]> git.openstreetmap.org Git - chef.git/blob - cookbooks/civicrm/recipes/default.rb
bind: explicitly dnssec and memory option
[chef.git] / cookbooks / civicrm / recipes / default.rb
1 #
2 # Cookbook:: civicrm
3 # Recipe:: default
4 #
5 # Copyright:: 2011, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     https://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 include_recipe "wordpress"
21 include_recipe "mysql"
22
23 package %w[
24   php-xml
25   php-curl
26   rsync
27   wkhtmltopdf
28   php-bcmath
29   php-intl
30 ]
31
32 apache_module "rewrite"
33
34 cache_dir = Chef::Config[:file_cache_path]
35
36 passwords = data_bag_item("civicrm", "passwords")
37 wp2fa_encrypt_keys = data_bag_item("civicrm", "wp2fa_encrypt_keys")
38
39 database_password = passwords["database"]
40 site_key = passwords["site_key"]
41 cred_keys = passwords["cred_keys"]
42 sign_keys = passwords["sign_keys"]
43
44 mysql_user "civicrm@localhost" do
45   password database_password
46 end
47
48 mysql_database "civicrm" do
49   permissions "civicrm@localhost" => :all
50 end
51
52 wordpress_site "supporting.openstreetmap.org" do
53   aliases %w[
54     crm.osmfoundation.org
55     donate.openstreetmap.org
56     donate.openstreetmap.com
57     donate.openstreetmap.net
58     donate.osm.org
59     join.osmfoundation.org
60     supporting.osmfoundation.org
61     support.osmfoundation.org
62     support.openstreetmap.org
63     supporting.osm.org
64     support.osm.org
65   ]
66   database_name "civicrm"
67   database_user "civicrm"
68   database_password database_password
69   wp2fa_encrypt_key wp2fa_encrypt_keys["key"]
70   fpm_prometheus_port 11301
71 end
72
73 wordpress_plugin "civicrm-wp-piwik" do
74   plugin "wp-piwik"
75   site "supporting.openstreetmap.org"
76 end
77
78 wordpress_plugin "registration-honeypot" do
79   site "supporting.openstreetmap.org"
80 end
81
82 wordpress_plugin "contact-form-7" do
83   site "supporting.openstreetmap.org"
84 end
85
86 wordpress_plugin "civicrm-admin-utilities" do
87   site "supporting.openstreetmap.org"
88 end
89
90 wordpress_plugin "host-webfonts-local" do
91   site "supporting.openstreetmap.org"
92 end
93
94 wordpress_theme "morden" do
95   site "supporting.openstreetmap.org"
96   repository "https://public-api.wordpress.com/rest/v1/themes/download/morden.zip"
97 end
98
99 wordpress_theme "varia" do
100   site "supporting.openstreetmap.org"
101   repository "https://public-api.wordpress.com/rest/v1/themes/download/varia.zip"
102 end
103
104 civicrm_version = node[:civicrm][:version]
105 civicrm_directory = "/srv/supporting.openstreetmap.org/wp-content/plugins/civicrm"
106
107 directory "/opt/civicrm-#{civicrm_version}" do
108   owner "wordpress"
109   group "wordpress"
110   mode "755"
111 end
112
113 remote_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
114   action :create_if_missing
115   source "https://download.civicrm.org/civicrm-#{civicrm_version}-wordpress.zip"
116   owner "wordpress"
117   group "wordpress"
118   mode "644"
119   backup false
120 end
121
122 remote_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
123   action :create_if_missing
124   source "https://download.civicrm.org/civicrm-#{civicrm_version}-l10n.tar.gz"
125   owner "wordpress"
126   group "wordpress"
127   mode "644"
128   backup false
129 end
130
131 archive_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
132   action :nothing
133   destination "/opt/civicrm-#{civicrm_version}"
134   overwrite true
135   owner "wordpress"
136   group "wordpress"
137   subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
138 end
139
140 archive_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
141   action :nothing
142   destination "/opt/civicrm-#{civicrm_version}/civicrm"
143   overwrite true
144   owner "wordpress"
145   group "wordpress"
146   subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
147 end
148
149 execute "/opt/civicrm-#{civicrm_version}/civicrm" do
150   action :nothing
151   command "rsync --archive --delete --delete-delay --delay-updates /opt/civicrm-#{civicrm_version}/civicrm/ #{civicrm_directory}"
152   user "wordpress"
153   group "wordpress"
154   subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
155   subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
156 end
157
158 directory "/srv/supporting.openstreetmap.org/wp-content/uploads" do
159   owner "www-data"
160   group "www-data"
161   mode "755"
162 end
163
164 extensions_directory = "/srv/supporting.openstreetmap.org/wp-content/plugins/civicrm-extensions"
165
166 directory extensions_directory do
167   owner "wordpress"
168   group "wordpress"
169   mode "755"
170 end
171
172 node[:civicrm][:extensions].each_value do |details|
173   if details[:repository]
174     git "#{extensions_directory}/#{details[:name]}" do
175       action :sync
176       repository details[:repository]
177       revision details[:revision]
178       user "wordpress"
179       group "wordpress"
180     end
181   elsif details[:zip]
182     remote_file "#{cache_dir}/#{details[:name]}.zip" do
183       source details[:zip]
184       owner "root"
185       group "root"
186       mode "644"
187       backup false
188     end
189
190     archive_file "#{cache_dir}/#{details[:name]}.zip" do
191       action :nothing
192       destination "#{extensions_directory}/#{details[:name]}"
193       strip_components 1
194       owner "wordpress"
195       group "wordpress"
196       overwrite true
197       subscribes :extract, "remote_file[#{cache_dir}/#{details[:name]}.zip]", :immediately
198     end
199   end
200 end
201
202 settings = edit_file "#{civicrm_directory}/civicrm/templates/CRM/common/civicrm.settings.php.template" do |line|
203   line.gsub!(/%%cms%%/, "WordPress")
204   line.gsub!(/%%CMSdbUser%%/, "civicrm")
205   line.gsub!(/%%CMSdbPass%%/, database_password)
206   line.gsub!(/%%CMSdbHost%%/, "localhost")
207   line.gsub!(/%%CMSdbName%%/, "civicrm")
208   line.gsub!(/%%dbUser%%/, "civicrm")
209   line.gsub!(/%%dbPass%%/, database_password)
210   line.gsub!(/%%dbHost%%/, "localhost")
211   line.gsub!(/%%dbName%%/, "civicrm")
212   line.gsub!(/%%crmRoot%%/, "#{civicrm_directory}/civicrm/")
213   line.gsub!(/%%templateCompileDir%%/, "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm/templates_c/")
214   line.gsub!(/%%baseURL%%/, "http://supporting.openstreetmap.org/")
215   line.gsub!(/%%siteKey%%/, site_key)
216   line.gsub!(/%%credKeys%%/, cred_keys)
217   line.gsub!(/%%signKeys%%/, sign_keys)
218   line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/supporting.openstreetmap.org');")
219   # Don't recompile smarty templates on every call https://docs.civicrm.org/sysadmin/en/latest/setup/optimizations/#disable-compile-check
220   line.gsub!(%r{//  define\('CIVICRM_TEMPLATE_COMPILE_CHECK', FALSE\);}, "define('CIVICRM_TEMPLATE_COMPILE_CHECK', FALSE);")
221
222   line
223 end
224
225 directory "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm" do
226   owner "www-data"
227   group "www-data"
228   mode "755"
229 end
230
231 file "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm/civicrm.settings.php" do
232   owner "wordpress"
233   group "wordpress"
234   mode "644"
235   content settings
236 end
237
238 file "#{civicrm_directory}/civicrm.settings.php" do
239   action :delete
240 end
241
242 systemd_service "osmf-crm-jobs" do
243   description "Run CRM jobs"
244   exec_start "/usr/bin/php #{civicrm_directory}/civicrm/bin/cli.php -s supporting.openstreetmap.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute"
245   user "www-data"
246   sandbox :enable_network => true
247   memory_deny_write_execute false
248   restrict_address_families "AF_UNIX"
249   read_write_paths "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm"
250 end
251
252 systemd_timer "osmf-crm-jobs" do
253   description "Run CRM jobs"
254   on_boot_sec "15m"
255   on_unit_inactive_sec "15m"
256 end
257
258 service "osmf-crm-jobs.timer" do
259   action [:enable, :start]
260 end
261
262 template "/etc/cron.daily/osmf-crm-backup" do
263   source "backup.cron.erb"
264   owner "root"
265   group "root"
266   mode "750"
267   variables :passwords => passwords
268 end