header"],
port: node["strfry"]["port"],
nofiles: node["strfry"]["nofiles"],
info: node["strfry"]["info"]
info: node["strfry"]["info"],
policy_path: node["strfry"]["policy_path"]
}
notifies :restart, "service[strfry]", :delayed
end
@@ -97,7 +98,7 @@ systemd_unit "strfry.service" do
ExecStart: "/usr/local/bin/strfry relay",
Restart: "on-failure",
RestartSec: "5",
ProtectHome: "yes",
ProtectHome: "no",
NoNewPrivileges: "yes",
ProtectSystem: "full",
LimitCORE: "1000000000"