Add test for nominatim cookbook

[chef.git] / cookbooks / nominatim / recipes / default.rb

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 463b6e602d9c8298d5ecf83938f3b1e6412a118b..46a03fc9148ade9af1003d54adb77b82144389de 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "munin"
 
 basedir = data_bag_item("accounts", "nominatim")["home"]
@@ -312,18 +313,13 @@ directory "#{basedir}/etc" do
   mode 0o775
 end
 
-file "#{basedir}/etc/nginx_blocked_user_agent.conf" do
-  action :create_if_missing
-  owner "nominatim"
-  group "adm"
-  mode 0o664
-end
-
-file "#{basedir}/etc/nginx_blocked_referrer.conf" do
-  action :create_if_missing
-  owner "nominatim"
-  group "adm"
-  mode 0o664
+%w[user_agent referrer email].each do |name|
+  file "#{basedir}/etc/nginx_blocked_#{name}.conf" do
+    action :create_if_missing
+    owner "nominatim"
+    group "adm"
+    mode 0o664
+  end
 end
 
 service "php7.2-fpm" do
@@ -367,6 +363,7 @@ nginx_site "nominatim" do
   template "nginx.erb"
   directory build_directory
   variables :pools => node[:nominatim][:fpm_pools],
+            :frontends => search(:node, "recipes:web\\:\\:frontend"),
             :confdir => "#{basedir}/etc"
 end
 
@@ -395,12 +392,17 @@ munin_plugin "nominatim_requests" do
   target "#{source_directory}/munin/nominatim_requests_querylog"
 end
 
-munin_plugin "nominatim_throttled_ips" do
-  target "#{source_directory}/munin/nominatim_throttled_ips"
-end
-
 directory "#{basedir}/status" do
   owner "nominatim"
   group "postgres"
   mode 0o775
 end
+
+include_recipe "fail2ban"
+
+fail2ban_jail "nominatim_limit_req" do
+  filter "nginx-limit-req"
+  logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
+  ports [80, 443]
+  maxretry 5
+end