X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/d367bfde14a793d993542d9885a60a72aab85095..743ccc20d107fb66d801138af23752fd6b4fa701:/roles/shenron.rb diff --git a/roles/shenron.rb b/roles/shenron.rb index e27612169..27a10f9c1 100644 --- a/roles/shenron.rb +++ b/roles/shenron.rb @@ -2,21 +2,31 @@ name "shenron" description "Master role applied to shenron" default_attributes( - :accounts => { - :users => { - :bretth => { - :status => :user, - :shell => "/usr/bin/git-shell" - }, - } - }, :apache => { :mpm => "event", :event => { - :max_requests_per_child => 2000 + :min_spare_threads => 50, + :max_spare_threads => 150 } }, + :hardware => { + :hwmon => { + "platform_it87_552" => { + :ignore => %w[in6] + } + }, + :mcelog => { + :enabled => false + }, + :modules => [ + "it87" + ] + } +) + +override_attributes( :networking => { + :dnssec => "false", :interfaces => { :external_ipv4 => { :interface => "eth0", @@ -30,23 +40,15 @@ default_attributes( :interface => "eth0", :role => :external, :family => :inet6, - :address => "2001:41c8:0010:0996:21d:7dff:fec3:df70", + :address => "2001:41c9:1:400::32", :prefix => "64", :gateway => "fe80::1" - }, - } - }, - :openvpn => { - :address => "10.0.16.3", - :tunnels => { - :shenron2ucl => { - :port => "1194", - :mode => "server", - :peer => { - :host => "ridley.openstreetmap.org" - } } - } + }, + # Do not use Cloudflare Public DNS as it does not support ECS as required by https://www.spamhaus.org/organization/dnsblusage/ + # https://www.spamhaus.org/news/article/816/service-update-spamhaus-dnsbl-users-who-query-via-cloudflare-dns-need-to-make-changes-to-email-set-up + :nameservers => ["8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844"], + :private_address => "10.0.16.100" } ) @@ -54,13 +56,9 @@ run_list( "role[bytemark]", "role[mail]", "role[lists]", - "role[git]", "role[subversion]", "role[trac]", "role[osqa]", "role[irc]", - "role[dns]", - "role[geodns]", - "role[chef-repository]", - "recipe[openvpn]" + "recipe[blogs]" )