#
-# Cookbook Name:: web
+# Cookbook:: web
# Recipe:: rails
#
-# Copyright 2011, OpenStreetMap Foundation
+# Copyright:: 2011, OpenStreetMap Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
#
-include_recipe "tools"
-include_recipe "web::base"
-
include_recipe "apache"
-include_recipe "passenger"
+include_recipe "apt"
include_recipe "git"
+include_recipe "geoipupdate"
+include_recipe "munin"
include_recipe "nodejs"
+include_recipe "passenger"
+include_recipe "tools"
+include_recipe "web::base"
web_passwords = data_bag_item("web", "passwords")
db_passwords = data_bag_item("db", "passwords")
source "passenger.cron.erb"
owner "root"
group "root"
- mode 0o755
+ mode "755"
end
ruby_version = node[:passenger][:ruby_version]
piwik = data_bag_item("web", "piwik")
+storage = {
+ "avatars" => {
+ "service" => "S3",
+ "access_key_id" => "AKIASQUXHPE7AMJQRFOS",
+ "secret_access_key" => web_passwords["aws_key"],
+ "region" => "eu-west-1",
+ "bucket" => "openstreetmap-user-avatars",
+ "use_dualstack_endpoint" => true,
+ "upload" => {
+ "acl" => "public-read",
+ "cache_control" => "public, max-age=31536000, immutable"
+ }
+ }
+}
+
rails_port "www.openstreetmap.org" do
ruby ruby_version
directory rails_directory
thunderforest_key web_passwords["thunderforest_key"]
totp_key web_passwords["totp_key"]
csp_enforce true
+ trace_use_job_queue true
+ diary_feed_delay 12
+ storage_configuration storage
+ storage_service "avatars"
+ storage_url "https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com"
end
-systemd_service "rails-jobs" do
+gem_package "bundler#{ruby_version}" do
+ package_name "bundler"
+ gem_binary "gem#{ruby_version}"
+ options "--format-executable"
+end
+
+bundle = if File.exist?("/usr/bin/bundle#{ruby_version}")
+ "/usr/bin/bundle#{ruby_version}"
+ else
+ "/usr/local/bin/bundle#{ruby_version}"
+ end
+
+systemd_service "rails-jobs@" do
description "Rails job queue runner"
type "simple"
+ environment "RAILS_ENV" => "production", "QUEUE" => "%I"
user "rails"
working_directory rails_directory
- exec_start "/usr/local/bin/bundle#{ruby_version} exec rake jobs:work"
+ exec_start "#{bundle} exec rake jobs:work"
restart "on-failure"
private_tmp true
private_devices true
source "cleanup-assets.erb"
owner "root"
group "root"
- mode 0o755
+ mode "755"
end
gem_package "apachelogregex"
source "api-statistics.erb"
owner "root"
group "root"
- mode 0o755
+ mode "755"
end
systemd_service "api-statistics" do