mode "700"
end
-# Note: tablespaces must be exactly in the same location on each
+# NOTE: tablespaces must be exactly in the same location on each
# Nominatim instance when replication is in use. Therefore
# use symlinks to canonical directory locations.
node[:nominatim][:tablespaces].each do |name, location|
python3-pyosmium
pyosmium
python3-psycopg2
+ python3-dotenv
+ python3-psutil
+ python3-jinja2
+ python3-icu
php-pgsql
php-intl
+ php-symfony-dotenv
]
source_directory = "#{basedir}/nominatim"
build_directory = "#{basedir}/bin"
+ui_directory = "#{basedir}/ui"
directory build_directory do
owner "nominatim"
user "nominatim"
group "nominatim"
not_if { node[:nominatim][:state] != "slave" && File.exist?("#{source_directory}/README.md") }
- notifies :run, "execute[compile_nominatim]", :immediately
+ notifies :run, "execute[compile_nominatim]"
+end
+
+remote_file "#{source_directory}/data/country_osm_grid.sql.gz" do
+ action :create_if_missing
+ source "https://www.nominatim.org/data/country_grid.sql.gz"
+ owner "nominatim"
+ group "nominatim"
+ mode "644"
end
execute "compile_nominatim" do
:dbname => node[:nominatim][:dbname]
end
-template "#{build_directory}/settings/local.php" do
- source "settings.erb"
+template "#{build_directory}/.env" do
+ source "nominatim.env.erb"
owner "nominatim"
group "nominatim"
mode "664"
:log_file => "#{node[:nominatim][:logdir]}/query.log"
end
+git ui_directory do
+ action :sync
+ repository node[:nominatim][:ui_repository]
+ revision node[:nominatim][:ui_revision]
+ user "nominatim"
+ group "nominatim"
+end
+
+template "#{ui_directory}/dist/theme/config.theme.js" do
+ source "ui-config.js.erb"
+ owner "nominatim"
+ group "nominatim"
+ mode "664"
+end
+
if node[:nominatim][:flatnode_file]
directory File.dirname(node[:nominatim][:flatnode_file]) do
recursive true
external_data = [
"wikimedia-importance.sql.gz",
- "gb_postcode_data.sql.gz"
+ "gb_postcodes.csv.gz",
+ "us_postcodes.csv.gz"
]
external_data.each do |fname|
- remote_file "#{source_directory}/data/#{fname}" do
+ remote_file "#{build_directory}/#{fname}" do
action :create_if_missing
source "https://www.nominatim.org/data/#{fname}"
owner "nominatim"
end
end
-remote_file "#{source_directory}/data/country_osm_grid.sql.gz" do
- action :create_if_missing
- source "https://www.nominatim.org/data/country_grid.sql.gz"
- owner "nominatim"
- group "nominatim"
- mode "644"
-end
-
if node[:nominatim][:state] == "off"
cron_d "nominatim-backup" do
action :delete
mode "775"
end
-%w[user_agent referrer email].each do |name|
+%w[user_agent referrer email generic].each do |name|
file "#{basedir}/etc/nginx_blocked_#{name}.conf" do
action :create_if_missing
owner "nominatim"
node[:nominatim][:fpm_pools].each do |name, data|
php_fpm name do
- template "fpm.conf.erb"
- variables data.merge(:name => name)
+ port data[:port]
+ pm data[:pm]
+ pm_max_children data[:max_children]
+ pm_start_servers 20
+ pm_min_spare_servers 10
+ pm_max_spare_servers 20
+ pm_max_requests 10000
+ prometheus_port data[:prometheus_port]
end
end
"nominatim.openstreetmap.com",
"nominatim.openstreetmap.net",
"nominatim.openstreetmaps.org",
- "nominatim.openmaps.org"]
+ "nominatim.openmaps.org",
+ "nominatim.qgis.org"]
notifies :reload, "service[nginx]"
end
action [:delete]
end
+frontends = search(:node, "recipes:web\\:\\:frontend").sort_by(&:name)
+
nginx_site "nominatim" do
template "nginx.erb"
directory build_directory
variables :pools => node[:nominatim][:fpm_pools],
- :frontends => search(:node, "recipes:web\\:\\:frontend"),
- :confdir => "#{basedir}/etc"
+ :frontends => frontends,
+ :confdir => "#{basedir}/etc",
+ :ui_directory => ui_directory
end
template "/etc/logrotate.d/nginx" do
include_recipe "fail2ban"
+frontend_addresses = frontends.collect { |f| f.ipaddresses(:role => :external) }
+
fail2ban_jail "nominatim_limit_req" do
filter "nginx-limit-req"
logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
ports [80, 443]
- maxretry 5
+ maxretry 20
+ ignoreips frontend_addresses.flatten.sort
end