X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/3a4b1c2078cd515e93a5f1bf8967f380fbd1646f..f6f2f9e52a1f7c2c13027779da1a3b7f49ff2763:/roles/shenron.rb diff --git a/roles/shenron.rb b/roles/shenron.rb index 51d697e88..27a10f9c1 100644 --- a/roles/shenron.rb +++ b/roles/shenron.rb @@ -2,26 +2,31 @@ name "shenron" description "Master role applied to shenron" default_attributes( - :accounts => { - :users => { - :bretth => { - :status => :user, - :shell => "/usr/bin/git-shell" - } - } - }, :apache => { :mpm => "event", :event => { - :max_requests_per_child => 2000 + :min_spare_threads => 50, + :max_spare_threads => 150 } }, :hardware => { + :hwmon => { + "platform_it87_552" => { + :ignore => %w[in6] + } + }, + :mcelog => { + :enabled => false + }, :modules => [ "it87" ] - }, + } +) + +override_attributes( :networking => { + :dnssec => "false", :interfaces => { :external_ipv4 => { :interface => "eth0", @@ -39,19 +44,11 @@ default_attributes( :prefix => "64", :gateway => "fe80::1" } - } - }, - :openvpn => { - :address => "10.0.16.3", - :tunnels => { - :shenron2ucl => { - :port => "1194", - :mode => "server", - :peer => { - :host => "ridley.openstreetmap.org" - } - } - } + }, + # Do not use Cloudflare Public DNS as it does not support ECS as required by https://www.spamhaus.org/organization/dnsblusage/ + # https://www.spamhaus.org/news/article/816/service-update-spamhaus-dnsbl-users-who-query-via-cloudflare-dns-need-to-make-changes-to-email-set-up + :nameservers => ["8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844"], + :private_address => "10.0.16.100" } ) @@ -59,13 +56,9 @@ run_list( "role[bytemark]", "role[mail]", "role[lists]", - "role[git]", "role[subversion]", "role[trac]", "role[osqa]", "role[irc]", - "role[dns]", - "role[geodns]", - "role[chef-repository]", - "recipe[openvpn]" + "recipe[blogs]" )