include_recipe "imagery"
include_recipe "podman"
+directory "/store/imagery" do
+ owner "root"
+ group "root"
+ mode "755"
+ recursive true
+end
+
# FIXME: until upstream supports arm64 images: https://github.com/developmentseed/titiler/pull/740
container_image = if arm?
"ghcr.io/firefishy/titiler:latest"
podman_service "titiler" do
description "Container service for titiler"
image container_image
- ports 8080 => 8080
- environment :PORT => 8080,
- :WORKERS_PER_CORE => 2,
+ volume :"/store/imagery" => "/store/imagery",
+ :"/srv/imagery/sockets" => "/sockets"
+ environment :BIND => "unix:/sockets/titiler.sock",
+ :WORKERS_PER_CORE => 1,
:GDAL_CACHEMAX => 200,
+ :GDAL_BAND_BLOCK_CACHE => "HASHSET",
:GDAL_DISABLE_READDIR_ON_OPEN => "EMPTY_DIR",
:GDAL_INGESTED_BYTES_AT_OPEN => 32768,
:GDAL_HTTP_MERGE_CONSECUTIVE_RANGES => "YES",
:FORWARDED_ALLOW_IPS => "*" # https://docs.gunicorn.org/en/latest/settings.html#forwarded-allow-ips
end
+systemd_service "titiler-restart" do
+ type "simple"
+ user "root"
+ exec_start "/bin/systemctl try-restart titiler.service"
+ sandbox true
+ restrict_address_families "AF_UNIX"
+end
+
+systemd_timer "titiler-restart" do
+ on_boot_sec "6h"
+ on_unit_inactive_sec "12h"
+end
+
+service "titiler-restart.timer" do
+ action [:enable, :start]
+end
+
+directory "/var/cache/nginx-cache" do
+ owner "www-data"
+ group "www-data"
+ mode "755"
+end
+
ssl_certificate "tiler.openstreetmap.org" do
domains "tiler.openstreetmap.org"
notifies :reload, "service[nginx]"