From: Tom Hughes <tom@compton.nu>
Date: Fri, 24 Apr 2020 21:18:14 +0000 (+0100)
Subject: Whitelist all rails frontends for nominatim
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/58d0fd170746360fe4c91782c9004807a281d148?hp=643919a8a61515129716f9410fe3a13a52893abd

Whitelist all rails frontends for nominatim
---

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index faf80756c..04cedf1fe 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -367,6 +367,7 @@ nginx_site "nominatim" do
   template "nginx.erb"
   directory build_directory
   variables :pools => node[:nominatim][:fpm_pools],
+            :frontends => search(:node, "recipes:web\\:\\:frontend"),
             :confdir => "#{basedir}/etc"
 end
 
diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 07ff0a52e..3ba964660 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -19,17 +19,11 @@ upstream nominatim_service {
 # Whitelisted IPs
 geo $whitelisted {
     default 0;
-    2001:978:2:2c::172:6 1;
-    2001:978:2:2c::172:7 1;
-    2001:978:2:2c::172:8 1;
-    2001:978:2:2c::172:b 1;
-    2001:978:2:2c::172:c 1;
-    2001:978:2:2c::172:d 1;
-    130.117.76.6 1;
-    130.117.76.7 1;
-    130.117.76.8 1;
-    89.16.162.21 1;
-    89.16.162.22 1;
+<% @frontends.each do |frontend| -%>
+<% frontend.ipaddresses(:role => :external) do |address| -%>
+    <%= address %>;
+<% end -%>
+<% end -%>
     46.235.224.148 1;
     209.132.180.180 1;
     209.132.180.168 1;