From: Tom Hughes Date: Wed, 22 Nov 2023 22:08:55 +0000 (+0000) Subject: Merge remote-tracking branch 'github/pull/638' X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/44961f1f6b5a7cd573ebf463ed66f12b5dba226b?hp=db938e2958cad06c64ed41a52daf2b50994fe302 Merge remote-tracking branch 'github/pull/638' --- diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index 47bd0ad18..4cd4b7926 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -49,7 +49,7 @@ if platform?("debian") archive_distro = "debian" archive_security_distro = "debian-security" archive_suites = %w[main updates security] - archive_components = %w[main contrib non-free] + archive_components = %w[main contrib non-free non-free-firmware] elsif intel? archive_host = if node[:country] "#{node[:country]}.archive.ubuntu.com" diff --git a/cookbooks/apt/recipes/management-component-pack.rb b/cookbooks/apt/recipes/management-component-pack.rb index 34aad4d5e..700ac02bd 100644 --- a/cookbooks/apt/recipes/management-component-pack.rb +++ b/cookbooks/apt/recipes/management-component-pack.rb @@ -24,20 +24,11 @@ apt_repository "management-component-pack" do end if platform?("debian") - if node[:dmi][:system][:product_name].end_with?("Gen10") - apt_repository "mcp-gen10" do - uri "https://downloads.linux.hpe.com/SDR/repo/mcp" - distribution "#{node[:lsb][:codename]}/current-gen10" - components ["non-free"] - key "C208ADDE26C2B797" - end - else - apt_repository "mcp" do - uri "https://downloads.linux.hpe.com/SDR/repo/mcp" - distribution "#{node[:lsb][:codename]}/current" - components ["non-free"] - key "C208ADDE26C2B797" - end + apt_repository "mcp" do + uri "https://downloads.linux.hpe.com/SDR/repo/mcp" + distribution "#{node[:lsb][:codename]}/current" + components ["non-free"] + key "C208ADDE26C2B797" end elsif platform?("ubuntu") if node[:dmi][:system][:product_name].end_with?("Gen10") diff --git a/cookbooks/chef/recipes/default.rb b/cookbooks/chef/recipes/default.rb index d06162465..91a91001c 100644 --- a/cookbooks/chef/recipes/default.rb +++ b/cookbooks/chef/recipes/default.rb @@ -49,7 +49,11 @@ Dir.glob("#{cache_dir}/chef_*.deb").each do |deb| end end -os_release = node[:lsb][:release] +os_release = if platform?("debian") && node[:lsb][:release].to_f > 11 + 11 + else + node[:lsb][:release] + end remote_file "#{cache_dir}/#{chef_package}" do source "https://packages.chef.io/files/stable/chef/#{chef_version}/#{chef_platform}/#{os_release}/#{chef_package}" diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index 6babb839a..635682e2e 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -506,7 +506,11 @@ acl_check_rcpt: # relay domains is to use a callout (add /callout), but please read the # documentation about callouts before doing this. - require verify = recipient + deny domains = +relay_to_domains + !verify = recipient/callout=use_sender + + deny domains = !+relay_to_domains + !verify = recipient <% if node[:exim][:dns_blacklists] -%> # Deny any messages from hosts in certain blacklists. diff --git a/cookbooks/fail2ban/recipes/default.rb b/cookbooks/fail2ban/recipes/default.rb index 0a4c479f4..060251680 100644 --- a/cookbooks/fail2ban/recipes/default.rb +++ b/cookbooks/fail2ban/recipes/default.rb @@ -22,9 +22,16 @@ include_recipe "prometheus" package %w[ fail2ban + python3-systemd ruby-webrick ] +if platform?("debian") + package "python3-inotify" +else + package "gamin" +end + template "/etc/fail2ban/jail.d/00-default.conf" do source "jail.default.erb" owner "root" diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb index 5e4899476..d7c508d9a 100644 --- a/cookbooks/hardware/recipes/default.rb +++ b/cookbooks/hardware/recipes/default.rb @@ -28,6 +28,10 @@ ohai_plugin "hardware" do template "ohai.rb.erb" end +if platform?("debian") + package "firmware-linux" +end + if node[:cpu] && node[:cpu][:"0"] && node[:cpu][:"0"][:vendor_id] case node[:cpu][:"0"][:vendor_id] when "GenuineIntel" diff --git a/cookbooks/stateofthemap/recipes/container.rb b/cookbooks/stateofthemap/recipes/container.rb index 8f0786ce4..16cb780ec 100644 --- a/cookbooks/stateofthemap/recipes/container.rb +++ b/cookbooks/stateofthemap/recipes/container.rb @@ -24,7 +24,7 @@ podman_site "stateofthemap.org" do aliases ["www.stateofthemap.org", "stateofthemap.com", "www.stateofthemap.com", "sotm.org", "www.sotm.org"] end -%w[2013 2016 2017 2018 2019 2020 2021 2022].each do |year| +%w[2013 2016 2017 2018 2019 2020 2021 2022 2024].each do |year| podman_site "#{year}.stateofthemap.org" do image "ghcr.io/openstreetmap/stateofthemap-#{year}:latest" aliases ["#{year}.stateofthemap.com", "#{year}.sotm.org"] diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb index fd3d59f2d..dd0086b70 100644 --- a/cookbooks/web/recipes/rails.rb +++ b/cookbooks/web/recipes/rails.rb @@ -123,7 +123,7 @@ rails_port "www.openstreetmap.org" do google_openid_realm "https://www.openstreetmap.org" facebook_auth_id "427915424036881" facebook_auth_secret web_passwords["facebook_auth_secret"] - microsoft_auth_id "45ef48fb-6a13-4239-b842-133608b8edd7" + microsoft_auth_id "e34f14f1-f790-40f3-9fa4-3c5f1a027c38" microsoft_auth_secret web_passwords["microsoft_auth_secret"] github_auth_id "acf7da34edee99e35499" github_auth_secret web_passwords["github_auth_secret"] diff --git a/roles/gateway.rb b/roles/gateway.rb index a78f04bcf..d842bf412 100644 --- a/roles/gateway.rb +++ b/roles/gateway.rb @@ -7,9 +7,6 @@ default_attributes( :comment => "Enable forwarding", :parameters => { "net.ipv4.ip_forward" => "1" } } - }, - :exim => { - :relay_from_hosts => ["10.0.0.0/8"] } )