X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/b59e330e5f5c5057ecb27088a0d0c7c4f5c0ec22..5b0feeae060ca40a8d06e2ce558d68f1789cd478:/roles/shenron.rb diff --git a/roles/shenron.rb b/roles/shenron.rb index 254e66f82..27a10f9c1 100644 --- a/roles/shenron.rb +++ b/roles/shenron.rb @@ -2,51 +2,53 @@ name "shenron" description "Master role applied to shenron" default_attributes( - :accounts => { - :users => { - :bretth => { - :status => :user, - :shell => "/usr/bin/git-shell" - }, - } - }, :apache => { :mpm => "event", :event => { - :max_requests_per_child => 2000 + :min_spare_threads => 50, + :max_spare_threads => 150 } }, + :hardware => { + :hwmon => { + "platform_it87_552" => { + :ignore => %w[in6] + } + }, + :mcelog => { + :enabled => false + }, + :modules => [ + "it87" + ] + } +) + +override_attributes( :networking => { + :dnssec => "false", :interfaces => { :external_ipv4 => { :interface => "eth0", :role => :external, :family => :inet, - :address => "89.16.179.150", + :address => "212.110.172.32", :prefix => "26", - :gateway => "89.16.179.129" + :gateway => "212.110.172.1" }, :external_ipv6 => { :interface => "eth0", :role => :external, :family => :inet6, - :address => "2001:41c8:0010:0996:21d:7dff:fec3:df70", + :address => "2001:41c9:1:400::32", :prefix => "64", :gateway => "fe80::1" - }, - } - }, - :openvpn => { - :address => "10.0.16.3", - :tunnels => { - :shenron2ucl => { - :port => "1194", - :mode => "server", - :peer => { - :host => "ridley.openstreetmap.org" - } } - } + }, + # Do not use Cloudflare Public DNS as it does not support ECS as required by https://www.spamhaus.org/organization/dnsblusage/ + # https://www.spamhaus.org/news/article/816/service-update-spamhaus-dnsbl-users-who-query-via-cloudflare-dns-need-to-make-changes-to-email-set-up + :nameservers => ["8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844"], + :private_address => "10.0.16.100" } ) @@ -54,13 +56,9 @@ run_list( "role[bytemark]", "role[mail]", "role[lists]", - "role[git]", "role[subversion]", "role[trac]", "role[osqa]", "role[irc]", - "role[dns]", - "role[geodns]", - "role[chef-repository]", - "recipe[openvpn]" + "recipe[blogs]" )