]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/imagery/recipes/tiler.rb
community: use a custom policyd-spf.conf
[chef.git] / cookbooks / imagery / recipes / tiler.rb
index 5e36acfa5efb41e63baa080aaf5c6c78f61f7907..d56357d62f41ea9f37929c3698dde1bead254a7c 100644 (file)
 include_recipe "imagery"
 include_recipe "podman"
 
+directory "/store/imagery" do
+  owner "root"
+  group "root"
+  mode "755"
+  recursive true
+end
+
 # FIXME: until upstream supports arm64 images: https://github.com/developmentseed/titiler/pull/740
 container_image = if arm?
                     "ghcr.io/firefishy/titiler:latest"
@@ -30,8 +37,44 @@ container_image = if arm?
 podman_service "titiler" do
   description "Container service for titiler"
   image container_image
-  ports 8080 => 8080
-  environment :PORT => 8080, :WORKERS_PER_CORE => "1.5", :GDAL_INGESTED_BYTES_AT_OPEN => 32768, :GDAL_DISABLE_READDIR_ON_OPEN => "EMPTY_DIR", :GDAL_HTTP_MERGE_CONSECUTIVE_RANGES => "YES", :GDAL_HTTP_MULTIPLEX => "YES", :GDAL_HTTP_VERSION => 2, :TITILER_API_ROOT_PATH => "/api/v1/titiler", :FORWARDED_ALLOW_IPS => "*"
+  volume :"/store/imagery"       => "/store/imagery",
+         :"/srv/imagery/sockets" => "/sockets"
+  environment :BIND                                => "unix:/sockets/titiler.sock",
+              :WORKERS_PER_CORE                    => 1,
+              :GDAL_CACHEMAX                       => 200,
+              :GDAL_BAND_BLOCK_CACHE               => "HASHSET",
+              :GDAL_DISABLE_READDIR_ON_OPEN        => "EMPTY_DIR",
+              :GDAL_INGESTED_BYTES_AT_OPEN         => 32768,
+              :GDAL_HTTP_MERGE_CONSECUTIVE_RANGES  => "YES",
+              :GDAL_HTTP_MULTIPLEX                 => "YES",
+              :GDAL_HTTP_VERSION                   => 2,
+              :VSI_CACHE                           => "TRUE",
+              :VSI_CACHE_SIZE                      => 5000000,
+              :TITILER_API_ROOT_PATH               => "/api/v1/titiler",
+              :FORWARDED_ALLOW_IPS                 => "*" # https://docs.gunicorn.org/en/latest/settings.html#forwarded-allow-ips
+end
+
+systemd_service "titiler-restart" do
+  type "simple"
+  user "root"
+  exec_start "/bin/systemctl try-restart titiler.service"
+  sandbox true
+  restrict_address_families "AF_UNIX"
+end
+
+systemd_timer "titiler-restart" do
+  on_boot_sec "6h"
+  on_unit_inactive_sec "12h"
+end
+
+service "titiler-restart.timer" do
+  action [:enable, :start]
+end
+
+directory "/var/cache/nginx-cache" do
+  owner "www-data"
+  group "www-data"
+  mode "755"
 end
 
 ssl_certificate "tiler.openstreetmap.org" do