nominatim: make that ipv4 only

[chef.git] / cookbooks / nominatim / recipes / default.rb

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index e38d0c993a4edc682dcc7e338a37acbfd7e95101..8d10a4b93390186b6173b2f2b5e943def0810ee6 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+include_recipe "munin"
+
 basedir = data_bag_item("accounts", "nominatim")["home"]
 email_errors = data_bag_item("accounts", "lonvia")["email"]
 
@@ -48,6 +50,17 @@ file "#{node[:nominatim][:logdir]}/update.log" do
   mode 0o664
 end
 
+# exception granted for a limited time so that they can set up their own server
+firewall_rule "increase-limits-gnome-proxy" do
+  action :accept
+  family "inet"
+  source "net:8.43.85.23"
+  dest "fw"
+  proto "tcp:syn"
+  dest_ports "https"
+  rate_limit "s:10/sec:30"
+end
+
 ## Postgresql
 
 include_recipe "postgresql"
@@ -152,6 +165,7 @@ package %w[
   libproj-dev
   python3-pyosmium
   pyosmium
+  python3-psycopg2
 ]
 
 source_directory = "#{basedir}/nominatim"