]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/civicrm/recipes/default.rb
podman: revert to using default slirp4netns mtu
[chef.git] / cookbooks / civicrm / recipes / default.rb
index 4486ea3520eb718c34c0aee434fc808182bcf32f..dd6bd834239cf84de6ba0d791d19379972187cfe 100644 (file)
 include_recipe "wordpress"
 include_recipe "mysql"
 
 include_recipe "wordpress"
 include_recipe "mysql"
 
-package "wkhtmltopdf"
+package %w[
+  php-xml
+  php-curl
+  rsync
+  wkhtmltopdf
+  php-bcmath
+  php-intl
+]
+
+apache_module "rewrite"
 
 cache_dir = Chef::Config[:file_cache_path]
 
 passwords = data_bag_item("civicrm", "passwords")
 
 cache_dir = Chef::Config[:file_cache_path]
 
 passwords = data_bag_item("civicrm", "passwords")
+wp2fa_encrypt_keys = data_bag_item("civicrm", "wp2fa_encrypt_keys")
 
 database_password = passwords["database"]
 
 database_password = passwords["database"]
-site_key = passwords["key"]
+site_key = passwords["site_key"]
+cred_keys = passwords["cred_keys"]
+sign_keys = passwords["sign_keys"]
 
 mysql_user "civicrm@localhost" do
   password database_password
 
 mysql_user "civicrm@localhost" do
   password database_password
@@ -37,39 +49,55 @@ mysql_database "civicrm" do
   permissions "civicrm@localhost" => :all
 end
 
   permissions "civicrm@localhost" => :all
 end
 
-wordpress_site "join.osmfoundation.org" do
-  aliases "crm.osmfoundation.org"
+wordpress_site "supporting.openstreetmap.org" do
+  aliases %w[
+    crm.osmfoundation.org
+    donate.openstreetmap.org
+    donate.openstreetmap.com
+    donate.openstreetmap.net
+    donate.osm.org
+    join.osmfoundation.org
+    supporting.osmfoundation.org
+    support.osmfoundation.org
+    support.openstreetmap.org
+    supporting.osm.org
+    support.osm.org
+  ]
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
+  wp2fa_encrypt_key wp2fa_encrypt_keys["key"]
+  fpm_prometheus_port 11301
 end
 
 end
 
-wordpress_theme "osmblog-wp-theme" do
-  site "join.osmfoundation.org"
-  repository "git://github.com/harry-wood/osmblog-wp-theme.git"
+wordpress_plugin "civicrm-wp-piwik" do
+  plugin "wp-piwik"
+  site "supporting.openstreetmap.org"
 end
 
 wordpress_plugin "registration-honeypot" do
 end
 
 wordpress_plugin "registration-honeypot" do
-  site "join.osmfoundation.org"
+  site "supporting.openstreetmap.org"
 end
 
 end
 
-wordpress_plugin "sitepress-multilingual-cms" do
-  site "join.osmfoundation.org"
-  repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
-  not_if { ENV["TEST_KITCHEN"] }
+wordpress_plugin "contact-form-7" do
+  site "supporting.openstreetmap.org"
 end
 
 end
 
-wordpress_plugin "contact-form-7" do
-  site "join.osmfoundation.org"
+wordpress_plugin "civicrm-admin-utilities" do
+  site "supporting.openstreetmap.org"
+end
+
+wordpress_plugin "host-webfonts-local" do
+  site "supporting.openstreetmap.org"
 end
 
 civicrm_version = node[:civicrm][:version]
 end
 
 civicrm_version = node[:civicrm][:version]
-civicrm_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm"
+civicrm_directory = "/srv/supporting.openstreetmap.org/wp-content/plugins/civicrm"
 
 directory "/opt/civicrm-#{civicrm_version}" do
   owner "wordpress"
   group "wordpress"
 
 directory "/opt/civicrm-#{civicrm_version}" do
   owner "wordpress"
   group "wordpress"
-  mode 0o755
+  mode "755"
 end
 
 remote_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
 end
 
 remote_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
@@ -77,7 +105,7 @@ remote_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
   source "https://download.civicrm.org/civicrm-#{civicrm_version}-wordpress.zip"
   owner "wordpress"
   group "wordpress"
   source "https://download.civicrm.org/civicrm-#{civicrm_version}-wordpress.zip"
   owner "wordpress"
   group "wordpress"
-  mode 0o644
+  mode "644"
   backup false
 end
 
   backup false
 end
 
@@ -86,58 +114,78 @@ remote_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
   source "https://download.civicrm.org/civicrm-#{civicrm_version}-l10n.tar.gz"
   owner "wordpress"
   group "wordpress"
   source "https://download.civicrm.org/civicrm-#{civicrm_version}-l10n.tar.gz"
   owner "wordpress"
   group "wordpress"
-  mode 0o644
+  mode "644"
   backup false
 end
 
   backup false
 end
 
-execute "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
+archive_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
   action :nothing
   action :nothing
-  command "unzip -o -qq #{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip"
-  cwd "/opt/civicrm-#{civicrm_version}"
-  user "wordpress"
+  destination "/opt/civicrm-#{civicrm_version}"
+  overwrite true
+  owner "wordpress"
   group "wordpress"
   group "wordpress"
-  subscribes :run, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
+  subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
 end
 
 end
 
-execute "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
+archive_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
   action :nothing
   action :nothing
-  command "tar -zxf #{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz"
-  cwd "/opt/civicrm-#{civicrm_version}/civicrm"
-  user "wordpress"
+  destination "/opt/civicrm-#{civicrm_version}/civicrm"
+  overwrite true
+  owner "wordpress"
   group "wordpress"
   group "wordpress"
-  subscribes :run, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
+  subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
 end
 
 execute "/opt/civicrm-#{civicrm_version}/civicrm" do
   action :nothing
 end
 
 execute "/opt/civicrm-#{civicrm_version}/civicrm" do
   action :nothing
-  command "rsync --archive --delete /opt/civicrm-#{civicrm_version}/civicrm/ #{civicrm_directory}"
+  command "rsync --archive --delete --delete-delay --delay-updates /opt/civicrm-#{civicrm_version}/civicrm/ #{civicrm_directory}"
   user "wordpress"
   group "wordpress"
   user "wordpress"
   group "wordpress"
-  subscribes :run, "execute[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
-  subscribes :run, "execute[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
+  subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
+  subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
 end
 
 end
 
-directory "/srv/join.osmfoundation.org/wp-content/plugins/files" do
+directory "/srv/supporting.openstreetmap.org/wp-content/uploads" do
   owner "www-data"
   group "www-data"
   owner "www-data"
   group "www-data"
-  mode 0o755
+  mode "755"
 end
 
 end
 
-extensions_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm-extensions"
+extensions_directory = "/srv/supporting.openstreetmap.org/wp-content/plugins/civicrm-extensions"
 
 directory extensions_directory do
   owner "wordpress"
   group "wordpress"
 
 directory extensions_directory do
   owner "wordpress"
   group "wordpress"
-  mode 0o755
+  mode "755"
 end
 
 node[:civicrm][:extensions].each_value do |details|
 end
 
 node[:civicrm][:extensions].each_value do |details|
-  git "#{extensions_directory}/#{details[:name]}" do
-    action :sync
-    repository details[:repository]
-    revision details[:revision]
-    user "wordpress"
-    group "wordpress"
+  if details[:repository]
+    git "#{extensions_directory}/#{details[:name]}" do
+      action :sync
+      repository details[:repository]
+      revision details[:revision]
+      user "wordpress"
+      group "wordpress"
+    end
+  elsif details[:zip]
+    remote_file "#{cache_dir}/#{details[:name]}.zip" do
+      source details[:zip]
+      owner "root"
+      group "root"
+      mode "644"
+      backup false
+    end
+
+    archive_file "#{cache_dir}/#{details[:name]}.zip" do
+      action :nothing
+      destination "#{extensions_directory}/#{details[:name]}"
+      strip_components 1
+      owner "wordpress"
+      group "wordpress"
+      overwrite true
+      subscribes :extract, "remote_file[#{cache_dir}/#{details[:name]}.zip]", :immediately
+    end
   end
 end
 
   end
 end
 
@@ -152,11 +200,12 @@ settings = edit_file "#{civicrm_directory}/civicrm/templates/CRM/common/civicrm.
   line.gsub!(/%%dbHost%%/, "localhost")
   line.gsub!(/%%dbName%%/, "civicrm")
   line.gsub!(/%%crmRoot%%/, "#{civicrm_directory}/civicrm/")
   line.gsub!(/%%dbHost%%/, "localhost")
   line.gsub!(/%%dbName%%/, "civicrm")
   line.gsub!(/%%crmRoot%%/, "#{civicrm_directory}/civicrm/")
-  line.gsub!(/%%templateCompileDir%%/, "/srv/join.osmfoundation.org/wp-content/plugins/files/civicrm/templates_c/")
-  line.gsub!(/%%baseURL%%/, "http://join.osmfoundation.org/")
+  line.gsub!(/%%templateCompileDir%%/, "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm/templates_c/")
+  line.gsub!(/%%baseURL%%/, "http://supporting.openstreetmap.org/")
   line.gsub!(/%%siteKey%%/, site_key)
   line.gsub!(/%%siteKey%%/, site_key)
-  line.gsub!(%r{// *(.*'ext_repo_url'.*)$}, "\\1")
-  line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/join.osmfoundation.org');")
+  line.gsub!(/%%credKeys%%/, cred_keys)
+  line.gsub!(/%%signKeys%%/, sign_keys)
+  line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/supporting.openstreetmap.org');")
 
   line
 end
 
   line
 end
@@ -164,22 +213,34 @@ end
 file "#{civicrm_directory}/civicrm.settings.php" do
   owner "wordpress"
   group "wordpress"
 file "#{civicrm_directory}/civicrm.settings.php" do
   owner "wordpress"
   group "wordpress"
-  mode 0o644
+  mode "644"
   content settings
 end
 
   content settings
 end
 
-template "/etc/cron.d/osmf-crm" do
-  source "cron.erb"
-  owner "root"
-  group "root"
-  mode 0o600
-  variables :directory => civicrm_directory, :passwords => passwords
+systemd_service "osmf-crm-jobs" do
+  description "Run CRM jobs"
+  exec_start "/usr/bin/php #{civicrm_directory}/civicrm/bin/cli.php -s supporting.openstreetmap.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute"
+  user "www-data"
+  sandbox :enable_network => true
+  memory_deny_write_execute false
+  restrict_address_families "AF_UNIX"
+  read_write_paths "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm"
+end
+
+systemd_timer "osmf-crm-jobs" do
+  description "Run CRM jobs"
+  on_boot_sec "15m"
+  on_unit_inactive_sec "15m"
+end
+
+service "osmf-crm-jobs.timer" do
+  action [:enable, :start]
 end
 
 template "/etc/cron.daily/osmf-crm-backup" do
   source "backup.cron.erb"
   owner "root"
   group "root"
 end
 
 template "/etc/cron.daily/osmf-crm-backup" do
   source "backup.cron.erb"
   owner "root"
   group "root"
-  mode 0o750
+  mode "750"
   variables :passwords => passwords
 end
   variables :passwords => passwords
 end