From 88944bed17d94ba419b5a665e65f203346a4c892 Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Mon, 30 Nov 2020 20:31:14 -0700
Subject: [PATCH] Run app-related services under the app user

---
 salt/salt/boussole.service.jinja2                             | 4 +++-
 .../consumers/comment_user_mentions_generator.service.jinja2  | 4 +++-
 salt/salt/consumers/topic_embedly_extractor.service.jinja2    | 4 +++-
 .../topic_interesting_activity_updater.service.jinja2         | 4 +++-
 salt/salt/consumers/topic_metadata_generator.service.jinja2   | 4 +++-
 salt/salt/consumers/topic_youtube_scraper.service.jinja2      | 4 +++-
 salt/salt/postgresql_redis_bridge.service.jinja2              | 4 +++-
 salt/salt/webassets.service.jinja2                            | 4 +++-
 8 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/salt/salt/boussole.service.jinja2 b/salt/salt/boussole.service.jinja2
index 85c35ae..05c418e 100644
--- a/salt/salt/boussole.service.jinja2
+++ b/salt/salt/boussole.service.jinja2
@@ -1,8 +1,10 @@
-{% from 'common.jinja2' import app_dir -%}
+{% from 'common.jinja2' import app_dir, app_username -%}
 [Unit]
 Description=Boussole - auto-compile SCSS files on change
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}
 Environment="LC_ALL=C.UTF-8" "LANG=C.UTF-8"
 ExecStart=/opt/venvs/boussole/bin/boussole watch --backend=yaml --config=boussole.yaml --poll
diff --git a/salt/salt/consumers/comment_user_mentions_generator.service.jinja2 b/salt/salt/consumers/comment_user_mentions_generator.service.jinja2
index 6623512..352eb76 100644
--- a/salt/salt/consumers/comment_user_mentions_generator.service.jinja2
+++ b/salt/salt/consumers/comment_user_mentions_generator.service.jinja2
@@ -1,4 +1,4 @@
-{% from 'common.jinja2' import app_dir, bin_dir -%}
+{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
 [Unit]
 Description=Comment User Mention Generator (Queue Consumer)
 Requires=redis.service
@@ -6,6 +6,8 @@ After=redis.service
 PartOf=redis.service
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}/consumers
 Environment="INI_FILE={{ app_dir }}/{{ pillar['ini_file'] }}"
 ExecStart={{ bin_dir }}/python comment_user_mentions_generator.py
diff --git a/salt/salt/consumers/topic_embedly_extractor.service.jinja2 b/salt/salt/consumers/topic_embedly_extractor.service.jinja2
index 0663337..a0061ea 100644
--- a/salt/salt/consumers/topic_embedly_extractor.service.jinja2
+++ b/salt/salt/consumers/topic_embedly_extractor.service.jinja2
@@ -1,4 +1,4 @@
-{% from 'common.jinja2' import app_dir, bin_dir -%}
+{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
 [Unit]
 Description=Topic Embedly Extractor (Queue Consumer)
 Requires=redis.service
@@ -6,6 +6,8 @@ After=redis.service
 PartOf=redis.service
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}/consumers
 Environment="INI_FILE={{ app_dir }}/{{ pillar['ini_file'] }}"
 ExecStart={{ bin_dir }}/python topic_embedly_extractor.py
diff --git a/salt/salt/consumers/topic_interesting_activity_updater.service.jinja2 b/salt/salt/consumers/topic_interesting_activity_updater.service.jinja2
index a19c3a3..0cf8fc5 100644
--- a/salt/salt/consumers/topic_interesting_activity_updater.service.jinja2
+++ b/salt/salt/consumers/topic_interesting_activity_updater.service.jinja2
@@ -1,4 +1,4 @@
-{% from 'common.jinja2' import app_dir, bin_dir -%}
+{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
 [Unit]
 Description=Topic Interesting Activity Updater (Queue Consumer)
 Requires=redis.service
@@ -6,6 +6,8 @@ After=redis.service
 PartOf=redis.service
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}/consumers
 Environment="INI_FILE={{ app_dir }}/{{ pillar['ini_file'] }}"
 ExecStart={{ bin_dir }}/python topic_interesting_activity_updater.py
diff --git a/salt/salt/consumers/topic_metadata_generator.service.jinja2 b/salt/salt/consumers/topic_metadata_generator.service.jinja2
index 0545f21..0d20257 100644
--- a/salt/salt/consumers/topic_metadata_generator.service.jinja2
+++ b/salt/salt/consumers/topic_metadata_generator.service.jinja2
@@ -1,4 +1,4 @@
-{% from 'common.jinja2' import app_dir, bin_dir -%}
+{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
 [Unit]
 Description=Topic Metadata Generator (Queue Consumer)
 Requires=redis.service
@@ -6,6 +6,8 @@ After=redis.service
 PartOf=redis.service
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}/consumers
 Environment="INI_FILE={{ app_dir }}/{{ pillar['ini_file'] }}"
 ExecStart={{ bin_dir }}/python topic_metadata_generator.py
diff --git a/salt/salt/consumers/topic_youtube_scraper.service.jinja2 b/salt/salt/consumers/topic_youtube_scraper.service.jinja2
index 4fcf5d0..8623e5e 100644
--- a/salt/salt/consumers/topic_youtube_scraper.service.jinja2
+++ b/salt/salt/consumers/topic_youtube_scraper.service.jinja2
@@ -1,4 +1,4 @@
-{% from 'common.jinja2' import app_dir, bin_dir -%}
+{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
 [Unit]
 Description=Topic Youtube Scraper (Queue Consumer)
 Requires=redis.service
@@ -6,6 +6,8 @@ After=redis.service
 PartOf=redis.service
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}/consumers
 Environment="INI_FILE={{ app_dir }}/{{ pillar['ini_file'] }}"
 ExecStart={{ bin_dir }}/python topic_youtube_scraper.py
diff --git a/salt/salt/postgresql_redis_bridge.service.jinja2 b/salt/salt/postgresql_redis_bridge.service.jinja2
index d972f0e..be2a5f3 100644
--- a/salt/salt/postgresql_redis_bridge.service.jinja2
+++ b/salt/salt/postgresql_redis_bridge.service.jinja2
@@ -1,4 +1,4 @@
-{% from 'common.jinja2' import app_dir, bin_dir -%}
+{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
 [Unit]
 Description=postgresql_redis_bridge - convert NOTIFY to Redis streams
 Requires=redis.service
@@ -6,6 +6,8 @@ After=redis.service
 PartOf=redis.service
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}/scripts
 Environment="INI_FILE={{ app_dir }}/{{ pillar['ini_file'] }}"
 ExecStart={{ bin_dir }}/python postgresql_redis_bridge.py
diff --git a/salt/salt/webassets.service.jinja2 b/salt/salt/webassets.service.jinja2
index 69d47ed..1c3ad7d 100644
--- a/salt/salt/webassets.service.jinja2
+++ b/salt/salt/webassets.service.jinja2
@@ -1,8 +1,10 @@
-{% from 'common.jinja2' import app_dir, bin_dir -%}
+{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
 [Unit]
 Description=Webassets - auto-compile JS files on change
 
 [Service]
+User={{ app_username }}
+Group={{ app_username }}
 WorkingDirectory={{ app_dir }}
 ExecStart={{ bin_dir }}/webassets -c webassets.yaml watch
 Restart=always