From ac7246a285360d9870d6bf971abdc483b8a83d7d Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 2 Mar 2026 08:42:45 +0000
Subject: [PATCH] Configure overpass user directly using chef resources

---
 cookbooks/overpass/attributes/default.rb |  2 --
 cookbooks/overpass/metadata.rb           |  1 -
 cookbooks/overpass/recipes/default.rb    | 16 ++++++++++++++--
 roles/overpass-query.rb                  |  5 +++--
 test/data_bags/accounts/overpass.json    |  6 ------
 5 files changed, 17 insertions(+), 13 deletions(-)
 delete mode 100644 test/data_bags/accounts/overpass.json

diff --git a/cookbooks/overpass/attributes/default.rb b/cookbooks/overpass/attributes/default.rb
index 3bf067f26..040e280a8 100644
--- a/cookbooks/overpass/attributes/default.rb
+++ b/cookbooks/overpass/attributes/default.rb
@@ -12,5 +12,3 @@ default[:overpass][:replication_url] = "https://planet.openstreetmap.org/replica
 default[:overpass][:restricted_api] = true
 
 default[:overpass][:logdir] = "/var/log/overpass"
-
-default[:accounts][:users][:overpass][:status] = :role
diff --git a/cookbooks/overpass/metadata.rb b/cookbooks/overpass/metadata.rb
index 10f4d1b49..d97c9c4a3 100644
--- a/cookbooks/overpass/metadata.rb
+++ b/cookbooks/overpass/metadata.rb
@@ -6,7 +6,6 @@ description       "Installs and configures an Overpass server"
 
 version           "1.0.0"
 supports          "ubuntu"
-depends           "accounts"
 depends           "apache"
 depends           "prometheus"
 depends           "ruby"
diff --git a/cookbooks/overpass/recipes/default.rb b/cookbooks/overpass/recipes/default.rb
index 78f40968a..ce5b720df 100644
--- a/cookbooks/overpass/recipes/default.rb
+++ b/cookbooks/overpass/recipes/default.rb
@@ -17,15 +17,27 @@
 # limitations under the License.
 #
 
-include_recipe "accounts"
 include_recipe "apache"
 include_recipe "prometheus"
 include_recipe "ruby"
 
 username = "overpass"
-basedir = data_bag_item("accounts", username)["home"]
+basedir = "/srv/query.openstreetmap.org"
 web_passwords = data_bag_item("web", "passwords")
 
+group username do
+  gid 528
+end
+
+user username do
+  uid 528
+  gid 528
+  comment "query.openstreetmap.org"
+  home basedir
+  shell "/usr/sbin/nologin"
+  manage_home true
+end
+
 %w[bin site diffs db src].each do |dirname|
   directory "#{basedir}/#{dirname}" do
     owner username
diff --git a/roles/overpass-query.rb b/roles/overpass-query.rb
index 819bad117..7cf1a7dd2 100644
--- a/roles/overpass-query.rb
+++ b/roles/overpass-query.rb
@@ -4,9 +4,10 @@ description "Role applied to overpass servers for the query feature."
 default_attributes(
   :accounts => {
     :users => {
-      :lonvia => { :status => :administrator },
+      :lonvia => { :status => :administrator }
+    },
+    :groups => {
       :overpass => {
-        :status => :role,
         :members => [:lonvia, :tomh]
       }
     }
diff --git a/test/data_bags/accounts/overpass.json b/test/data_bags/accounts/overpass.json
deleted file mode 100644
index 7aa7c2ba2..000000000
--- a/test/data_bags/accounts/overpass.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "id": "overpass",
-  "uid": "528",
-  "comment": "query.openstreetmap.org",
-  "home": "/srv/query.openstreetmap.org"
-}
-- 
2.39.5