Switch web site to readonly against karm

[chef.git] / cookbooks / community / recipes / default.rb

diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb
index 224cb975daf7d35b6103b459cd59e12ca25a71da..000a57a7e00cac990e9ebafa1c9e4aba3ec37deb 100644 (file)
--- a/cookbooks/community/recipes/default.rb
+++ b/cookbooks/community/recipes/default.rb
@@ -81,16 +81,28 @@ template "/srv/community.openstreetmap.org/docker/containers/data.yml" do
   notifies :run, "notify_group[discourse_container_new_data]"
 end
 
   notifies :run, "notify_group[discourse_container_new_data]"
 end
 

+resolvers = node[:networking][:nameservers].map do |resolver|
+  resolver =~ /:/ ? "[#{resolver}]" : resolver
+end
+

 template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do
   source "web_only.yml.erb"
   owner "root"
   group "root"
   mode "640"
   variables :license_keys => license_keys, :passwords => passwords,
 template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do
   source "web_only.yml.erb"
   owner "root"
   group "root"
   mode "640"
   variables :license_keys => license_keys, :passwords => passwords,

-            :prometheus_servers => prometheus_servers
+            :prometheus_servers => prometheus_servers, :resolvers => resolvers

   notifies :run, "notify_group[discourse_container_new_web_only]"
 end
 
   notifies :run, "notify_group[discourse_container_new_web_only]"
 end
 

+template "/srv/community.openstreetmap.org/files/policyd-spf.conf" do
+  source "policyd-spf.conf.erb"
+  owner "community"
+  group "community"
+  mode "644"
+  notifies :run, "notify_group[discourse_container_new_mail_receiver]"
+end
+

 template "/srv/community.openstreetmap.org/docker/containers/mail-receiver.yml" do
   source "mail-receiver.yml.erb"
   owner "root"
 template "/srv/community.openstreetmap.org/docker/containers/mail-receiver.yml" do
   source "mail-receiver.yml.erb"
   owner "root"