include_recipe "docker"
include_recipe "git"
include_recipe "ssl"
+include_recipe "geoipupdate"
+
+passwords = data_bag_item("community", "passwords")
+license_keys = data_bag_item("geoipupdate", "license-keys")
ssl_certificate "community.openstreetmap.org" do
domains ["community.openstreetmap.org", "community.osm.org"]
+ notifies :run, "execute[discourse_container_web_only_rebuild]"
end
-# passwords = data_bag_item("community", "passwords")
-
-# postgresql_user "community_user" do
-# cluster node[:db][:cluster]
-# password passwords["database"]
-# end
-
-# postgresql_database "community_db" do
-# cluster node[:db][:cluster]
-# owner "community_user"
-# end
-
-# postgresql_extension "hstore" do
-# cluster node[:db][:cluster]
-# database "community_db"
-# end
-
-# postgresql_extension "pg_trgm" do
-# cluster node[:db][:cluster]
-# database "community_db"
-# end
-
directory "/srv/community.openstreetmap.org" do
owner "root"
group "root"
git "/srv/community.openstreetmap.org/docker" do
action :sync
repository "https://github.com/discourse/discourse_docker.git"
- revision "master"
+ revision "main"
depth 1
user "root"
group "root"
+ notifies :run, "execute[discourse_container_data_rebuild]"
+ notifies :run, "execute[discourse_container_web_only_rebuild]"
+end
+
+template "/srv/community.openstreetmap.org/docker/containers/data.yml" do
+ source "data.yml.erb"
+ owner "root"
+ group "root"
+ mode "644"
+ variables :license_keys => license_keys, :passwords => passwords
+ notifies :run, "execute[discourse_container_data_rebuild]"
+end
+
+template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do
+ source "web_only.yml.erb"
+ owner "root"
+ group "root"
+ mode "644"
+ variables :license_keys => license_keys, :passwords => passwords
+ notifies :run, "execute[discourse_container_web_only_rebuild]"
+end
+
+execute "discourse_container_data_rebuild" do
+ action :nothing
+ command "./launcher rebuild data"
+ cwd "/srv/community.openstreetmap.org/docker/"
+ user "root"
+ group "root"
+end
+
+execute "discourse_container_web_only_rebuild" do
+ action :nothing
+ command "./launcher rebuild web_only"
+ cwd "/srv/community.openstreetmap.org/docker/"
+ user "root"
+ group "root"
end
-# TBC: discourse docker templates
-# web.ssl.template.yml
-# redis.template.yml
-# TBC: discourse launcher rebuild
+## FIXME
+# Backup the backups
+# Maybe use /srv/community.openstreetmap.org/shared/web-only/backups/
+# Or https://github.com/discourse/discourse_docker/blob/8b0ae9b4da2f48d62d7a88035018dba403918325/templates/postgres.template.yml#L240
+# and tar of the shared web uploads
--- /dev/null
+# A container for all things Data, be sure to set a secret password for
+# discourse account, SOME_SECRET is just an example
+#
+
+templates:
+ - "templates/postgres.template.yml"
+ - "templates/redis.template.yml"
+
+# any extra arguments for Docker?
+# docker_args:
+
+params:
+ db_default_text_search_config: "pg_catalog.english"
+
+ ## Set db_shared_buffers to a max of 25% of the total memory.
+ ## will be set automatically by bootstrap based on detected RAM, or you can override
+ db_shared_buffers: "4096MB"
+
+ ## can improve sorting performance, but adds memory usage per-connection
+ #db_work_mem: "40MB"
+
+env:
+ # ensure locale exists in container, you may need to install it
+ LC_ALL: en_US.UTF-8
+ LANG: en_US.UTF-8
+ LANGUAGE: en_US.UTF-8
+
+volumes:
+ - volume:
+ host: /srv/community.openstreetmap.org/shared/data
+ guest: /shared
+ - volume:
+ host: /srv/community.openstreetmap.org/shared/data/log/var-log
+ guest: /var/log
+
+# TODO: SOME_SECRET to a password for the discourse user
+hooks:
+ after_postgres:
+ - exec:
+ stdin: |
+ alter user discourse with password '<%= @passwords["database"] %>';
+ cmd: su - postgres -c 'psql discourse'
+
+ raise_on_fail: false
--- /dev/null
+templates:
+ - "templates/web.template.yml"
+ - "templates/web.ratelimited.template.yml"
+ - "templates/web.ssl.template.yml"
+
+## which TCP/IP ports should this container expose?
+## If you want Discourse to share a port with another webserver like Apache or nginx,
+## see https://meta.discourse.org/t/17247 for details
+expose:
+ - "80:80" # http
+ - "443:443" # https
+
+# Use 'links' key to link containers together, aka use Docker --link flag.
+links:
+ - link:
+ name: data
+ alias: data
+
+# any extra arguments for Docker?
+# docker_args:
+
+params:
+ version: v2.8.1
+
+env:
+ LC_ALL: en_US.UTF-8
+ LANG: en_US.UTF-8
+ LANGUAGE: en_US.UTF-8
+ EMBER_CLI_PROD_ASSETS: 1
+ DISCOURSE_FORCE_HTTPS: true
+
+ ## How many concurrent web requests are supported? Depends on memory and CPU cores.
+ ## will be set automatically by bootstrap based on detected CPUs, or you can override
+ UNICORN_WORKERS: 8
+
+ ## TODO: The domain name this Discourse instance will respond to
+ DISCOURSE_HOSTNAME: community.openstreetmap.org
+
+ ## Uncomment if you want the container to be started with the same
+ ## hostname (-h option) as specified above (default "$hostname-$config")
+ #DOCKER_USE_HOSTNAME: true
+
+ ## TODO: List of comma delimited emails that will be made admin and developer
+ ## on initial signup example 'user1@example.com,user2@example.com'
+ DISCOURSE_DEVELOPER_EMAILS: 'operations@openstreetmap.org'
+
+ ## TODO: The SMTP mail server used to validate new accounts and send notifications
+ # SMTP ADDRESS, username, and password are required
+ # WARNING the char '#' in SMTP password can cause problems!
+ DISCOURSE_SMTP_ADDRESS: mail.openstreetmap.org
+ DISCOURSE_SMTP_PORT: 26
+ DISCOURSE_SMTP_USER_NAME:
+ DISCOURSE_SMTP_PASSWORD:
+ # DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true)
+ DISCOURSE_SMTP_DOMAIN: community.openstreetmap.org
+ DISCOURSE_NOTIFICATION_EMAIL: noreply@community.openstreetmap.org
+
+ ## TODO: configure connectivity to the databases
+ DISCOURSE_DB_SOCKET: ''
+ #DISCOURSE_DB_USERNAME: discourse
+ DISCOURSE_DB_PASSWORD: '<%= @passwords["database"] %>'
+ DISCOURSE_DB_HOST: data
+ DISCOURSE_REDIS_HOST: data
+
+ ## The maxmind geolocation IP address key for IP address lookup
+ ## see https://meta.discourse.org/t/-/137387/23 for details
+ DISCOURSE_MAXMIND_LICENSE_KEY: '<%= @license_keys[node[:geoipupdate][:account]] %>'
+
+volumes:
+ - volume:
+ host: /srv/community.openstreetmap.org/shared/web-only
+ guest: /shared
+ - volume:
+ host: /srv/community.openstreetmap.org/shared/web-only/log/var-log
+ guest: /var/log
+ - volume:
+ host: /etc/ssl/certs/community.openstreetmap.org.pem
+ guest: /shared/ssl/ssl.crt;
+ - volume:
+ host: /etc/ssl/private/community.openstreetmap.org.key
+ guest: /shared/ssl/ssl.key;;
+
+## Plugins go here
+## see https://meta.discourse.org/t/19157 for details
+hooks:
+ after_code:
+ - exec:
+ cd: $home/plugins
+ cmd:
+ - git clone --depth 1 https://github.com/discourse/docker_manager.git
+ - git clone --depth 1 https://github.com/discourse/discourse-oauth2-basic.git
+ - git clone --depth 1 https://github.com/discourse/discourse-solved.git
+ - git clone --depth 1 https://github.com/discourse/discourse-canned-replies.git
+ - git clone --depth 1 https://github.com/discourse/discourse-reactions.git
+ after_ssl:
+ - file:
+ path: "/etc/nginx/letsencrypt.conf"
+ contents: |
+ user www-data;
+ worker_processes auto;
+ daemon on;
+
+ events {
+ worker_connections 768;
+ # multi_accept on;
+ }
+
+ http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+ access_log /var/log/nginx/access.letsencrypt.log;
+ error_log /var/log/nginx/error.letsencrypt.log;
+
+ server {
+ listen 80;
+ listen [::]:80;
+
+ rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+
+ }
+ }
+
+ - replace:
+ filename: "/etc/nginx/conf.d/discourse.conf"
+ from: /add_header.+/
+ to: |
+ add_header Strict-Transport-Security 'max-age=63072000';
projects / chef.git / commitdiff