Add stryfry policy option

attributes/default.rb

@@ -8,3 +8,4 @@ node.default["strfry"]["db_path"] = "/var/lib/strfry"
 node.default["strfry"]["bind_ip"] = "0.0.0.0"
 node.default["strfry"]["real_ip_header"] = ""
 node.default["strfry"]["info"] = {}
+node.default["strfry"]["policy_path"] = ""

recipes/default.rb

@@ -55,8 +55,8 @@ group node["strfry"]["group"]
 
 user node["strfry"]["user"] do
   gid node["strfry"]["group"]
-  manage_home false
+  manage_home true
-  shell "/usr/sbin/nologin"
+  shell "/bin/bash"
 end
 
 directory node["strfry"]["db_path"] do
@@ -76,7 +76,8 @@ template "/etc/strfry.conf" do
     real_ip_header: node["strfry"]["real_ip_header"],
     port: node["strfry"]["port"],
     nofiles: node["strfry"]["nofiles"],
-    info: node["strfry"]["info"]
+    info: node["strfry"]["info"],
+    policy_path: node["strfry"]["policy_path"]
   }
   notifies :restart, "service[strfry]", :delayed
 end
@@ -97,7 +98,7 @@ systemd_unit "strfry.service" do
       ExecStart: "/usr/local/bin/strfry relay",
       Restart: "on-failure",
       RestartSec: "5",
-      ProtectHome: "yes",
+      ProtectHome: "no",
       NoNewPrivileges: "yes",
       ProtectSystem: "full",
       LimitCORE: "1000000000"

templates/default/strfry.conf.erb

@@ -82,7 +82,7 @@ relay {
 
     writePolicy {
         # If non-empty, path to an executable script that implements the writePolicy plugin logic
-        plugin = ""
+        plugin = "<%= @config[:policy_path] %>"
     }
 
     compression {