Merge remote-tracking branch 'github/pull/225'

[chef.git] / cookbooks / web / recipes / rails.rb

diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb
index d5f34cbf7de49d224b178a4a82267a847589593d..ab674ba93e03e525539f6bf457bf5236baa76b6e 100644 (file)
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -47,16 +47,17 @@ template "/etc/cron.hourly/passenger" do
   mode 0o755
 end
 
+ruby_version = node[:passenger][:ruby_version]
 rails_directory = "#{node[:web][:base_directory]}/rails"
 
 piwik = data_bag_item("web", "piwik")
 
 rails_port "www.openstreetmap.org" do
-  ruby node[:passenger][:ruby_version]
+  ruby ruby_version
   directory rails_directory
   user "rails"
   group "rails"
-  repository "git://git.openstreetmap.org/rails.git"
+  repository "https://git.openstreetmap.org/public/rails.git"
   revision "live"
   database_host node[:web][:database_host]
   database_name "openstreetmap"
@@ -87,10 +88,24 @@ rails_port "www.openstreetmap.org" do
   github_auth_secret web_passwords["github_auth_secret"]
   wikipedia_auth_id "e4fe0c2c5855d23ed7e1f1c0fa1f1c58"
   wikipedia_auth_secret web_passwords["wikipedia_auth_secret"]
-  mapzen_valhalla_key web_passwords["mapzen_valhalla_key"]
   thunderforest_key web_passwords["thunderforest_key"]
   totp_key web_passwords["totp_key"]
-  csp_report_url "https://openstreetmap.report-uri.io/r/default/csp/reportOnly"
+  csp_enforce true
+end
+
+systemd_service "rails-jobs@" do
+  description "Rails job queue runner"
+  type "simple"
+  environment "QUEUE" => "%I"
+  user "rails"
+  working_directory rails_directory
+  exec_start "/usr/local/bin/bundle#{ruby_version} exec rake jobs:work"
+  restart "on-failure"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
 end
 
 package "libjson-xs-perl"