3 0 4
Brett Smith (brett) - 12 months ago 2019-11-23 23:20:09
brett@sfconservancy.org
systemd: Replace cron infrastructure.
7 files changed with 57 insertions and 21 deletions:
↑ Collapse Diff ↑
cron/cron.d/website-update
 
deleted file
cron/cron.monthly/django-cleanup
 
deleted file
 
new file 100644
1
 
[Unit]
2
 
Description=Cleanup Conservancy website
3
 
Before=apache2.service
4
 

	
5
 
[Service]
6
 
Type=oneshot
7
 
User=www
8
 
ExecStart=/usr/bin/python /var/www/website/www/manage.py clearsessions --verbosity 0
9
 

	
10
 
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
11
 
CapabilityBoundingSet=
12
 
NoNewPrivileges=true
13
 

	
14
 
PrivateDevices=true
15
 
PrivateNetwork=true
16
 
PrivateTmp=true
17
 
PrivateUsers=true
18
 
ProtectControlGroups=true
19
 
ProtectHome=true
20
 
ProtectKernelModules=true
21
 
ProtectKernelTunables=true
22
 
ProtectSystem=strict
23
 
ReadWritePaths=/var/lib/www/database
24
 

	
25
 
[Install]
26
 
WantedBy=apache2.service
 
new file 100644
1
 
[Unit]
2
 
Description=Update Conservancy website checkout
3
 

	
4
 
[Service]
5
 
Type=oneshot
6
 
User=www
7
 
WorkingDirectory=/var/www/website
8
 
ExecStart=/var/www/website/systemd/conservancy-www-update.sh
9
 

	
10
 
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
11
 
CapabilityBoundingSet=
12
 
NoNewPrivileges=true
13
 

	
14
 
PrivateDevices=true
15
 
PrivateNetwork=false
16
 
PrivateTmp=true
17
 
PrivateUsers=false
18
 
ProtectControlGroups=true
19
 
ProtectHome=true
20
 
ProtectKernelModules=true
21
 
ProtectKernelTunables=true
22
 
ProtectSystem=strict
23
 
ReadWritePaths=/var/www/website
 
file renamed from cron/scripts/website-update.sh to systemd/conservancy-www-update.sh
 
new file 100644
1
 
[Unit]
2
 
Description=Update Conservancy website checkout
3
 

	
4
 
[Timer]
5
 
OnCalendar=*:0/5
6
 

	
7
 
[Install]
8
 
WantedBy=timers.target
0 comments (0 inline, 0 general)