Revert "Disable OAuth 1.0a and basic authentication"

This reverts commit f62b7a4fe91bc06c6d58dbf48e1abc94907a1a08.

diff --git a/Gemfile.lock b/Gemfile.lock
index 24ff1f177d7956fca27ec584b2dc379b92d061f2..e7a993a618ff8287463d605178a9b1a91db7146e 100644 (file)
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -270,7 +270,7 @@ GEM
     azure_mgmt_storage (0.23.0)
       ms_rest_azure (~> 0.12.0)
     base64 (0.2.0)
-    bcrypt_pbkdf (1.1.0)
+    bcrypt_pbkdf (1.1.1)
     bigdecimal (3.1.8)
     bson (4.15.0)
     builder (3.2.4)
@@ -399,10 +399,9 @@ GEM
       concurrent-ruby (~> 1.0)
     ice_nine (0.11.2)
     inifile (3.0.0)
-    inspec (5.22.40)
-      cookstyle
+    inspec (5.22.50)
       faraday_middleware (>= 0.12.2, < 1.3)
-      inspec-core (= 5.22.40)
+      inspec-core (= 5.22.50)
       mongo (= 2.13.2)
       progress_bar (~> 1.3.3)
       rake
@@ -411,9 +410,10 @@ GEM
       train-habitat (~> 0.1)
       train-kubernetes (~> 0.1)
       train-winrm (~> 0.2)
-    inspec-core (5.22.40)
+    inspec-core (5.22.50)
       addressable (~> 2.4)
       chef-telemetry (~> 1.0, >= 1.0.8)
+      cookstyle
       faraday (>= 1, < 3)
       faraday-follow_redirects (~> 0.3)
       hashie (>= 3.4, < 6.0)
@@ -470,7 +470,7 @@ GEM
       multi_json (~> 1.14)
     method_source (1.1.0)
     mini_mime (1.1.5)
-    minitest (5.23.0)
+    minitest (5.23.1)
     mixlib-config (3.0.27)
       tomlrb
     mixlib-install (3.12.30)
@@ -518,7 +518,7 @@ GEM
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (5.0.5)
-    racc (1.7.3)
+    racc (1.8.0)
     rainbow (3.1.1)
     rake (13.2.1)
     recursive-open-struct (1.1.3)

diff --git a/cookbooks/accounts/files/default/jon/.ssh/authorized_keys b/cookbooks/accounts/files/default/jon/.ssh/authorized_keys
new file mode 100644 (file)
index 0000000..d2ff782
--- /dev/null
+++ b/cookbooks/accounts/files/default/jon/.ssh/authorized_keys
@@ -0,0 +1,3 @@
+# DO NOT EDIT - This file is being maintained by Chef - use authorized_keys2 instead
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7+XFfUNpROjhV1dHafBcioRITxmRP4BLQYJxrYNzoD jon@zabuntu
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCjdLPoR/7Q/fJ6vJNJRuyVEwUOx4+p2rRWgvQQ16zv1WP6lNObtolWK2RAqswu4xs7hvkT2uHasHiwhIDy2UjHFn6cshJdCsAPwrCbBXftLPat2du1Ip4tma9WmxE1fKveOHK8atzLhwZ8afU7wBMvXm9CD2zcQrAwrHFJynI/IQhXucsPqtL3prESstFHocQ3LLr48UmrGFVSH+hdxIurDkOK1JSDoejZvmiA2yUVZ5qgYZErI9cuqU/CumqCUAtPnR8EH+BFnI85Hg3FWiYQMy8rZQCFPdzihBIp8bOnaWqUEzmCpA8eBCiGB4VF2X3b0NKZEZVz6lTczCiORIDsaermy2+MUj7e7B49NenVxH92S67gjmT+5H2XCvFrV0bKAuFdfueLQYPg9oWHNZ6tkLvEh7rkStGRD3pCAnqL7n6/EFlMNJp/QaY87+FivCVLP9Po+GHZoSlEIkZPU8JAncnulbD0Ru7jbkz3e8XapAg58f/LOQuHpiltBMI4hHM= jon@aeroplane

diff --git a/cookbooks/accounts/files/default/tomh/.vimrc b/cookbooks/accounts/files/default/tomh/.vimrc
index fb885084462a411e7c5874fc4a07356dd3ee9788..2905b098ccc626c9e4b6f376765e37f2b9aeb99f 100644 (file)
--- a/cookbooks/accounts/files/default/tomh/.vimrc
+++ b/cookbooks/accounts/files/default/tomh/.vimrc
@@ -1,2 +1,5 @@
 " Force vim mode
 set nocompatible
+
+" Stop vim stealing the mouse
+set mouse=

diff --git a/cookbooks/apache/templates/default/brotli.conf.erb b/cookbooks/apache/templates/default/brotli.conf.erb
index 3bf3dfcd2e76b601fd37e69df0fe19a9bb7cf12d..aec7e0a1df5902074f69b5f0abd04f204f1822b8 100644 (file)
--- a/cookbooks/apache/templates/default/brotli.conf.erb
+++ b/cookbooks/apache/templates/default/brotli.conf.erb
@@ -7,6 +7,7 @@
                AddOutputFilterByType BROTLI_COMPRESS application/rss+xml
                AddOutputFilterByType BROTLI_COMPRESS application/wasm
                AddOutputFilterByType BROTLI_COMPRESS application/xml
+               AddOutputFilterByType BROTLI_COMPRESS application/json
                AddOutputFilterByType BROTLI_COMPRESS image/svg+xml
        </IfModule>
 </IfModule>

diff --git a/cookbooks/apache/templates/default/deflate.conf.erb b/cookbooks/apache/templates/default/deflate.conf.erb
index 9f9bda5f9aabde23551f341edbbe6bef8e58a99e..915d4b39613c60aa7d83536997c0976ab067fd29 100644 (file)
--- a/cookbooks/apache/templates/default/deflate.conf.erb
+++ b/cookbooks/apache/templates/default/deflate.conf.erb
@@ -7,6 +7,7 @@
                AddOutputFilterByType DEFLATE application/rss+xml
                AddOutputFilterByType DEFLATE application/wasm
                AddOutputFilterByType DEFLATE application/xml
+               AddOutputFilterByType DEFLATE application/json
                AddOutputFilterByType DEFLATE image/svg+xml
        </IfModule>
 </IfModule>

diff --git a/cookbooks/apache/templates/default/evasive.conf.erb b/cookbooks/apache/templates/default/evasive.conf.erb
index 0f6b37b08252fc9bd333a778f75535737bf07ea9..7a0303374eecef7e225ffb90d8dea53507883787 100644 (file)
--- a/cookbooks/apache/templates/default/evasive.conf.erb
+++ b/cookbooks/apache/templates/default/evasive.conf.erb
@@ -7,4 +7,5 @@
     DOSPageInterval <%= node[:apache][:evasive][:page_interval] %>
     DOSSiteInterval <%= node[:apache][:evasive][:site_interval] %>
     DOSBlockingPeriod <%= node[:apache][:evasive][:blocking_period] %>
+    DOSHTTPResponseCode 429
 </IfModule>

diff --git a/cookbooks/civicrm/attributes/default.rb b/cookbooks/civicrm/attributes/default.rb
index b873c570b7a2b82f47dbfb8d083434b44d45c557..2ef110a2f75ca8e57a4e113bfb5f8b2bef1e747c 100644 (file)
--- a/cookbooks/civicrm/attributes/default.rb
+++ b/cookbooks/civicrm/attributes/default.rb
@@ -1,5 +1,5 @@
 # See https://docs.civicrm.org/installation/en/latest/general/requirements/ for required php versions
-default[:civicrm][:version] = "5.73.1"
+default[:civicrm][:version] = "5.73.2"
 
 # was used for SotM
 # default[:civicrm][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount"
@@ -68,7 +68,7 @@ default[:civicrm][:extensions][:omnipay][:revision] = "3.23"
 # Pay with Stripe
 default[:civicrm][:extensions][:stripe][:name] = "com.drastikbydesign.stripe"
 default[:civicrm][:extensions][:stripe][:repository] = "https://lab.civicrm.org/extensions/stripe.git"
-default[:civicrm][:extensions][:stripe][:revision] = "6.9.4"
+default[:civicrm][:extensions][:stripe][:revision] = "6.10.2"
 
 # Stripe requires mjwshared ("payment shared")
 default[:civicrm][:extensions][:mjwshared][:name] = "com.mjwconsult.mjwshared"

diff --git a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
index 2251b92d1754ae5eb6d5ad06e7abb6a566657923..dd124dabdd91900a8b7157c52b9004649fcff04b 100644 (file)
--- a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
+++ b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
@@ -73,12 +73,6 @@ host pdu2.dub.openstreetmap.org {
   fixed-address pdu2.dub.openstreetmap.org;
 }
 
-host clifford.oob.openstreetmap.org {
-  hardware ethernet 1c:c1:de:78:20:d6;
-  server-name "clifford.oob.openstreetmap.org";
-  fixed-address clifford.oob.openstreetmap.org;
-}
-
 host culebre.oob.openstreetmap.org {
   hardware ethernet 3c:ec:ef:2f:29:41;
   server-name "culebre.oob.openstreetmap.org";
@@ -181,12 +175,6 @@ host naga.oob.openstreetmap.org {
   fixed-address naga.oob.openstreetmap.org;
 }
 
-host noquiklos.oob.openstreetmap.org {
-  hardware ethernet 18:a9:05:70:b0:1e;
-  server-name "noquiklos.oob.openstreetmap.org";
-  fixed-address noquiklos.oob.openstreetmap.org;
-}
-
 host norbert.oob.openstreetmap.org {
   hardware ethernet 3c:ec:ef:82:ac:cf;
   server-name "norbert.oob.openstreetmap.org";
@@ -199,24 +187,12 @@ host odin.oob.openstreetmap.org {
   fixed-address odin.oob.openstreetmap.org;
 }
 
-host pummelzacken.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:cf:72:73;
-  server-name "pummelzacken.oob.openstreetmap.org";
-  fixed-address pummelzacken.oob.openstreetmap.org;
-}
-
 host ridley.oob.openstreetmap.org {
   hardware ethernet d4:85:64:52:2d:d8;
   server-name "ridley.oob.openstreetmap.org";
   fixed-address ridley.oob.openstreetmap.org;
 }
 
-host sarel.oob.openstreetmap.org {
-  hardware ethernet e8:39:35:b0:ef:d5;
-  server-name "sarel.oob.openstreetmap.org";
-  fixed-address sarel.oob.openstreetmap.org;
-}
-
 host snap-01.oob.openstreetmap.org {
   hardware ethernet 3c:ec:ef:17:a6:72;
   server-name "snap-01.oob.openstreetmap.org";
@@ -283,66 +259,6 @@ host tabaluga.oob.openstreetmap.org {
   fixed-address tabaluga.oob.openstreetmap.org;
 }
 
-host tiamat-00.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:1a:76:01;
-  server-name "tiamat-00.oob.openstreetmap.org";
-  fixed-address tiamat-00.oob.openstreetmap.org;
-}
-
-host tiamat-01.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:1a:75:78;
-  server-name "tiamat-01.oob.openstreetmap.org";
-  fixed-address tiamat-01.oob.openstreetmap.org;
-}
-
-host tiamat-02.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:1f:10:e3;
-  server-name "tiamat-02.oob.openstreetmap.org";
-  fixed-address tiamat-02.oob.openstreetmap.org;
-}
-
-host tiamat-03.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:1a:75:74;
-  server-name "tiamat-03.oob.openstreetmap.org";
-  fixed-address tiamat-03.oob.openstreetmap.org;
-}
-
-host tiamat-11.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:2c:cd:68;
-  server-name "tiamat-11.oob.openstreetmap.org";
-  fixed-address tiamat-11.oob.openstreetmap.org;
-}
-
-host tiamat-12.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:1f:0a:9c;
-  server-name "tiamat-12.oob.openstreetmap.org";
-  fixed-address tiamat-12.oob.openstreetmap.org;
-}
-
-host tiamat-13.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:1f:17:ed;
-  server-name "tiamat-13.oob.openstreetmap.org";
-  fixed-address tiamat-13.oob.openstreetmap.org;
-}
-
-host tiamat-21.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:29:a8:d7;
-  server-name "tiamat-21.oob.openstreetmap.org";
-  fixed-address tiamat-21.oob.openstreetmap.org;
-}
-
-host tiamat-22.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:29:a8:01;
-  server-name "tiamat-22.oob.openstreetmap.org";
-  fixed-address tiamat-22.oob.openstreetmap.org;
-}
-
-host tiamat-23.oob.openstreetmap.org {
-  hardware ethernet 00:25:90:29:a7:ff;
-  server-name "tiamat-23.oob.openstreetmap.org";
-  fixed-address tiamat-23.oob.openstreetmap.org;
-}
-
 host thorn-02.oob.openstreetmap.org {
   hardware ethernet e4:11:5b:ce:e8:aa;
   server-name "thorn-02.oob.openstreetmap.org";

diff --git a/cookbooks/imagery/recipes/gb_os_sv.rb b/cookbooks/imagery/recipes/gb_os_sv.rb
index 4771e81a64f5fef168f34634746a15d39faaafc4..8bfc25f407b206ec3688ba08f7a7608807302ea4 100644 (file)
--- a/cookbooks/imagery/recipes/gb_os_sv.rb
+++ b/cookbooks/imagery/recipes/gb_os_sv.rb
@@ -1195,6 +1195,16 @@ imagery_layer "gb_os_om_local_2023_10" do
   copyright "Contains OS data © Crown copyright and database right 2023"
   background_colour "213 244 248" # OS OpenMap Local Water Blue
   extension "os_om_local_png"
-  url_aliases ["/om-local-2023-10", "/om-local"]
+end
+
+imagery_layer "gb_os_om_local_2024_04" do
+  site "os.openstreetmap.org"
+  title "OS OpenMap Local - April 2024"
+  projection "EPSG:27700"
+  source "/data/imagery/gb/openmap-local/2024-04/os-openmap-local-2024-04.vrt"
+  copyright "Contains OS data © Crown copyright and database right 2024"
+  background_colour "213 244 248" # OS OpenMap Local Water Blue
+  extension "os_om_local_png"
+  url_aliases ["/om-local-2024-04", "/om-local"]
   default_layer true
 end

diff --git a/cookbooks/imagery/templates/default/nginx_imagery_layer_fragment.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery_layer_fragment.conf.erb
index e72a6d7e9c4049052027cd24235e11380eee3a87..428f34eacf94eb9026cd29307b85d456f9cd1e3f 100644 (file)
--- a/cookbooks/imagery/templates/default/nginx_imagery_layer_fragment.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery_layer_fragment.conf.erb
@@ -23,10 +23,14 @@ location ~* "^/layer/<%= @layer %>/(\d+)/(\d+)/(\d+)\.(png|jpg|jpeg)$" {
   proxy_cache_use_stale error timeout updating http_502 http_503 http_504;
   proxy_cache_background_update on;
   proxy_next_upstream error timeout invalid_header http_500 http_503;
+  proxy_next_upstream_timeout 30s;
   proxy_next_upstream_tries 3;
   proxy_intercept_errors on;
-  proxy_next_upstream_timeout 30s;
-
+  proxy_ignore_headers "Cache-Control";
+  proxy_ignore_headers "Expires";
+  proxy_hide_header "Cache-Control";
+  proxy_hide_header "Expires";
+  proxy_hide_header "Access-Control-Allow-Origin";
 <% else -%>
   # Override QUERY_STRING to force mapserver query parameters
   fastcgi_param QUERY_STRING "map=/srv/imagery/mapserver/layer-<%= @layer %>.map&mode=tile&layers=<%= @layer %>&tilemode=gmap&tile=$2+$3+$1";
@@ -69,7 +73,7 @@ location ~* "^/layer/<%= @layer %>/(\d+)/(\d+)/(\d+)\.(png|jpg|jpeg)$" {
   add_header x-cache-status $upstream_cache_status;
 
   # Allow CORS requests
-  add_header 'Access-Control-Allow-Origin' '*';
+  add_header 'Access-Control-Allow-Origin' '*' always;
 }
 
 <% if @root_layer -%>

diff --git a/cookbooks/otrs/templates/default/apache.erb b/cookbooks/otrs/templates/default/apache.erb
index 17f0df1180d990f0eedb8f5f53458b497e82f40b..e51b83ea2d6aba23623c3415fdbe5400ff9c6c98 100644 (file)
--- a/cookbooks/otrs/templates/default/apache.erb
+++ b/cookbooks/otrs/templates/default/apache.erb
@@ -44,6 +44,8 @@
   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
+  Protocols http/1.1
+
   ScriptAlias /otrs "/usr/share/otrs/bin/cgi-bin/"
   Alias /otrs-web "/usr/share/otrs/var/httpd/htdocs/"
   RedirectMatch ^/$ /otrs/index.pl

diff --git a/cookbooks/prometheus/templates/default/alert_rules.yml.erb b/cookbooks/prometheus/templates/default/alert_rules.yml.erb
index a0cea579289fde937a6e5947704aa618a1b5b65d..fdb90765bf0618d8f704a00157e1499fce8d6b11 100644 (file)
--- a/cookbooks/prometheus/templates/default/alert_rules.yml.erb
+++ b/cookbooks/prometheus/templates/default/alert_rules.yml.erb
@@ -118,7 +118,7 @@ groups:
         labels:
           alertgroup: database
         annotations:
-          delay: "{{ $value }}"
+          queries: "{{ $value }}"
   - name: discourse
     rules:
       - alert: discourse job failure rate

diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 4ee4c459cf769eef7dc17cab194eb154d5e9e09c..fb677769e6a3e15220dd50be03256fb7fd43973e 100644 (file)
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -35,8 +35,7 @@ ErrorLog /var/log/apache2/error.log
   #
   # Configure timeouts
   #
-  TimeOut 10
-  RequestReadTimeout handshake=10-20,MinRate=500 header=10-20,MinRate=500 body=10-120,MinRate=500
+  RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20-120,MinRate=500
   LogLevel reqtimeout:info
 
   #

diff --git a/roles/crm.rb b/roles/crm.rb
index cbcd8628d986cf5f967b87b940b22f3077b937c8..372c05c57c7eee7e7cfec59af495935afd5bd544 100644 (file)
--- a/roles/crm.rb
+++ b/roles/crm.rb
@@ -4,7 +4,8 @@ description "Role applied to CRM server"
 default_attributes(
   :accounts => {
     :users => {
-      :stereo => { :status => :administrator }
+      :stereo => { :status => :administrator },
+      :jon => { :status => :user }
     }
   },
   :exim => {

diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb
index 4d3c83a747260f6be2195cc5648d77a6b59bb6a7..55849585908a4df5a7a1772280f68f7f223a73d2 100644 (file)
--- a/roles/ironbelly.rb
+++ b/roles/ironbelly.rb
@@ -36,7 +36,7 @@ default_attributes(
           :mode => "802.3ad",
           :lacprate => "fast",
           :xmithashpolicy => "layer3+4",
-          :slaves => %w[eth0 eth1]
+          :slaves => %w[enp2s0f0 enp2s0f1]
         }
       },
       :external => {

diff --git a/roles/rhaegal.rb b/roles/rhaegal.rb
index 61352aaa7b4c8f73dbf91a1cbf59bfe585ef4f26..72d8ae57caa24b12f583c701e805ed08e3a396b0 100644 (file)
--- a/roles/rhaegal.rb
+++ b/roles/rhaegal.rb
@@ -14,10 +14,14 @@ default_attributes(
         :interface => "eno1",
         :role => :external,
         :inet => {
-          :address => "10.5.0.77",
-          :prefix => "16",
-          :gateway => "10.5.0.1",
-          :public_address => "161.53.248.77"
+          :address => "193.198.233.218",
+          :prefix => "29",
+          :gateway => "193.198.233.217"
+        },
+        :inet6 => {
+          :address => "2001:b68:40ff:3::2",
+          :prefix => "64",
+          :gateway => "2001:b68:40ff:3::1"
         }
       }
     }