- dmca
- dns
- docker
- - donate
- elasticsearch
- exim
- fail2ban
- name: docker
run_list:
- recipe[docker::default]
- - name: donate
- run_list:
- - recipe[donate::default]
- name: elasticsearch
run_list:
- recipe[elasticsearch::default]
GEM
remote: https://rubygems.org/
specs:
- activesupport (7.0.6)
+ activesupport (7.0.7)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
public_suffix (>= 2.0.2, < 6.0)
ast (2.4.2)
aws-eventstream (1.2.0)
- aws-partitions (1.800.0)
+ aws-partitions (1.807.0)
aws-sdk-account (1.17.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudhsmv2 (1.49.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudtrail (1.66.0)
+ aws-sdk-cloudtrail (1.67.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudwatch (1.78.0)
+ aws-sdk-cloudwatch (1.79.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudwatchevents (1.62.0)
aws-sdk-cloudwatchlogs (1.69.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-codecommit (1.58.0)
+ aws-sdk-codecommit (1.59.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-codedeploy (1.57.0)
aws-sdk-cognitoidentityprovider (1.76.0)
aws-sdk-core (~> 3, >= 3.176.0)
aws-sigv4 (~> 1.1)
- aws-sdk-configservice (1.96.0)
+ aws-sdk-configservice (1.97.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-core (3.180.2)
+ aws-sdk-core (3.180.3)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.651.0)
aws-sigv4 (~> 1.5)
aws-sdk-dynamodb (1.93.1)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-ec2 (1.396.0)
+ aws-sdk-ec2 (1.399.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-ecr (1.63.0)
aws-sdk-elasticloadbalancing (1.47.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-elasticloadbalancingv2 (1.89.0)
+ aws-sdk-elasticloadbalancingv2 (1.90.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticsearchservice (1.76.0)
aws-sdk-glue (1.145.0)
aws-sdk-core (~> 3, >= 3.176.0)
aws-sigv4 (~> 1.1)
- aws-sdk-guardduty (1.76.0)
+ aws-sdk-guardduty (1.77.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-iam (1.86.0)
aws-sdk-route53 (1.78.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-route53domains (1.49.0)
+ aws-sdk-route53domains (1.50.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-route53resolver (1.47.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
- aws-sdk-s3 (1.132.0)
+ aws-sdk-s3 (1.132.1)
aws-sdk-core (~> 3, >= 3.179.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.6)
aws-sdk-secretsmanager (1.46.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-securityhub (1.90.0)
+ aws-sdk-securityhub (1.91.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-servicecatalog (1.60.0)
multi_json
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
- dry-configurable (0.13.0)
- concurrent-ruby (~> 1.0)
- dry-core (~> 0.6)
- dry-container (0.11.0)
- concurrent-ruby (~> 1.0)
- dry-core (0.9.1)
- concurrent-ruby (~> 1.0)
- zeitwerk (~> 2.6)
- dry-inflector (0.3.0)
- dry-logic (1.3.0)
- concurrent-ruby (~> 1.0)
- dry-core (~> 0.9, >= 0.9)
- zeitwerk (~> 2.6)
- dry-struct (1.5.2)
- dry-core (~> 0.9, >= 0.9)
- dry-types (~> 1.6)
- ice_nine (~> 0.11)
- zeitwerk (~> 2.6)
- dry-types (1.6.1)
- concurrent-ruby (~> 1.0)
- dry-container (~> 0.3)
- dry-core (~> 0.9, >= 0.9)
- dry-inflector (~> 0.1, >= 0.1.2)
- dry-logic (~> 1.3, >= 1.3)
- zeitwerk (~> 2.6)
ed25519 (1.3.0)
erubi (1.12.0)
excon (0.100.0)
gyoku (1.4.0)
builder (>= 2.1.2)
rexml (~> 3.0)
- hashdiff (1.0.1)
hashie (4.1.0)
highline (2.1.0)
http-cookie (1.0.5)
httpclient (2.8.3)
i18n (1.14.1)
concurrent-ruby (~> 1.0)
- ice_nine (0.11.2)
inifile (3.0.0)
- inspec (5.22.3)
+ inspec (5.21.29)
cookstyle
faraday_middleware (>= 0.12.2, < 1.1)
- inspec-core (= 5.22.3)
+ inspec-core (= 5.21.29)
mongo (= 2.13.2)
progress_bar (~> 1.3.3)
rake
train (~> 3.10)
train-aws (~> 0.2)
train-habitat (~> 0.1)
- train-kubernetes (~> 0.1)
train-winrm (~> 0.2)
- inspec-core (5.22.3)
+ inspec-core (5.21.29)
addressable (~> 2.4)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 1, < 3)
tty-table (~> 0.10)
jmespath (1.6.2)
json (2.6.3)
- jsonpath (0.9.9)
- multi_json
- to_regexp (~> 0.2.1)
jwt (2.7.1)
- k8s-ruby (0.14.0)
- dry-configurable (~> 0.13.0)
- dry-struct (<= 1.6.0)
- dry-types (<= 1.7.0)
- excon (~> 0.71)
- hashdiff (~> 1.0.0)
- jsonpath (~> 0.9.5)
- recursive-open-struct (~> 1.1.3)
- yajl-ruby (~> 1.4.0)
- yaml-safe_load_stream3
kitchen-dokken (2.19.1)
docker-api (>= 1.33, < 3)
lockfile (~> 2.1)
racc (1.7.1)
rainbow (3.1.1)
rake (13.0.6)
- recursive-open-struct (1.1.3)
regexp_parser (2.8.1)
representable (3.2.0)
declarative (< 0.1.0)
winrm-fs (~> 1.1)
thor (1.2.2)
timeliness (0.3.10)
- to_regexp (0.2.1)
tomlrb (1.3.0)
trailblazer-option (0.1.2)
train (3.10.8)
net-scp (>= 1.2, < 5.0)
net-ssh (>= 2.9, < 8.0)
train-habitat (0.2.22)
- train-kubernetes (0.1.12)
- k8s-ruby (~> 0.14.0)
- train (~> 3.0)
train-winrm (0.2.13)
winrm (>= 2.3.6, < 3.0)
winrm-elevated (~> 1.2.2)
rubyzip (~> 2.0)
winrm (~> 2.0)
wisper (2.0.1)
- yajl-ruby (1.4.3)
- yaml-safe_load_stream3 (0.1.2)
- zeitwerk (2.6.11)
PLATFORMS
ruby
# DO NOT EDIT - This file is being maintained by Chef
-for prefix in blogs chef-server chef-repository chef-git community forum git lists munin osm-blog osm-donate osmf-crm osmf-ledgersmb wiki-wiki.osmfoundation.org osqa otrs prometheus sotm svn switch2osm trac wiki-board.osmfoundation.org wiki-dwg.osmfoundation.org wiki-mwg.osmfoundation.org wiki-wiki.openstreetmap.org
+for prefix in blogs chef-server chef-repository chef-git community forum git lists munin osm-blog osmf-crm osmf-ledgersmb wiki-wiki.osmfoundation.org osqa otrs prometheus sotm svn switch2osm trac wiki-board.osmfoundation.org wiki-dwg.osmfoundation.org wiki-mwg.osmfoundation.org wiki-wiki.openstreetmap.org
do
/usr/local/bin/expire-backups --days=3 --weeks=3 --months=3 /store/backup $prefix
done
permissions "civicrm@localhost" => :all
end
-ssl_certificate "join.osmfoundation.org" do
- domains [ "join.osmfoundation.org", "crm.osmfoundation.org",
- "supporting.osmfoundation.org", "support.osmfoundation.org",
- "support.openstreetmap.org", "supporting.osm.org",
- "support.osm.org"]
- notifies :reload, "service[apache2]"
-end
-
-apache_site "join.osmfoundation.org" do
- template "apache.erb"
-end
-
wordpress_site "supporting.openstreetmap.org" do
- # Do not add aliases these can causes issues with civicrm PHP sessions
- # Use redirects instead
+ aliases %w[
+ crm.osmfoundation.org
+ donate.openstreetmap.org
+ donate.openstreetmap.com
+ donate.openstreetmap.net
+ donate.osm.org
+ join.osmfoundation.org
+ supporting.osmfoundation.org
+ support.osmfoundation.org
+ support.openstreetmap.org
+ supporting.osm.org
+ support.osm.org
+ ]
database_name "civicrm"
database_user "civicrm"
database_password database_password
+++ /dev/null
-# Donate Cookbook
-
-This cookbook installs the donate.openstreetmap.org site
+++ /dev/null
-# Enable the "donate" role
-default[:accounts][:users][:donate][:status] = :role
+++ /dev/null
-name "donate"
-maintainer "OpenStreetMap Administrators"
-maintainer_email "admins@openstreetmap.org"
-license "Apache-2.0"
-description "Installs and configures Donate Site"
-
-version "1.0.0"
-supports "ubuntu"
-depends "accounts"
-depends "apache"
-depends "git"
-depends "mysql"
-depends "php"
-depends "systemd"
+++ /dev/null
-#
-# Cookbook:: donate
-# Recipe:: default
-#
-# Copyright:: 2016, OpenStreetMap Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-include_recipe "accounts"
-include_recipe "apache"
-include_recipe "php::fpm"
-
-apache_module "headers"
-
-ssl_certificate "donate.openstreetmap.org" do
- domains ["donate.openstreetmap.org", "donate.openstreetmap.com",
- "donate.openstreetmap.net", "donate.osm.org"]
- notifies :reload, "service[apache2]"
-end
-
-php_fpm "donate.openstreetmap.org" do
- action :delete
-end
-
-apache_site "donate.openstreetmap.org" do
- template "apache.erb"
-end
-
-service "osmf-donate.timer" do
- action [:stop, :disable]
-end
-
-systemd_service "osmf-donate" do
- action :delete
-end
-
-file "/etc/cron.daily/osmf-donate-backup" do
- action :delete
-end
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<% [80, 443].each do |port| -%>
-<VirtualHost *:<%= port %>>
-
- ServerName donate.openstreetmap.org
- ServerAlias donate.openstreetmap.com
- ServerAlias donate.openstreetmap.net
- ServerAlias donate.osm.org
-
- ServerAdmin webmaster@openstreetmap.org
-
-<% if port == 80 -%>
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://supporting.openstreetmap.org/
-<% end -%>
-<% if port == 443 -%>
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/donate.openstreetmap.org.pem
- SSLCertificateKeyFile /etc/ssl/private/donate.openstreetmap.org.key
-
- RedirectMatch . https://supporting.openstreetmap.org/
- <% end -%>
-
- CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined
- ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log
-
-</VirtualHost>
-
-<% end -%>
python_package "tilelog" do
python_virtualenv tilelog_directory
python_version "3"
- version "1.6.0"
+ version "1.6.1"
end
directory tilelog_output_directory do
RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
RedirectPermanent / https://<%= @name %>/
</VirtualHost>
+<% unless @aliases.empty? -%>
<VirtualHost *:443>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
ServerAlias <%= alias_name %>
<% end -%>
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% end -%>
+
+<VirtualHost *:443>
+ ServerName <%= @name %>
+
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
DocumentRoot <%= @directory %>
<% @urls.each do |url,directory| -%>
Alias <%= url %> <%= directory %>
<Files "xmlrpc.php">
Require all denied
</Files>
-
</VirtualHost>
+++ /dev/null
-name "donate"
-description "Role applied to all donate servers"
-
-run_list(
- "recipe[donate]"
-)
)
run_list(
- "role[equinix-ams]"
+ "role[equinix-ams]",
+ "role[taginfo]"
)
"role[stateofthemap]",
"role[blog]",
"role[otrs]",
- "role[donate]",
"recipe[dmca]",
"recipe[dhcpd]"
)
+++ /dev/null
-{
- "id": "donate",
- "uid": "524",
- "comment": "OSMF Donations"
-}
+++ /dev/null
-describe package("apache2") do
- it { should be_installed }
-end
-
-describe service("apache2") do
- it { should be_enabled }
- it { should be_running }
-end
-
-describe port(80) do
- it { should be_listening }
- its("protocols") { should cmp "tcp" }
-end
-
-describe port(443) do
- it { should be_listening }
- its("protocols") { should cmp "tcp" }
-end
projects / chef.git / commitdiff