--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef - use authorized_keys2 instead
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwUG1hL4maYavu5UE8O/6N/O7BWQPoRR42IzWKx1tncf4BKbyf7ck5vP0fPYGDR54FsaZEOjCAQ+TwsozpGVBcxbWTo2ApxKM4MH3t/UHclRvmgj38wSQPc57hIBiWfkukKYq5vGPvw9Avd5LSyTKB5Sm9H0jYgVel5QtbGLIN1l/Liwc91T8hbk47vJ1NEy2WVvnPglQI/jZff0ZOc85O/bHxrtt6Nv/03p2BYPoObrCiGJkDO4mBQyUf/9FRoZ1ZcEyINTAgd1nS0CVLEMjMeYsqcRf1NEhY2ai1tZ0kHEOBia4cTlCiJhNUOgf/hz3HbIwTiTv04NmhpVZzOESnsaW9T6Wvb4/6G9JS+ZDZK54r4Ht0bsGt61IyhdPATKKHTzyktHQ/89K4YWppHhlzt4FZ3gyslpBv5lhagIXCjGN8+UP8295pKdBMknefbQfSsjYlxdCPZhI2XtyKDjmRTJRn78eKfrwdo/om0t6GHlDE+r259QvX98rSXOdUJjdbbITk+nS6cn5WK5O5RjMo1+e8EAOmC9vdE4zgeFJyNwxeCRUpIpv/233Cd2qG73r3czbhtLJji27vSLXomfeSBfiEfjBGi69VI07dwECwW31hdDUAAHL50HD53nJgRkxHDJHIPVmHBB2MA09etnUZ+24gzpAx/w5QnA2tYWRGZw== contrapunctus@disroot.org
--- /dev/null
+#
+# Cookbook:: blog
+# Recipe:: birthday
+#
+# Copyright:: 2024, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "wordpress"
+
+passwords = data_bag_item("birthday20", "passwords")
+wp2fa_encrypt_keys = data_bag_item("birthday20", "wp2fa_encrypt_keys")
+
+directory "/srv/birthday20.openstreetmap.org" do
+ owner "wordpress"
+ group "wordpress"
+ mode "755"
+end
+
+wordpress_site "birthday20.openstreetmap.org" do
+ aliases ["birthday20.osm.org", "birthday20.openstreetmap.com",
+ "birthday20.openstreetmap.net", "birthday20.openstreetmaps.org"]
+ directory "/srv/birthday20.openstreetmap.org/wp"
+ database_name "osm-birthday20"
+ database_user "osm-birthday20-user"
+ database_password passwords["osm-birthday20-user"]
+ wp2fa_encrypt_key wp2fa_encrypt_keys["key"]
+ fpm_prometheus_port 11403
+end
+
+wordpress_plugin "birthday20.openstreetmap.org-shareadraft" do
+ action :delete
+ plugin "shareadraft"
+ site "birthday20.openstreetmap.org"
+end
+
+wordpress_plugin "birthday20.openstreetmap.org-public-post-preview" do
+ plugin "public-post-preview"
+ site "birthday20.openstreetmap.org"
+end
+
+template "/etc/cron.daily/birthday20-backup" do
+ source "backup-birthday20.cron.erb"
+ owner "root"
+ group "root"
+ mode "750"
+ variables :passwords => passwords
+end
--- /dev/null
+#!/bin/sh
+
+# DO NOT EDIT - This file is being maintained by Chef
+
+T=$(mktemp -d -t -p /var/tmp osm-birthday20.XXXXXXXXXX)
+D=$(date +%Y-%m-%d)
+B=osm-birthday20-$D.tar.gz
+
+mkdir $T/osm-birthday20-$D
+echo '[mysqldump]' > $T/mysqldump.opts
+echo 'user=osm-birthday20-user' >> $T/mysqldump.opts
+echo 'password=<%= @passwords["osm-birthday20-user"] %>' >> $T/mysqldump.opts
+mysqldump --defaults-file=$T/mysqldump.opts --opt --no-tablespaces osm-birthday20 > $T/osm-birthday20-$D/osm-birthday20.sql
+ln -s /srv/birthday20.openstreetmap.org $T/osm-birthday20-$D/www
+
+export RSYNC_RSH="ssh -ax"
+
+nice tar --create --dereference --directory=$T --warning=no-file-changed osm-birthday20-$D | nice gzip --rsyncable -9 > $T/$B
+nice rsync --preallocate --fuzzy $T/$B backup::backup
+
+rm -rf $T
depth 1
user "blogs"
group "blogs"
- notifies :run, "bundle_install[/srv/blogs.openstreetmap.org]", :immediately
end
bundle_install "/srv/blogs.openstreetmap.org" do
action :nothing
- options "--deployment"
+ options "--deployment --without development test"
+ environment "BUNDLE_PATH" => "vendor/bundle"
user "blogs"
group "blogs"
- notifies :run, "bundle_exec[/srv/blogs.openstreetmap.org]", :immediately
+ subscribes :run, "git[/srv/blogs.openstreetmap.org]", :immediately
end
bundle_exec "/srv/blogs.openstreetmap.org" do
action :nothing
command "pluto build -t osm -o build"
+ environment "BUNDLE_PATH" => "vendor/bundle"
user "blogs"
group "blogs"
+ subscribes :run, "git[/srv/blogs.openstreetmap.org]", :immediately
end
ssl_certificate "blogs.openstreetmap.org" do
cd /srv/blogs.openstreetmap.org
+export BUNDLE_PATH="vendor/bundle"
+
<%= node[:ruby][:bundle] %> exec pluto \
--quieter \
--config=/srv/blogs.openstreetmap.org build \
default[:chef][:server][:version] = "15.1.7"
# Set the default client version
-default[:chef][:client][:version] = "18.4.2"
+default[:chef][:client][:version] = "18.4.12"
:FORWARDED_ALLOW_IPS => "*" # https://docs.gunicorn.org/en/latest/settings.html#forwarded-allow-ips
end
+systemd_service "titiler-restart" do
+ type "simple"
+ user "root"
+ exec_start "/bin/systemctl try-restart titiler.service"
+ sandbox true
+ restrict_address_families "AF_UNIX"
+end
+
+systemd_timer "titiler-restart" do
+ on_boot_sec "6h"
+ on_unit_inactive_sec "12h"
+end
+
directory "/var/cache/nginx-cache" do
owner "www-data"
group "www-data"
proxy_cache_background_update on;
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_next_upstream_tries 3;
+ proxy_intercept_errors on;
proxy_next_upstream_timeout 30s;
<% else -%>
:request_timeout => node[:nominatim][:api_request_timeout]
end
+remote_file "#{project_directory}/secondary_importance.sql.gz" do
+ action :create_if_missing
+ source "https://nominatim.org/data/wikimedia-secondary-importance.sql.gz"
+ owner "nominatim"
+ group "nominatim"
+ mode "644"
+end
+
remote_file "#{project_directory}/wikimedia-importance.sql.gz" do
action :create_if_missing
source "https://nominatim.org/data/wikimedia-importance.sql.gz"
:database_password => database_password
end
-apt_package "otrs2" do
- options "-t #{node[:lsb][:codename]}-backports"
+# Ensure the OTRS package in backports has a priority preference.
+apt_preference "otrs2" do
+ pin "release o=Debian Backports"
+ pin_priority "600"
end
+apt_package "otrs2"
+
# Ensure debconf is repopulated on a dbconfig change
execute "dpkg-reconfigure-otrs2" do
action :nothing
private_tmp true
protect_system "strict"
protect_home true
- read_write_paths ["/var/lib/otrs", "/var/log/exim4", "/var/spool/exim4"]
+ read_write_paths ["/var/lib/otrs", "/run/otrs", "/var/log/exim4", "/var/spool/exim4"]
end
service "otrs" do
annotations:
current: "{{ $value | humanize }}kVA"
- alert: site temperature
- expr: min(rPDU2SensorTempHumidityStatusTempC{site="amsterdam"}) / 10 < 18 or min(rPDU2SensorTempHumidityStatusTempC{site="amsterdam"}) / 10 > 26
+ expr: min(rPDU2SensorTempHumidityStatusTempC{site="amsterdam"}) / 10 < 15 or min(rPDU2SensorTempHumidityStatusTempC{site="amsterdam"}) / 10 > 32
for: 6m
labels:
alertgroup: "amsterdam"
annotations:
temperature: "{{ $value | humanize }}C"
- alert: site humidity
- expr: max(rPDU2SensorTempHumidityStatusRelativeHumidity{site="amsterdam"}) / 100 < 0.25 or max(rPDU2SensorTempHumidityStatusRelativeHumidity{site="amsterdam"}) / 100 > 0.65
+ expr: max(rPDU2SensorTempHumidityStatusRelativeHumidity{site="amsterdam"}) / 100 < 0.08 or max(rPDU2SensorTempHumidityStatusRelativeHumidity{site="amsterdam"}) / 100 > 0.8
for: 6m
labels:
alertgroup: "amsterdam"
db_passwords = data_bag_item("db", "passwords")
ssl_certificate "www.openstreetmap.org" do
- domains ["www.openstreetmap.org", "www.osm.org",
+ domains ["www.openstreetmap.org", "www.osm.org", "www.openstreetmap.com",
"api.openstreetmap.org", "api.osm.org",
"maps.openstreetmap.org", "maps.osm.org",
"mapz.openstreetmap.org", "mapz.osm.org",
- "openstreetmap.org", "osm.org"]
+ "openstreetmap.org", "osm.org", "openstreetmap.com"]
notifies :reload, "service[apache2]"
end
--- /dev/null
+name "birthday20"
+description "Role applied to birthday20 servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :mikel => { :status => :administrator },
+ :wordpress => {
+ :status => :role,
+ :members => [:mikel]
+ }
+ },
+ }
+)
+
+# FIXME: Disable while site under development
+# run_list(
+# "recipe[blog::birthday]"
+# )
:bsupnik => { :status => :user },
:chippy => { :status => :user },
:cobra => { :status => :user },
+ :contrapunctus => { :status => :user },
:csmale => { :status => :user },
:dan => { :status => :user },
:daveh => { :status => :user },
run_list(
"role[equinix-dub]",
- "role[blog-staging]"
+ "role[blog-staging]",
+ "role[birthday20]"
)