Enable CSP in report only mode for the main web site
[chef.git] / cookbooks / web / definitions / rails_port.rb
index 49d989f..6985528 100644 (file)
@@ -28,6 +28,7 @@ define :rails_port, :action => [:create, :enable] do
   rails_repository = params[:repository] || "git://git.openstreetmap.org/rails.git"
   rails_revision = params[:revision] || "live"
   run_migrations = params[:run_migrations] || false
+  email_from = params[:email_from] || "OpenStreetMap <support@openstreetmap.org>"
   status = params[:status] || "online"
 
   database_params = {
@@ -44,6 +45,7 @@ define :rails_port, :action => [:create, :enable] do
   package "irb#{ruby_version}" if ruby_version.to_f < 1.9
   package "imagemagick"
   package "nodejs"
+  package "geoip-database"
 
   package "g++"
   package "pkg-config"
@@ -69,57 +71,10 @@ define :rails_port, :action => [:create, :enable] do
     recursive true
   end
 
-  execute rails_directory do
-    action :nothing
-    command "passenger-config restart-app #{rails_directory}"
-    user "root"
-    group "root"
-    only_if { File.exist?("/usr/bin/passenger-config") }
-  end
-
-  file "#{rails_directory}/public/export/embed.html" do
-    action :nothing
-  end
-
-  execute "#{rails_directory}/public/assets" do
-    action :nothing
-    command "bundle#{ruby_version} exec rake#{ruby_version} assets:precompile"
-    environment "RAILS_ENV" => "production"
-    cwd rails_directory
-    user rails_user
-    group rails_group
-    notifies :delete, "file[#{rails_directory}/public/export/embed.html]", :immediate
-    notifies :run, "execute[#{rails_directory}]", :immediate
-  end
-
-  execute "#{rails_directory}/db/migrate" do
-    action :nothing
-    command "bundle#{ruby_version} exec rake#{ruby_version} db:migrate"
-    cwd rails_directory
-    user rails_user
-    group rails_group
-    notifies :run, "execute[#{rails_directory}/public/assets]", :immediate
-  end
-
-  execute "#{rails_directory}/Gemfile" do
-    action :nothing
-    command "bundle#{ruby_version} install"
-    cwd rails_directory
-    user "root"
-    group "root"
-    environment "NOKOGIRI_USE_SYSTEM_LIBRARIES" => "yes"
-    if run_migrations
-      notifies :run, "execute[#{rails_directory}/db/migrate]", :immediate
-    else
-      notifies :run, "execute[#{rails_directory}/public/assets]", :immediate
-    end
-    subscribes :run, "gem_package[bundler#{ruby_version}]"
-  end
-
   directory rails_directory do
     owner rails_user
     group rails_group
-    mode 02775
+    mode 0o2775
   end
 
   git rails_directory do
@@ -128,7 +83,10 @@ define :rails_port, :action => [:create, :enable] do
     revision rails_revision
     user rails_user
     group rails_group
-    notifies :run, "execute[#{rails_directory}/Gemfile]", :immediate
+    notifies :run, "execute[#{rails_directory}/Gemfile]"
+    notifies :run, "execute[#{rails_directory}/public/assets]"
+    notifies :delete, "file[#{rails_directory}/public/export/embed.html]"
+    notifies :run, "execute[#{rails_directory}]"
   end
 
   directory "#{rails_directory}/tmp" do
@@ -146,18 +104,25 @@ define :rails_port, :action => [:create, :enable] do
     source "database.yml.erb"
     owner rails_user
     group rails_group
-    mode 0664
+    mode 0o664
     variables database_params
     notifies :run, "execute[#{rails_directory}]"
   end
 
   application_yml = edit_file "#{rails_directory}/config/example.application.yml" do |line|
+    line.gsub!(/^( *)server_protocol:.*$/, "\\1server_protocol: \"https\"")
     line.gsub!(/^( *)server_url:.*$/, "\\1server_url: \"#{name}\"")
 
+    line.gsub!(/^( *)#publisher_url:.*$/, "\\1publisher_url: \"https://plus.google.com/111953119785824514010\"")
+
+    line.gsub!(/^( *)support_email:.*$/, "\\1support_email: \"support@openstreetmap.org\"")
+
     if params[:email_from]
-      line.gsub!(/^( *)email_from:.*$/, "\\1email_from: \"#{params[:email_from]}\"")
+      line.gsub!(/^( *)email_from:.*$/, "\\1email_from: \"#{email_from}\"")
     end
 
+    line.gsub!(/^( *)email_return_path:.*$/, "\\1email_return_path: \"bounces@openstreetmap.org\"")
+
     line.gsub!(/^( *)status:.*$/, "\\1status: :#{status}")
 
     if params[:messages_domain]
@@ -166,10 +131,7 @@ define :rails_port, :action => [:create, :enable] do
 
     line.gsub!(/^( *)#geonames_username:.*$/, "\\1geonames_username: \"openstreetmap\"")
 
-    if params[:quova_username]
-      line.gsub!(/^( *)#quova_username:.*$/, "\\1quova_username: \"#{params[:quova_username]}\"")
-      line.gsub!(/^( *)#quova_password:.*$/, "\\1quova_password: \"#{params[:quova_password]}\"")
-    end
+    line.gsub!(/^( *)#geoip_database:.*$/, "\\1geoip_database: \"/usr/share/GeoIP/GeoIPv6.dat\"")
 
     if params[:gpx_dir]
       line.gsub!(/^( *)gpx_trace_dir:.*$/, "\\1gpx_trace_dir: \"#{params[:gpx_dir]}/traces\"")
@@ -189,7 +151,7 @@ define :rails_port, :action => [:create, :enable] do
     end
 
     if params[:memcache_servers]
-      line.gsub!(/^( *)#memcache_servers:.*$/, "\\1memcache_servers: [ \"#{params[:memcache_servers].join("\", \"")}\" ]")
+      line.gsub!(/^( *)#memcache_servers:.*$/, "\\1memcache_servers: [ \"#{params[:memcache_servers].join('", "')}\" ]")
     end
 
     if params[:potlatch2_key]
@@ -208,6 +170,10 @@ define :rails_port, :action => [:create, :enable] do
       line.gsub!(/^( *)nominatim_url:.*$/, "\\1nominatim_url: \"#{params[:nominatim_url]}\"")
     end
 
+    if params[:osrm_url]
+      line.gsub!(/^( *)osrm_url:.*$/, "\\1osrm_url: \"#{params[:osrm_url]}\"")
+    end
+
     if params[:google_auth_id]
       line.gsub!(/^( *)#google_auth_id:.*$/, "\\1google_auth_id: \"#{params[:google_auth_id]}\"")
       line.gsub!(/^( *)#google_auth_secret:.*$/, "\\1google_auth_secret: \"#{params[:google_auth_secret]}\"")
@@ -224,6 +190,36 @@ define :rails_port, :action => [:create, :enable] do
       line.gsub!(/^( *)#windowslive_auth_secret:.*$/, "\\1windowslive_auth_secret: \"#{params[:windowslive_auth_secret]}\"")
     end
 
+    if params[:github_auth_id]
+      line.gsub!(/^( *)#github_auth_id:.*$/, "\\1github_auth_id: \"#{params[:github_auth_id]}\"")
+      line.gsub!(/^( *)#github_auth_secret:.*$/, "\\1github_auth_secret: \"#{params[:github_auth_secret]}\"")
+    end
+
+    if params[:wikipedia_auth_id]
+      line.gsub!(/^( *)#wikipedia_auth_id:.*$/, "\\1wikipedia_auth_id: \"#{params[:wikipedia_auth_id]}\"")
+      line.gsub!(/^( *)#wikipedia_auth_secret:.*$/, "\\1wikipedia_auth_secret: \"#{params[:wikipedia_auth_secret]}\"")
+    end
+
+    if params[:mapquest_key]
+      line.gsub!(/^( *)#mapquest_key:.*$/, "\\1mapquest_key: \"#{params[:mapquest_key]}\"")
+    end
+
+    if params[:mapzen_valhalla_key]
+      line.gsub!(/^( *)#mapzen_valhalla_key:.*$/, "\\1mapzen_valhalla_key: \"#{params[:mapzen_valhalla_key]}\"")
+    end
+
+    if params[:thunderforest_key]
+      line.gsub!(/^( *)#thunderforest_key:.*$/, "\\1thunderforest_key: \"#{params[:thunderforest_key]}\"")
+    end
+
+    if params[:totp_key]
+      line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{params[:totp_key]}\"")
+    end
+
+    if params[:csp_report_url]
+      line.gsub!(/^( *)#csp_report_url:.*$/, "\\1csp_report_url: \"#{params[:csp_report_url]}\"")
+    end
+
     line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true")
     line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true")
 
@@ -233,7 +229,7 @@ define :rails_port, :action => [:create, :enable] do
   file "#{rails_directory}/config/application.yml" do
     owner rails_user
     group rails_group
-    mode 0664
+    mode 0o664
     content application_yml
     notifies :run, "execute[#{rails_directory}/public/assets]"
   end
@@ -242,7 +238,7 @@ define :rails_port, :action => [:create, :enable] do
     file "#{rails_directory}/config/piwik.yml" do
       owner rails_user
       group rails_group
-      mode 0664
+      mode 0o664
       content YAML.dump(params[:piwik_configuration])
       notifies :run, "execute[#{rails_directory}/public/assets]"
     end
@@ -253,34 +249,79 @@ define :rails_port, :action => [:create, :enable] do
     end
   end
 
-  execute "#{rails_directory}/lib/quad_tile/extconf.rb" do
-    command "ruby extconf.rb"
-    cwd "#{rails_directory}/lib/quad_tile"
+  execute "#{rails_directory}/Gemfile" do
+    action :nothing
+    command "bundle#{ruby_version} install"
+    cwd rails_directory
+    user "root"
+    group "root"
+    environment "NOKOGIRI_USE_SYSTEM_LIBRARIES" => "yes"
+    subscribes :run, "gem_package[bundler#{ruby_version}]"
+    notifies :run, "execute[#{rails_directory}]"
+  end
+
+  execute "#{rails_directory}/db/migrate" do
+    action :nothing
+    command "bundle#{ruby_version} exec rake db:migrate"
+    cwd rails_directory
     user rails_user
     group rails_group
-    not_if { File.exist?("#{rails_directory}/lib/quad_tile/Makefile") && File.mtime("#{rails_directory}/lib/quad_tile/Makefile") >= File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") }
+    subscribes :run, "git[#{rails_directory}]"
+    notifies :run, "execute[#{rails_directory}]"
+    only_if { run_migrations }
   end
 
-  execute "#{rails_directory}/lib/quad_tile/Makefile" do
-    command "make"
+  execute "#{rails_directory}/public/assets" do
+    action :nothing
+    command "bundle#{ruby_version} exec rake assets:precompile"
+    environment "RAILS_ENV" => "production"
+    cwd rails_directory
+    user rails_user
+    group rails_group
+    notifies :run, "execute[#{rails_directory}]"
+  end
+
+  file "#{rails_directory}/public/export/embed.html" do
+    action :nothing
+  end
+
+  execute "#{rails_directory}/lib/quad_tile/extconf.rb" do
+    command "ruby extconf.rb"
     cwd "#{rails_directory}/lib/quad_tile"
     user rails_user
     group rails_group
     not_if do
       File.exist?("#{rails_directory}/lib/quad_tile/quad_tile_so.so") &&
-        File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/Makefile") &&
+        File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") &&
         File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.c") &&
         File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.h")
     end
+    notifies :run, "execute[#{rails_directory}/lib/quad_tile/Makefile]"
+  end
+
+  execute "#{rails_directory}/lib/quad_tile/Makefile" do
+    action :nothing
+    command "make"
+    cwd "#{rails_directory}/lib/quad_tile"
+    user rails_user
+    group rails_group
     notifies :run, "execute[#{rails_directory}]"
   end
 
-  template "/etc/cron.daily/rails-#{name}" do
+  execute rails_directory do
+    action :nothing
+    command "passenger-config restart-app --ignore-app-not-running #{rails_directory}"
+    user "root"
+    group "root"
+    only_if { File.exist?("/usr/bin/passenger-config") }
+  end
+
+  template "/etc/cron.daily/rails-#{name.tr('.', '-')}" do
     cookbook "web"
     source "rails.cron.erb"
     owner "root"
     group "root"
-    mode 0755
+    mode 0o755
     variables :directory => rails_directory
   end
 end