nominatim: add apache headers module for blocking headers

[chef.git] / cookbooks / nominatim / recipes / master.rb

diff --git a/cookbooks/nominatim/recipes/master.rb b/cookbooks/nominatim/recipes/master.rb
index d33d7658d6c860facd0611b4ad921c35f28a0fe8..b135022b8e4cf625b1dc7472e78b347751776786 100644 (file)
--- a/cookbooks/nominatim/recipes/master.rb
+++ b/cookbooks/nominatim/recipes/master.rb
@@ -19,6 +19,14 @@
 
 include_recipe "git"
 
+passwords = data_bag_item("nominatim", "passwords")
+database_cluster = node[:nominatim][:database][:cluster]
+home_directory = data_bag_item("accounts", "nominatim")["home"]
+
+wal_archives = node[:rsyncd][:modules][:archive][:path]
+# XXX we really should get a list of nominatim-slave nodes here
+slaves = "poldi"
+
 git "#{home_directory}/nominatim" do
   action :checkout
   repository node[:nominatim][:repository]
@@ -30,10 +38,6 @@ end
 
 include_recipe "nominatim::base"
 
-passwords = data_bag_item("nominatim", "passwords")
-database_cluster = node[:nominatim][:database][:cluster]
-home_directory = data_bag_item("accounts", "nominatim")["home"]
-
 superusers = %w(tomh lonvia twain nominatim)
 
 superusers.each do |user|
@@ -53,3 +57,20 @@ postgresql_user "replication" do
   replication true
 end
 
+directory wal_archives do
+  owner "postgres"
+  group "postgres"
+  mode 0o700
+  only_if { node[:postgresql][:settings][:defaults][:archive_mode] == "on" }
+end
+
+template "/usr/local/bin/clean-db-nominatim" do
+  source "clean-db-nominatim.erb"
+  owner "root"
+  group "root"
+  mode 0o755
+  variables :archive_dir => wal_archives,
+            :update_stop_file => "#{home_directory}/status/updates_disabled",
+            :streaming_clients => slaves
+  only_if { node[:postgresql][:settings][:defaults][:archive_mode] == "on" }
+end