From 4ac7cf54e6e68995fe0d1c020e044184432d79e3 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Mon, 21 Aug 2023 12:13:31 +0100
Subject: [PATCH] dmca: move to container version

---
 cookbooks/dmca/metadata.rb                  |  3 +-
 cookbooks/dmca/recipes/default.rb           | 41 ++------------
 cookbooks/dmca/templates/default/apache.erb | 62 ---------------------
 roles/naga.rb                               |  3 +-
 roles/ridley.rb                             |  1 -
 5 files changed, 7 insertions(+), 103 deletions(-)
 delete mode 100644 cookbooks/dmca/templates/default/apache.erb

diff --git a/cookbooks/dmca/metadata.rb b/cookbooks/dmca/metadata.rb
index 987656295..f5a137faa 100644
--- a/cookbooks/dmca/metadata.rb
+++ b/cookbooks/dmca/metadata.rb
@@ -6,5 +6,4 @@ description       "Configure DMCA form"
 
 version           "1.0.0"
 supports          "ubuntu"
-depends           "apache"
-depends           "php"
+depends           "podman"
diff --git a/cookbooks/dmca/recipes/default.rb b/cookbooks/dmca/recipes/default.rb
index eafadd787..2b83f8d54 100644
--- a/cookbooks/dmca/recipes/default.rb
+++ b/cookbooks/dmca/recipes/default.rb
@@ -17,42 +17,9 @@
 # limitations under the License.
 #
 
-include_recipe "apache"
-include_recipe "php::fpm"
+include_recipe "podman::apache"
 
-apache_module "proxy"
-apache_module "proxy_fcgi"
-
-package "composer"
-
-git "/srv/dmca.openstreetmap.org" do
-  action :sync
-  repository "https://github.com/openstreetmap/dmca-website.git"
-  revision "main"
-  depth 1
-  notifies :run, "execute[/srv/dmca.openstreetmap.org/composer.json]", :immediately
-end
-
-execute "/srv/dmca.openstreetmap.org/composer.json" do
-  action :nothing
-  command "composer install --no-dev"
-  cwd "/srv/dmca.openstreetmap.org/"
-  environment "COMPOSER_HOME" => "/srv/dmca.openstreetmap.org/"
-end
-
-ssl_certificate "dmca.openstreetmap.org" do
-  domains ["dmca.openstreetmap.org", "dmca.osm.org"]
-  notifies :reload, "service[apache2]"
-end
-
-php_fpm "dmca.openstreetmap.org" do
-  php_admin_values "open_basedir" => "/srv/dmca.openstreetmap.org/:/usr/share/php/:/tmp/",
-                   "disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
-  prometheus_port 11201
-end
-
-apache_site "dmca.openstreetmap.org" do
-  template "apache.erb"
-  directory "/srv/dmca.openstreetmap.org"
-  variables :aliases => ["dmca.osm.org"]
+podman_site "dmca.openstreetmap.org" do
+  image "ghcr.io/openstreetmap/dmca-website:latest"
+  aliases ["dmca.osm.org"]
 end
diff --git a/cookbooks/dmca/templates/default/apache.erb b/cookbooks/dmca/templates/default/apache.erb
deleted file mode 100644
index d59bb7e22..000000000
--- a/cookbooks/dmca/templates/default/apache.erb
+++ /dev/null
@@ -1,62 +0,0 @@
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:80>
-  ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
-  ServerAlias <%= alias_name %>
-<% end -%>
-  ServerAdmin webmaster@openstreetmap.org
-
-  CustomLog /var/log/apache2/<%= @name %>-access.log combined
-  ErrorLog /var/log/apache2/<%= @name %>-error.log
-
-  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-  RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% unless @aliases.empty? -%>
-
-<VirtualHost *:443>
-  ServerName <%= @aliases.first %>
-<% @aliases.drop(1).each do |alias_name| -%>
-  ServerAlias <%= alias_name %>
-<% end -%>
-  ServerAdmin webmaster@openstreetmap.org
-
-  SSLEngine on
-  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
-  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
-  CustomLog /var/log/apache2/<%= @name %>-access.log combined
-  ErrorLog /var/log/apache2/<%= @name %>-error.log
-
-  RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% end -%>
-
-<VirtualHost *:443>
-  ServerName <%= @name %>
-  ServerAdmin webmaster@openstreetmap.org
-
-  SSLEngine on
-  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
-  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
-  CustomLog /var/log/apache2/<%= @name %>-access.log combined
-  ErrorLog /var/log/apache2/<%= @name %>-error.log
-
-  DocumentRoot <%= @directory %>
-
-  Options -Indexes
-</VirtualHost>
-
-<Directory <%= @directory %>>
-  Require all granted
-
-  <FilesMatch ".+\.ph(ar|p|tml)$">
-    SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1"
-  </FilesMatch>
-</Directory>
-
-<Directory ~ "\.git">
-  Require all denied
-</Directory>
diff --git a/roles/naga.rb b/roles/naga.rb
index aa9db6707..6ed3323f4 100644
--- a/roles/naga.rb
+++ b/roles/naga.rb
@@ -44,5 +44,6 @@ run_list(
   "recipe[foundation::welcome]",
   "recipe[stateofthemap::container]",
   "recipe[hot]",
-  "recipe[ideditor]"
+  "recipe[ideditor]",
+  "recipe[dmca]"
 )
diff --git a/roles/ridley.rb b/roles/ridley.rb
index b1b1e1e13..08a97417d 100644
--- a/roles/ridley.rb
+++ b/roles/ridley.rb
@@ -44,6 +44,5 @@ run_list(
   "role[stateofthemap]",
   "role[blog]",
   "role[otrs]",
-  "recipe[dmca]",
   "recipe[dhcpd]"
 )
-- 
2.43.2