Commit 324242e4 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

archweb: add planet functionality related service/timers

parent 411a5c58
......@@ -43,7 +43,7 @@
- { role: uwsgi, tags: ['uwsgi'] }
- { role: php-fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'pdo_pgsql', 'pgsql', 'sockets', 'zip'], zend_extensions: ['opcache'], tags: ["php-fpm"] }
- { role: memcached, tags: ['memcached'] }
- { role: archweb, tags: ["archweb"] }
- { role: archweb, archweb_planet: true, tags: ["archweb"] }
- role: security_tracker
security_tracker_domain: "security.archlinux.org"
security_tracker_nginx_conf: '/etc/nginx/nginx.d/security-tracker.conf'
......
......@@ -165,6 +165,18 @@
- daemon reload
when: archweb_services or archweb_populate_signoffs
- name: install planet service
template: src="archweb-planet.service.j2" dest="/etc/systemd/system/archweb-planet.service" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_planet
- name: install planet timer
template: src="archweb-planet.timer.j2" dest="/etc/systemd/system/archweb-planet.timer" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_planet
- name: install pgp_import service
template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
notify:
......@@ -273,6 +285,10 @@
service: name="archweb-populate_signoffs.timer" enabled=yes state=started
when: archweb_services or archweb_populate_signoffs
- name: start and enable archweb planet timer
service: name="archweb-planet.timer" enabled=yes state=started
when: archweb_planet
- name: start and enable archweb donor_import timer
service: name="archweb-donor_import.timer" enabled=yes state=started
when: archweb_donor_import|bool
......
[Unit]
Description=archweb update planet service
After=network.target
[Service]
Type=oneshot
User=archweb
WorkingDirectory={{ archweb_dir }}
ExecStart={{ archweb_dir }}/env/bin/python manage.py update_planet -v3
ProtectSystem=full
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
NoNewPrivileges=true
RestrictRealtime=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
[Unit]
Description=archweb planet timer
[Timer]
OnUnitActiveSec=60m
OnBootSec=15min
RandomizedDelaySec=1min
[Install]
WantedBy=timers.target
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment