]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/civicrm/recipes/default.rb
Make nftables block various invalid TCP flag combinations
[chef.git] / cookbooks / civicrm / recipes / default.rb
index 80229411678989410b8ee85bc37847215e2138fc..89ba93a42b060cbb75fbb19d5e559d1227c94c0b 100644 (file)
@@ -24,9 +24,9 @@ package %w[
   php-xml
   php-curl
   rsync
-  unzip
   wkhtmltopdf
   php-bcmath
+  php-intl
 ]
 
 cache_dir = Chef::Config[:file_cache_path]
@@ -34,7 +34,9 @@ cache_dir = Chef::Config[:file_cache_path]
 passwords = data_bag_item("civicrm", "passwords")
 
 database_password = passwords["database"]
-site_key = passwords["key"]
+site_key = passwords["site_key"]
+cred_keys = passwords["cred_keys"]
+sign_keys = passwords["sign_keys"]
 
 mysql_user "civicrm@localhost" do
   password database_password
@@ -49,24 +51,23 @@ wordpress_site "join.osmfoundation.org" do
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
+  fpm_prometheus_port 11301
 end
 
 wordpress_theme "osmblog-wp-theme" do
   site "join.osmfoundation.org"
-  repository "https://github.com/harry-wood/osmblog-wp-theme.git"
+  repository "https://github.com/osmfoundation/osmblog-wp-theme.git"
 end
 
 wordpress_plugin "registration-honeypot" do
   site "join.osmfoundation.org"
 end
 
-wordpress_plugin "sitepress-multilingual-cms" do
+wordpress_plugin "contact-form-7" do
   site "join.osmfoundation.org"
-  repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
-  not_if { ENV["TEST_KITCHEN"] }
 end
 
-wordpress_plugin "contact-form-7" do
+wordpress_plugin "civicrm-admin-utilities" do
   site "join.osmfoundation.org"
 end
 
@@ -97,22 +98,22 @@ remote_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
   backup false
 end
 
-execute "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
+archive_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
   action :nothing
-  command "unzip -o -qq #{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip"
-  cwd "/opt/civicrm-#{civicrm_version}"
-  user "wordpress"
+  destination "/opt/civicrm-#{civicrm_version}"
+  overwrite true
+  owner "wordpress"
   group "wordpress"
-  subscribes :run, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
+  subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
 end
 
-execute "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
+archive_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
   action :nothing
-  command "tar -zxf #{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz"
-  cwd "/opt/civicrm-#{civicrm_version}/civicrm"
-  user "wordpress"
+  destination "/opt/civicrm-#{civicrm_version}/civicrm"
+  overwrite true
+  owner "wordpress"
   group "wordpress"
-  subscribes :run, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
+  subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
 end
 
 execute "/opt/civicrm-#{civicrm_version}/civicrm" do
@@ -120,8 +121,8 @@ execute "/opt/civicrm-#{civicrm_version}/civicrm" do
   command "rsync --archive --delete /opt/civicrm-#{civicrm_version}/civicrm/ #{civicrm_directory}"
   user "wordpress"
   group "wordpress"
-  subscribes :run, "execute[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
-  subscribes :run, "execute[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
+  subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
+  subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
 end
 
 directory "/srv/join.osmfoundation.org/wp-content/uploads" do
@@ -162,6 +163,8 @@ settings = edit_file "#{civicrm_directory}/civicrm/templates/CRM/common/civicrm.
   line.gsub!(/%%templateCompileDir%%/, "/srv/join.osmfoundation.org/wp-content/uploads/civicrm/templates_c/")
   line.gsub!(/%%baseURL%%/, "http://join.osmfoundation.org/")
   line.gsub!(/%%siteKey%%/, site_key)
+  line.gsub!(/%%credKeys%%/, cred_keys)
+  line.gsub!(/%%signKeys%%/, sign_keys)
   line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/join.osmfoundation.org');")
 
   line
@@ -174,11 +177,24 @@ file "#{civicrm_directory}/civicrm.settings.php" do
   content settings
 end
 
-cron_d "osmf-crm" do
-  minute "*/15"
+systemd_service "osmf-crm-jobs" do
+  description "Run CRM jobs"
+  exec_start "/usr/bin/php #{civicrm_directory}/civicrm/bin/cli.php -s join.osmfoundation.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute"
   user "www-data"
-  command "php #{civicrm_directory}/civicrm/bin/cli.php -s join.osmfoundation.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute 2>&1 | egrep -v '^PHP (Deprecated|Warning):'"
-  mailto "admins@openstreetmap.org"
+  sandbox :enable_network => true
+  memory_deny_write_execute false
+  restrict_address_families "AF_UNIX"
+  read_write_paths "/srv/join.osmfoundation.org/wp-content/uploads/civicrm"
+end
+
+systemd_timer "osmf-crm-jobs" do
+  description "Run CRM jobs"
+  on_boot_sec "15m"
+  on_unit_inactive_sec "15m"
+end
+
+service "osmf-crm-jobs.timer" do
+  action [:enable, :start]
 end
 
 template "/etc/cron.daily/osmf-crm-backup" do