]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/networking/recipes/default.rb
Add a run time limit to the mediawiki-jobs service
[chef.git] / cookbooks / networking / recipes / default.rb
index 2383af7d70da01a5619a36d63e5968fd1cedb6da..cb4f741d9406fb131d15abdf201dae5e6e686eaa 100644 (file)
@@ -69,19 +69,19 @@ node[:networking][:interfaces].each do |name, interface|
   next unless interface[:role] && (role = node[:networking][:roles][interface[:role]])
 
   if interface[:inet] && role[:inet]
-    node.default[:networking][:interfaces][name][:inet][:prefix] = role[:inet][:prefix]
-    node.default[:networking][:interfaces][name][:inet][:gateway] = role[:inet][:gateway]
-    node.default[:networking][:interfaces][name][:inet][:routes] = role[:inet][:routes]
+    node.default_unless[:networking][:interfaces][name][:inet][:prefix] = role[:inet][:prefix]
+    node.default_unless[:networking][:interfaces][name][:inet][:gateway] = role[:inet][:gateway]
+    node.default_unless[:networking][:interfaces][name][:inet][:routes] = role[:inet][:routes]
   end
 
   if interface[:inet6] && role[:inet6]
-    node.default[:networking][:interfaces][name][:inet6][:prefix] = role[:inet6][:prefix]
-    node.default[:networking][:interfaces][name][:inet6][:gateway] = role[:inet6][:gateway]
-    node.default[:networking][:interfaces][name][:inet6][:routes] = role[:inet6][:routes]
+    node.default_unless[:networking][:interfaces][name][:inet6][:prefix] = role[:inet6][:prefix]
+    node.default_unless[:networking][:interfaces][name][:inet6][:gateway] = role[:inet6][:gateway]
+    node.default_unless[:networking][:interfaces][name][:inet6][:routes] = role[:inet6][:routes]
   end
 
-  node.default[:networking][:interfaces][name][:metric] = role[:metric]
-  node.default[:networking][:interfaces][name][:zone] = role[:zone]
+  node.default_unless[:networking][:interfaces][name][:metric] = role[:metric]
+  node.default_unless[:networking][:interfaces][name][:zone] = role[:zone]
 end
 
 node[:networking][:interfaces].each do |_, interface|
@@ -126,6 +126,11 @@ node[:networking][:interfaces].each do |_, interface|
   end
 end
 
+package "systemd-resolved" do
+  action :install
+  only_if { platform?("ubuntu") && node[:lsb][:release].to_f > 22.04 || platform?("debian") && node[:lsb][:release].to_f > 11.0 }
+end
+
 service "systemd-networkd" do
   action [:enable, :start]
 end
@@ -390,6 +395,14 @@ if node[:networking][:wireguard][:enabled]
   end
 end
 
+firewall_rule "accept-http-osm" do
+  action :accept
+  context :incoming
+  protocol :tcp
+  source :osm
+  dest_ports %w[http https]
+end
+
 firewall_rule "accept-http" do
   action :accept
   context :incoming