+%w[backup-nominatim vacuum-db-nominatim].each do |fname|
+ template "/usr/local/bin/#{fname}" do
+ source "#{fname}.erb"
+ owner "root"
+ group "root"
+ mode 0o755
+ variables :db => node[:nominatim][:dbname]
+ end
+end
+
+## webserver frontend
+
+directory "#{basedir}/etc" do
+ owner "nominatim"
+ group "adm"
+ mode 0o775
+end
+
+file "#{basedir}/etc/nginx_blocked_user_agent.conf" do
+ action :create_if_missing
+ owner "nominatim"
+ group "adm"
+ mode 0o664
+end
+
+file "#{basedir}/etc/nginx_blocked_referrer.conf" do
+ action :create_if_missing
+ owner "nominatim"
+ group "adm"
+ mode 0o664
+end
+
+service "php7.2-fpm" do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => true
+end
+
+node[:nominatim][:fpm_pools].each do |name, data|
+ template "/etc/php/7.2/fpm/pool.d/#{name}.conf" do
+ source "fpm.conf.erb"
+ owner "root"
+ group "root"
+ mode 0o644
+ variables data.merge(:name => name)
+ notifies :reload, "service[php7.2-fpm]"
+ end
+end
+
+ssl_certificate node[:fqdn] do
+ domains [node[:fqdn],
+ "nominatim.openstreetmap.org",
+ "nominatim.osm.org",
+ "nominatim.openstreetmap.com",
+ "nominatim.openstreetmap.net",
+ "nominatim.openstreetmaps.org",
+ "nominatim.openmaps.org"]
+ notifies :reload, "service[nginx]"
+end
+
+package "apache2" do
+ action :remove
+end
+
+include_recipe "nginx"
+
+nginx_site "default" do
+ action [:delete]
+end
+
+nginx_site "nominatim" do
+ template "nginx.erb"
+ directory build_directory
+ variables :pools => node[:nominatim][:fpm_pools],
+ :confdir => "#{basedir}/etc"
+end
+
+template "/etc/logrotate.d/nginx" do
+ source "logrotate.nginx.erb"
+ owner "root"
+ group "root"
+ mode 0o644
+end
+