feat: add systemd timer to run "manage.py remove-pending-sources" daily

freedomofpress · May 30, 2023 · d9eaa4a · d9eaa4a
1 parent f3a4e09
commit d9eaa4a
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/securedrop/debian/app-code/lib/systemd/system/securedrop-remove-pending-sources.service b/securedrop/debian/app-code/lib/systemd/system/securedrop-remove-pending-sources.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=job to remove pending SecureDrop sources daily
+
+[Service]
+ExecStart=/var/www/securedrop/manage.py remove-pending-sources >/dev/null
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=/var/lib/securedrop
+User=www-data
+WorkingDirectory=/var/www/securedrop
diff --git a/securedrop/debian/app-code/lib/systemd/system/securedrop-remove-pending-sources.timer b/securedrop/debian/app-code/lib/systemd/system/securedrop-remove-pending-sources.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=remove pending SecureDrop sources daily
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/securedrop/debian/rules b/securedrop/debian/rules
@@ -68,11 +68,13 @@ override_dh_installinit:
 override_dh_systemd_enable:
 	dh_systemd_enable --no-enable securedrop-submissions-today.service
 	dh_systemd_enable --no-enable securedrop-clean-tmp.service
+	dh_systemd_enable --no-enable securedrop-remove-pending-sources.service
 	dh_systemd_enable
 
 # This is basically the same as the enable stanza above, just whether the
 # unit should be started after installation.
 override_dh_systemd_start:
 	dh_systemd_start --no-start securedrop-submissions-today.service
 	dh_systemd_start --no-start securedrop-clean-tmp.service
+	dh_systemd_start --no-start securedrop-remove-pending-sources.service
 	dh_systemd_start