community: fix acme cert redirect. Add DB backup

diff --git a/cookbooks/community/templates/default/data.yml.erb b/cookbooks/community/templates/default/data.yml.erb
index f18668e3d9ddfee4d018093ef04c048e4e82d203..2aa4de023fe453fbb95978ca79ec6443452135ea 100644 (file)
--- a/cookbooks/community/templates/default/data.yml.erb
+++ b/cookbooks/community/templates/default/data.yml.erb
@@ -42,3 +42,9 @@ hooks:
         cmd: su - postgres -c 'psql discourse'
 
         raise_on_fail: false
+    - file:
+        path: /var/spool/cron/crontabs/postgres
+        contents: |
+          # m h  dom mon dow   command
+          # MAILTO=?
+          0 4 * * * /var/lib/postgresql/take-database-backup

diff --git a/cookbooks/community/templates/default/mail-receiver.yml.erb b/cookbooks/community/templates/default/mail-receiver.yml.erb
index 4460d30f9b4fa27abd73b21008816f050dcf1dec..da96fcdd86eb61382507b25a089b399e2a309670 100644 (file)
--- a/cookbooks/community/templates/default/mail-receiver.yml.erb
+++ b/cookbooks/community/templates/default/mail-receiver.yml.erb
@@ -21,11 +21,9 @@ env:
   ## Where e-mail to your forum should be sent.  In general, it's perfectly fine
   ## to use the same domain as the forum itself here.
   MAIL_DOMAIN: community.openstreetmap.org
-# uncomment these (and the volume below!) to support TLS
-#  POSTCONF_smtpd_tls_key_file:  /letsencrypt/discourse.example.com/discourse.example.com.key
-#  POSTCONF_smtpd_tls_cert_file:  /letsencrypt/discourse.example.com/fullchain.cer
-#  POSTCONF_smtpd_tls_security_level: may
-
+  POSTCONF_smtpd_tls_key_file: /shared/ssl/ssl.key
+  POSTCONF_smtpd_tls_cert_file: /shared/ssl/ssl.crt
+  POSTCONF_smtpd_tls_security_level: may
 
   ## The URL of the mail processing endpoint of your Discourse forum.
   ## This is simply your forum's base URL, with `/admin/email/handle_mail`
@@ -45,9 +43,9 @@ volumes:
   - volume:
       host: /srv/community.openstreetmap.org/shared/mail-receiver/postfix-spool
       guest: /var/spool/postfix
-# uncomment to support TLS
-#  - volume:
-#      host: /var/discourse/shared/standalone/letsencrypt
-#      guest: /letsencrypt
-
-
+  - volume:
+      host: /etc/ssl/certs/community.openstreetmap.org.pem
+      guest: /shared/ssl/ssl.crt
+  - volume:
+      host: /etc/ssl/private/community.openstreetmap.org.key
+      guest: /shared/ssl/ssl.key

diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb
index ca1b7a8f5daa916eb5d813801a632e3a9d543155..3542aaaa3e5f03bdfb82df57f7929f67790cb948 100644 (file)
--- a/cookbooks/community/templates/default/web_only.yml.erb
+++ b/cookbooks/community/templates/default/web_only.yml.erb
@@ -99,36 +99,12 @@ hooks:
           - git fetch --depth=1 origin tag v2.8.1 --no-tags
           - git checkout v2.8.1
   after_ssl:
-    - file:
-        path: "/etc/nginx/letsencrypt.conf"
-        contents: |
-          user www-data;
-          worker_processes auto;
-          daemon on;
-
-          events {
-            worker_connections 768;
-            # multi_accept on;
-          }
-
-          http {
-            sendfile on;
-            tcp_nopush on;
-            tcp_nodelay on;
-            keepalive_timeout 65;
-            types_hash_max_size 2048;
-
-            access_log /var/log/nginx/access.letsencrypt.log;
-            error_log /var/log/nginx/error.letsencrypt.log;
-
-            server {
-              listen 80;
-              listen [::]:80;
-
-              rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
-
-            }
-          }
+    - replace:
+        filename: "/etc/nginx/conf.d/discourse.conf"
+        from: /listen 80;/
+        to: |
+          listen 80;
+          rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
 
     - replace:
         filename: "/etc/nginx/conf.d/discourse.conf"