From bdac443c16db45bf4462f09e33c311b912c2c804 Mon Sep 17 00:00:00 2001 From: Brett Smith Date: Sat, 23 Nov 2019 18:20:09 -0500 Subject: [PATCH] systemd: Replace cron infrastructure. --- cron/cron.d/website-update | 1 - cron/cron.monthly/django-cleanup | 20 -------------- systemd/conservancy-www-cleanup.service | 26 +++++++++++++++++++ systemd/conservancy-www-update.service | 23 ++++++++++++++++ .../conservancy-www-update.sh | 0 systemd/conservancy-www-update.timer | 8 ++++++ 6 files changed, 57 insertions(+), 21 deletions(-) delete mode 100644 cron/cron.d/website-update delete mode 100644 cron/cron.monthly/django-cleanup create mode 100644 systemd/conservancy-www-cleanup.service create mode 100644 systemd/conservancy-www-update.service rename cron/scripts/website-update.sh => systemd/conservancy-www-update.sh (100%) create mode 100644 systemd/conservancy-www-update.timer diff --git a/cron/cron.d/website-update b/cron/cron.d/website-update deleted file mode 100644 index 1842cc08..00000000 --- a/cron/cron.d/website-update +++ /dev/null @@ -1 +0,0 @@ -*/5 * * * * www $HOME/website/cron/scripts/website-update.sh diff --git a/cron/cron.monthly/django-cleanup b/cron/cron.monthly/django-cleanup deleted file mode 100644 index 19f58776..00000000 --- a/cron/cron.monthly/django-cleanup +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Copyright (C) 2008, Jim Garrison - -# Permission to use, copy, modify, distribute and/or distributed modified -# versions of this software for any purpose with or without fee is hereby -# granted, provided that the above copyright notice and this permission -# notice appear in all copies. - -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -# Clean old data from the database (expired admin sessions) -# (see http://www.djangoproject.com/documentation/django-admin/) - -python /var/www/conservancy/manage.py cleanup diff --git a/systemd/conservancy-www-cleanup.service b/systemd/conservancy-www-cleanup.service new file mode 100644 index 00000000..8ce1e325 --- /dev/null +++ b/systemd/conservancy-www-cleanup.service @@ -0,0 +1,26 @@ +[Unit] +Description=Cleanup Conservancy website +Before=apache2.service + +[Service] +Type=oneshot +User=www +ExecStart=/usr/bin/python /var/www/website/www/manage.py clearsessions --verbosity 0 + +SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete +CapabilityBoundingSet= +NoNewPrivileges=true + +PrivateDevices=true +PrivateNetwork=true +PrivateTmp=true +PrivateUsers=true +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +ReadWritePaths=/var/lib/www/database + +[Install] +WantedBy=apache2.service diff --git a/systemd/conservancy-www-update.service b/systemd/conservancy-www-update.service new file mode 100644 index 00000000..a2f363b0 --- /dev/null +++ b/systemd/conservancy-www-update.service @@ -0,0 +1,23 @@ +[Unit] +Description=Update Conservancy website checkout + +[Service] +Type=oneshot +User=www +WorkingDirectory=/var/www/website +ExecStart=/var/www/website/systemd/conservancy-www-update.sh + +SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete +CapabilityBoundingSet= +NoNewPrivileges=true + +PrivateDevices=true +PrivateNetwork=false +PrivateTmp=true +PrivateUsers=false +ProtectControlGroups=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +ReadWritePaths=/var/www/website diff --git a/cron/scripts/website-update.sh b/systemd/conservancy-www-update.sh similarity index 100% rename from cron/scripts/website-update.sh rename to systemd/conservancy-www-update.sh diff --git a/systemd/conservancy-www-update.timer b/systemd/conservancy-www-update.timer new file mode 100644 index 00000000..5d790968 --- /dev/null +++ b/systemd/conservancy-www-update.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Update Conservancy website checkout + +[Timer] +OnCalendar=*:0/5 + +[Install] +WantedBy=timers.target