From: Grant Slater <git@firefishy.com>
Date: Wed, 21 Sep 2016 21:37:47 +0000 (+0100)
Subject: Add donate.osm.org chef code
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/5fb7a990481702f72801bc430b0f01675af38f94?ds=sidebyside

Add donate.osm.org chef code
---

diff --git a/cookbooks/donate/.foodcritic b/cookbooks/donate/.foodcritic
new file mode 100644
index 000000000..05e4c9141
--- /dev/null
+++ b/cookbooks/donate/.foodcritic
@@ -0,0 +1,4 @@
+~FC001
+~FC034
+~FC064
+~FC065
diff --git a/cookbooks/donate/README.md b/cookbooks/donate/README.md
new file mode 100644
index 000000000..fbe8e605b
--- /dev/null
+++ b/cookbooks/donate/README.md
@@ -0,0 +1,3 @@
+# Donate Cookbook
+
+This cookbook installs the donate.openstreetmap.org site
diff --git a/cookbooks/donate/metadata.rb b/cookbooks/donate/metadata.rb
new file mode 100644
index 000000000..078fec273
--- /dev/null
+++ b/cookbooks/donate/metadata.rb
@@ -0,0 +1,10 @@
+name              "donate"
+maintainer        "OpenStreetMap Administrators"
+maintainer_email  "admins@openstreetmap.org"
+license           "Apache 2.0"
+description       "Installs and configures Donate Site"
+long_description  IO.read(File.join(File.dirname(__FILE__), "README.md"))
+version           "1.0.0"
+depends           "apache"
+depends           "mysql"
+depends           "git"
diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb
new file mode 100644
index 000000000..e98e5c361
--- /dev/null
+++ b/cookbooks/donate/recipes/default.rb
@@ -0,0 +1,71 @@
+#
+# Cookbook Name:: donate
+# Recipe:: default
+#
+# Copyright 2016, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache::ssl"
+include_recipe "mysql"
+include_recipe "git"
+
+package "php"
+package "php-cli"
+package "php-curl"
+package "php-mbstring"
+package "php-mysql"
+package "php-gd"
+
+apache_module "php7.0"
+apache_module "headers"
+
+passwords = data_bag_item("donate", "passwords")
+
+database_password = passwords["database"]
+
+mysql_user "donate@localhost" do
+  password database_password
+end
+
+mysql_database "donate" do
+  permissions "donate@localhost" => :all
+end
+
+git "/srv/donate.openstreetmap.org" do
+  action :sync
+  repository "git://github.com/osmfoundation/donation-drive.git"
+  user "donate"
+  group "donate"
+end
+
+apache_site "donate.openstreetmap.org" do
+  template "apache.erb"
+end
+
+template "/etc/cron.d/osmf-donate" do
+  source "cron.erb"
+  owner "root"
+  group "root"
+  mode 0o600
+  variables :passwords => passwords
+end
+
+template "/etc/cron.daily/osmf-donate-backup" do
+  source "backup.cron.erb"
+  owner "root"
+  group "root"
+  mode 0o750
+  variables :passwords => passwords
+end
diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb
new file mode 100644
index 000000000..4d6cd5efa
--- /dev/null
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -0,0 +1,75 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+<% [80, 443].each do |port| -%>
+<VirtualHost *:<%= port %>>
+
+	ServerName donate.openstreetmap.org
+  ServerAlias donate.openstreetmap.com
+  ServerAlias donate.openstreetmap.net
+	ServerAlias donate.osm.org
+  ServerAlias donate.osm.org.za
+  ServerAlias donate.openstreetmap.org.za
+  ServerAlias donate.openstreetmap.org.uk
+  ServerAlias donate.openstreetmap.co.uk
+
+	ServerAdmin webmaster@openstreetmap.org
+
+<% if port == 80 -%>
+   # Redirect to secure site
+   Redirect permanent / https://donate.openstreetmap.org
+<% end -%>
+<% if port == 443 -%>
+   #
+   # Enable SSL
+   #
+   SSLEngine on
+
+   # HSTS (mod_headers is required)
+   Header always set Strict-Transport-Security "max-age=300"
+<% end -%>
+
+	CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined
+	ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log
+
+	Options -Indexes
+
+	DocumentRoot /srv/donate.openstreetmap.org
+
+  php_admin_value open_basedir /srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/
+  php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
+
+  # Alias Dynamic Content to data folder to avoid serving dummy git content
+  Alias /donors-eur.csv /srv/donate.openstreetmap.org/data/donors-eur.csv
+  Alias /donors.csv /srv/donate.openstreetmap.org/data/donors.csv
+
+  # Redirect previous compaigns to homepage
+  Redirect permanent /server2013 https://donate.openstreetmap.org/
+  Redirect permanent /server2015 https://donate.openstreetmap.org/
+
+  <Directory /srv/donate.openstreetmap.org>
+  	Require all granted
+  </Directory>
+
+  <Directory /srv/donate.openstreetmap.org/scripts>
+    Require all denied
+  </Directory>
+
+  <Directory ~ "\.svn">
+    Require all denied
+  </Directory>
+
+  <Directory ~ "\.git">
+    Require all denied
+  </Directory>
+
+  <Files ~ "~$">
+    Require all denied
+  </Files>
+
+  # Enable deflate compression on .csv files if possible
+  <IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE text/csv
+  </IfModule>
+</VirtualHost>
+
+<% end -%>
diff --git a/cookbooks/donate/templates/default/backup.cron.erb b/cookbooks/donate/templates/default/backup.cron.erb
new file mode 100644
index 000000000..6e82ad0da
--- /dev/null
+++ b/cookbooks/donate/templates/default/backup.cron.erb
@@ -0,0 +1,3 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+# FIXME to follow
diff --git a/cookbooks/donate/templates/default/cron.erb b/cookbooks/donate/templates/default/cron.erb
new file mode 100644
index 000000000..6e82ad0da
--- /dev/null
+++ b/cookbooks/donate/templates/default/cron.erb
@@ -0,0 +1,3 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+# FIXME to follow
diff --git a/roles/donate.rb b/roles/donate.rb
new file mode 100644
index 000000000..6e5f2c614
--- /dev/null
+++ b/roles/donate.rb
@@ -0,0 +1,17 @@
+name "donate"
+description "Role applied to all donate servers"
+
+default_attributes(
+  :accounts => {
+    :users => {
+      :donate => {
+        :status => :role,
+        :members => [:grant, :tomh, :matt]
+      }
+    }
+  }
+)
+
+run_list(
+  "recipe[donate]"
+)
diff --git a/roles/ridley.rb b/roles/ridley.rb
index 6595ba2ee..7bbcc3839 100644
--- a/roles/ridley.rb
+++ b/roles/ridley.rb
@@ -92,6 +92,7 @@ run_list(
   "role[switch2osm]",
   "role[blog]",
   "role[otrs]",
+  "role[donate]",
   "recipe[dhcpd]",
   "recipe[openvpn]"
 )