]> git.openstreetmap.org Git - chef.git/blob - cookbooks/civicrm/recipes/default.rb
Make nftables block various invalid TCP flag combinations
[chef.git] / cookbooks / civicrm / recipes / default.rb
1 #
2 # Cookbook:: civicrm
3 # Recipe:: default
4 #
5 # Copyright:: 2011, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     https://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 include_recipe "wordpress"
21 include_recipe "mysql"
22
23 package %w[
24   php-xml
25   php-curl
26   rsync
27   wkhtmltopdf
28   php-bcmath
29   php-intl
30 ]
31
32 cache_dir = Chef::Config[:file_cache_path]
33
34 passwords = data_bag_item("civicrm", "passwords")
35
36 database_password = passwords["database"]
37 site_key = passwords["site_key"]
38 cred_keys = passwords["cred_keys"]
39 sign_keys = passwords["sign_keys"]
40
41 mysql_user "civicrm@localhost" do
42   password database_password
43 end
44
45 mysql_database "civicrm" do
46   permissions "civicrm@localhost" => :all
47 end
48
49 wordpress_site "join.osmfoundation.org" do
50   aliases "crm.osmfoundation.org"
51   database_name "civicrm"
52   database_user "civicrm"
53   database_password database_password
54   fpm_prometheus_port 11301
55 end
56
57 wordpress_theme "osmblog-wp-theme" do
58   site "join.osmfoundation.org"
59   repository "https://github.com/osmfoundation/osmblog-wp-theme.git"
60 end
61
62 wordpress_plugin "registration-honeypot" do
63   site "join.osmfoundation.org"
64 end
65
66 wordpress_plugin "contact-form-7" do
67   site "join.osmfoundation.org"
68 end
69
70 wordpress_plugin "civicrm-admin-utilities" do
71   site "join.osmfoundation.org"
72 end
73
74 civicrm_version = node[:civicrm][:version]
75 civicrm_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm"
76
77 directory "/opt/civicrm-#{civicrm_version}" do
78   owner "wordpress"
79   group "wordpress"
80   mode "755"
81 end
82
83 remote_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
84   action :create_if_missing
85   source "https://download.civicrm.org/civicrm-#{civicrm_version}-wordpress.zip"
86   owner "wordpress"
87   group "wordpress"
88   mode "644"
89   backup false
90 end
91
92 remote_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
93   action :create_if_missing
94   source "https://download.civicrm.org/civicrm-#{civicrm_version}-l10n.tar.gz"
95   owner "wordpress"
96   group "wordpress"
97   mode "644"
98   backup false
99 end
100
101 archive_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
102   action :nothing
103   destination "/opt/civicrm-#{civicrm_version}"
104   overwrite true
105   owner "wordpress"
106   group "wordpress"
107   subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
108 end
109
110 archive_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
111   action :nothing
112   destination "/opt/civicrm-#{civicrm_version}/civicrm"
113   overwrite true
114   owner "wordpress"
115   group "wordpress"
116   subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
117 end
118
119 execute "/opt/civicrm-#{civicrm_version}/civicrm" do
120   action :nothing
121   command "rsync --archive --delete /opt/civicrm-#{civicrm_version}/civicrm/ #{civicrm_directory}"
122   user "wordpress"
123   group "wordpress"
124   subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
125   subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
126 end
127
128 directory "/srv/join.osmfoundation.org/wp-content/uploads" do
129   owner "www-data"
130   group "www-data"
131   mode "755"
132 end
133
134 extensions_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm-extensions"
135
136 directory extensions_directory do
137   owner "wordpress"
138   group "wordpress"
139   mode "755"
140 end
141
142 node[:civicrm][:extensions].each_value do |details|
143   git "#{extensions_directory}/#{details[:name]}" do
144     action :sync
145     repository details[:repository]
146     revision details[:revision]
147     user "wordpress"
148     group "wordpress"
149   end
150 end
151
152 settings = edit_file "#{civicrm_directory}/civicrm/templates/CRM/common/civicrm.settings.php.template" do |line|
153   line.gsub!(/%%cms%%/, "WordPress")
154   line.gsub!(/%%CMSdbUser%%/, "civicrm")
155   line.gsub!(/%%CMSdbPass%%/, database_password)
156   line.gsub!(/%%CMSdbHost%%/, "localhost")
157   line.gsub!(/%%CMSdbName%%/, "civicrm")
158   line.gsub!(/%%dbUser%%/, "civicrm")
159   line.gsub!(/%%dbPass%%/, database_password)
160   line.gsub!(/%%dbHost%%/, "localhost")
161   line.gsub!(/%%dbName%%/, "civicrm")
162   line.gsub!(/%%crmRoot%%/, "#{civicrm_directory}/civicrm/")
163   line.gsub!(/%%templateCompileDir%%/, "/srv/join.osmfoundation.org/wp-content/uploads/civicrm/templates_c/")
164   line.gsub!(/%%baseURL%%/, "http://join.osmfoundation.org/")
165   line.gsub!(/%%siteKey%%/, site_key)
166   line.gsub!(/%%credKeys%%/, cred_keys)
167   line.gsub!(/%%signKeys%%/, sign_keys)
168   line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/join.osmfoundation.org');")
169
170   line
171 end
172
173 file "#{civicrm_directory}/civicrm.settings.php" do
174   owner "wordpress"
175   group "wordpress"
176   mode "644"
177   content settings
178 end
179
180 systemd_service "osmf-crm-jobs" do
181   description "Run CRM jobs"
182   exec_start "/usr/bin/php #{civicrm_directory}/civicrm/bin/cli.php -s join.osmfoundation.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute"
183   user "www-data"
184   sandbox :enable_network => true
185   memory_deny_write_execute false
186   restrict_address_families "AF_UNIX"
187   read_write_paths "/srv/join.osmfoundation.org/wp-content/uploads/civicrm"
188 end
189
190 systemd_timer "osmf-crm-jobs" do
191   description "Run CRM jobs"
192   on_boot_sec "15m"
193   on_unit_inactive_sec "15m"
194 end
195
196 service "osmf-crm-jobs.timer" do
197   action [:enable, :start]
198 end
199
200 template "/etc/cron.daily/osmf-crm-backup" do
201   source "backup.cron.erb"
202   owner "root"
203   group "root"
204   mode "750"
205   variables :passwords => passwords
206 end