From c5c505d5746539d0b3925b5009a393a5f00cff18 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 14 Jul 2019 19:02:04 +0100
Subject: [PATCH] Configure Active Storage policy for user avatars

---
 cookbooks/web/recipes/rails.rb        | 18 ++++++++++++++++++
 cookbooks/web/resources/rails_port.rb | 22 +++++++++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb
index 72268aace..04bf040c4 100644
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -52,6 +52,21 @@ rails_directory = "#{node[:web][:base_directory]}/rails"
 
 piwik = data_bag_item("web", "piwik")
 
+storage = {
+  "aws" => {
+    "service" => "S3",
+    "access_key_id" => "AKIASQUXHPE7AMJQRFOS",
+    "secret_access_key" => web_passwords["aws_key"],
+    "region" => "eu-west-1",
+    "bucket" => "openstreetmap-user-avatars",
+    "use_dualstack_endpoint" => true,
+    "upload" => {
+      "acl" => "public-read",
+      "cache_control" => "public, max-age=31536000, immutable"
+    }
+  }
+}
+
 rails_port "www.openstreetmap.org" do
   ruby ruby_version
   directory rails_directory
@@ -93,6 +108,9 @@ rails_port "www.openstreetmap.org" do
   csp_enforce true
   trace_use_job_queue true
   diary_feed_delay 12
+  storage_configuration storage
+  storage_service "aws"
+  storage_url "https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com"
 end
 
 systemd_service "rails-jobs@" do
diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb
index 6e218058c..7eac0df88 100644
--- a/cookbooks/web/resources/rails_port.rb
+++ b/cookbooks/web/resources/rails_port.rb
@@ -68,6 +68,9 @@ property :csp_report_url, String
 property :piwik_configuration, Hash
 property :trace_use_job_queue, [TrueClass, FalseClass], :default => false
 property :diary_feed_delay, Integer
+property :storage_configuration, Hash
+property :storage_service, String, :default => "local"
+property :storage_url, String
 
 action :create do
   package %W[
@@ -316,7 +319,9 @@ action :create do
     "csp_enforce",
     "csp_report_url",
     "trace_use_job_queue",
-    "diary_feed_delay"
+    "diary_feed_delay",
+    "storage_service",
+    "storage_url"
   ).reject { |_k, v| v.nil? }.merge(
     "server_protocol" => "https",
     "server_url" => new_resource.site,
@@ -345,6 +350,21 @@ action :create do
     only_if { ::File.exist?("#{rails_directory}/config/settings.yml") }
   end
 
+  storage_configuration = new_resource.storage_configuration || {
+    "local" => {
+      "service" => "Disk",
+      "root" => "#{rails_directory}/storage"
+    }
+  }
+
+  file "#{rails_directory}/config/storage.yml" do
+    owner new_resource.user
+    group new_resource.group
+    mode 0o664
+    content YAML.dump(storage_configuration)
+    notifies :run, "execute[#{rails_directory}/public/assets]"
+  end
+
   if new_resource.piwik_configuration
     file "#{rails_directory}/config/piwik.yml" do
       owner new_resource.user
-- 
2.43.2