X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/ddbb63fee76f09a44ff817b30814481003fbd23a..45fe31ef4a8d08f0b732d48fb17711ef54a020b9:/cookbooks/web/recipes/rails.rb?ds=sidebyside diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb index 90411d552..e46f9d52b 100644 --- a/cookbooks/web/recipes/rails.rb +++ b/cookbooks/web/recipes/rails.rb @@ -21,7 +21,6 @@ include_recipe "apache" include_recipe "apt" include_recipe "git" include_recipe "geoipupdate" -include_recipe "munin" include_recipe "nodejs" include_recipe "passenger" include_recipe "ruby" @@ -32,11 +31,11 @@ web_passwords = data_bag_item("web", "passwords") db_passwords = data_bag_item("db", "passwords") ssl_certificate "www.openstreetmap.org" do - domains ["www.openstreetmap.org", "www.osm.org", + domains ["www.openstreetmap.org", "www.osm.org", "www.openstreetmap.com", "api.openstreetmap.org", "api.osm.org", "maps.openstreetmap.org", "maps.osm.org", "mapz.openstreetmap.org", "mapz.osm.org", - "openstreetmap.org", "osm.org"] + "openstreetmap.org", "osm.org", "openstreetmap.com"] notifies :reload, "service[apache2]" end @@ -123,13 +122,14 @@ rails_port "www.openstreetmap.org" do google_openid_realm "https://www.openstreetmap.org" facebook_auth_id "427915424036881" facebook_auth_secret web_passwords["facebook_auth_secret"] - microsoft_auth_id "45ef48fb-6a13-4239-b842-133608b8edd7" + microsoft_auth_id "e34f14f1-f790-40f3-9fa4-3c5f1a027c38" microsoft_auth_secret web_passwords["microsoft_auth_secret"] github_auth_id "acf7da34edee99e35499" github_auth_secret web_passwords["github_auth_secret"] wikipedia_auth_id "e4fe0c2c5855d23ed7e1f1c0fa1f1c58" wikipedia_auth_secret web_passwords["wikipedia_auth_secret"] thunderforest_key web_passwords["thunderforest_key"] + tracestrack_key web_passwords["tracestrack_key"] totp_key web_passwords["totp_key"] csp_enforce true trace_use_job_queue true @@ -143,6 +143,13 @@ rails_port "www.openstreetmap.org" do trace_image_storage_url "https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com" overpass_url "https://query.openstreetmap.org/query-features" overpass_credentials true + signup_ip_per_day 24 + signup_ip_max_burst 48 + signup_email_per_day 1 + signup_email_max_burst 2 + doorkeeper_signing_key web_passwords["openid_connect_key"].join("\n") + user_account_deletion_delay 7 * 24 + # Requests to modify the imagery blacklist should come from the DWG only imagery_blacklist [ # Current Google imagery URLs have google or googleapis in the domain ".*\\.google(apis)?\\..*/.*", @@ -151,14 +158,22 @@ rails_port "www.openstreetmap.org" do # Blacklist here ".*\\.here\\.com[/:].*", # Blacklist Mapy.cz - ".*\\.mapy\\.cz.*" + ".*\\.mapy\\.cz.*", + # Blacklist Yandex + ".*\\.api-maps\\.yandex\\.ru/.*", + ".*\\.maps\\.yandex\\.net/.*", + # Blacklist 2gis + ".*\\.maps\\.2gis\\.com/.*" ] end systemd_service "rails-jobs@" do description "Rails job queue runner" type "simple" - environment "RAILS_ENV" => "production", "QUEUE" => "%I", "SLEEP_DELAY" => "60" + environment "RAILS_ENV" => "production", + "QUEUE" => "%I", + "SLEEP_DELAY" => "60", + "SECRET_KEY_BASE" => web_passwords["secret_key_base"] user "rails" working_directory rails_directory exec_start "#{node[:ruby][:bundle]} exec rails jobs:work" @@ -217,14 +232,3 @@ end gem_package "hpricot" do gem_binary node[:ruby][:gem] end - -munin_plugin "api_calls_status" -munin_plugin "api_calls_num" - -munin_plugin "api_calls_#{node[:hostname]}" do - target "api_calls_" -end - -munin_plugin "api_waits_#{node[:hostname]}" do - target "api_waits_" -end