# limitations under the License.
#
+require "ipaddr"
+
certificate = node[:tilecache][:ssl][:certificate]
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ certificate ]
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | [certificate]
include_recipe "ssl"
include_recipe "squid"
include_recipe "nginx"
+package "apache2" do
+ action :remove
+end
+
package "xz-utils"
+package "openssl"
tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] }
tilerenders = search(:node, "roles:tile").sort_by { |n| n[:hostname] }
source "logrotate.squid.erb"
owner "root"
group "root"
- mode 0644
+ mode 0o644
end
nginx_site "default" do
- action [ :delete ]
+ action [:delete]
+end
+
+resolvers = node[:networking][:nameservers].map do |resolver|
+ IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : resolver
end
nginx_site "tile-ssl" do
template "nginx_tile_ssl.conf.erb"
- variables :certificate => certificate
+ variables :certificate => certificate, :resolvers => resolvers, :caches => tilecaches
end
service "nginx-certificate-restart" do
subscribes :restart, "file[/etc/ssl/private/#{certificate}.key]"
end
+template "/etc/logrotate.d/nginx" do
+ source "logrotate.nginx.erb"
+ owner "root"
+ group "root"
+ mode 0o644
+end
+
tilerenders.each do |render|
munin_plugin "ping_#{render[:fqdn]}" do
target "ping_"