--- /dev/null
+~FC001
+~FC034
+~FC064
+~FC065
--- /dev/null
+# Donate Cookbook
+
+This cookbook installs the donate.openstreetmap.org site
--- /dev/null
+name "donate"
+maintainer "OpenStreetMap Administrators"
+maintainer_email "admins@openstreetmap.org"
+license "Apache 2.0"
+description "Installs and configures Donate Site"
+long_description IO.read(File.join(File.dirname(__FILE__), "README.md"))
+version "1.0.0"
+depends "apache"
+depends "mysql"
+depends "git"
--- /dev/null
+#
+# Cookbook Name:: donate
+# Recipe:: default
+#
+# Copyright 2016, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache::ssl"
+include_recipe "mysql"
+include_recipe "git"
+
+package "php"
+package "php-cli"
+package "php-curl"
+package "php-mbstring"
+package "php-mysql"
+package "php-gd"
+
+apache_module "php7.0"
+apache_module "headers"
+
+passwords = data_bag_item("donate", "passwords")
+
+database_password = passwords["database"]
+
+mysql_user "donate@localhost" do
+ password database_password
+end
+
+mysql_database "donate" do
+ permissions "donate@localhost" => :all
+end
+
+git "/srv/donate.openstreetmap.org" do
+ action :sync
+ repository "git://github.com/osmfoundation/donation-drive.git"
+ user "donate"
+ group "donate"
+end
+
+apache_site "donate.openstreetmap.org" do
+ template "apache.erb"
+end
+
+template "/etc/cron.d/osmf-donate" do
+ source "cron.erb"
+ owner "root"
+ group "root"
+ mode 0o600
+ variables :passwords => passwords
+end
+
+template "/etc/cron.daily/osmf-donate-backup" do
+ source "backup.cron.erb"
+ owner "root"
+ group "root"
+ mode 0o750
+ variables :passwords => passwords
+end
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+<% [80, 443].each do |port| -%>
+<VirtualHost *:<%= port %>>
+
+ ServerName donate.openstreetmap.org
+ ServerAlias donate.openstreetmap.com
+ ServerAlias donate.openstreetmap.net
+ ServerAlias donate.osm.org
+ ServerAlias donate.osm.org.za
+ ServerAlias donate.openstreetmap.org.za
+ ServerAlias donate.openstreetmap.org.uk
+ ServerAlias donate.openstreetmap.co.uk
+
+ ServerAdmin webmaster@openstreetmap.org
+
+<% if port == 80 -%>
+ # Redirect to secure site
+ Redirect permanent / https://donate.openstreetmap.org
+<% end -%>
+<% if port == 443 -%>
+ #
+ # Enable SSL
+ #
+ SSLEngine on
+
+ # HSTS (mod_headers is required)
+ Header always set Strict-Transport-Security "max-age=300"
+<% end -%>
+
+ CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined
+ ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log
+
+ Options -Indexes
+
+ DocumentRoot /srv/donate.openstreetmap.org
+
+ php_admin_value open_basedir /srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/
+ php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
+
+ # Alias Dynamic Content to data folder to avoid serving dummy git content
+ Alias /donors-eur.csv /srv/donate.openstreetmap.org/data/donors-eur.csv
+ Alias /donors.csv /srv/donate.openstreetmap.org/data/donors.csv
+
+ # Redirect previous compaigns to homepage
+ Redirect permanent /server2013 https://donate.openstreetmap.org/
+ Redirect permanent /server2015 https://donate.openstreetmap.org/
+
+ <Directory /srv/donate.openstreetmap.org>
+ Require all granted
+ </Directory>
+
+ <Directory /srv/donate.openstreetmap.org/scripts>
+ Require all denied
+ </Directory>
+
+ <Directory ~ "\.svn">
+ Require all denied
+ </Directory>
+
+ <Directory ~ "\.git">
+ Require all denied
+ </Directory>
+
+ <Files ~ "~$">
+ Require all denied
+ </Files>
+
+ # Enable deflate compression on .csv files if possible
+ <IfModule mod_deflate.c>
+ AddOutputFilterByType DEFLATE text/csv
+ </IfModule>
+</VirtualHost>
+
+<% end -%>
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+# FIXME to follow
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+# FIXME to follow
--- /dev/null
+name "donate"
+description "Role applied to all donate servers"
+
+default_attributes(
+ :accounts => {
+ :users => {
+ :donate => {
+ :status => :role,
+ :members => [:grant, :tomh, :matt]
+ }
+ }
+ }
+)
+
+run_list(
+ "recipe[donate]"
+)
"role[switch2osm]",
"role[blog]",
"role[otrs]",
+ "role[donate]",
"recipe[dhcpd]",
"recipe[openvpn]"
)
projects / chef.git / commitdiff