+prometheus_exporter "nominatim" do
+ port 8082
+ user "www-data"
+ options [
+ "--nominatim.query-log=#{node[:nominatim][:logdir]}/query.log",
+ "--nominatim.database-name=#{node[:nominatim][:dbname]}"
+ ]
+end
+
+directory "#{basedir}/status" do
+ owner "nominatim"
+ group "postgres"
+ mode "775"
+end
+
+include_recipe "fail2ban"
+
+frontend_addresses = frontends.collect { |f| f.ipaddresses(:role => :external) }
+
+fail2ban_jail "nominatim_limit_req" do
+ filter "nginx-limit-req"
+ logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
+ ports [80, 443]
+ maxretry 20
+ ignoreips frontend_addresses.flatten.sort
+end
+
+### QA tile generation
+
+if node[:nominatim][:enable_qa_tiles]
+ package "python3-geojson"
+
+ git qa_bin_directory do
+ repository node[:nominatim][:qa_repository]
+ revision node[:nominatim][:qa_revision]
+ enable_submodules true
+ user "nominatim"
+ group "nominatim"
+ notifies :run, "execute[compile_qa]"
+ end
+
+ execute "compile_qa" do
+ action :nothing
+ user "nominatim"
+ cwd "#{qa_bin_directory}/clustering-vt"
+ command "make"
+ end
+
+ directory qa_data_directory do
+ owner "nominatim"
+ group "nominatim"
+ mode "755"
+ recursive true
+ end
+
+ template "#{qa_bin_directory}/analyser/config/config.yaml" do
+ source "qa_config.erb"
+ owner "nominatim"
+ group "nominatim"
+ mode "755"
+ variables :outputdir => "#{qa_data_directory}/new"
+ end
+
+ ssl_certificate "qa-tile.nominatim.openstreetmap.org" do
+ domains ["qa-tile.nominatim.openstreetmap.org"]
+ notifies :reload, "service[nginx]"
+ end
+
+ nginx_site "qa-tiles.nominatim" do
+ template "nginx-qa-tiles.erb"
+ directory build_directory
+ variables :qa_data_directory => qa_data_directory
+ end
+