From: Tom Hughes <tom@compton.nu>
Date: Wed, 14 Aug 2024 10:40:35 +0000 (+0100)
Subject: Add brackets around IPv6 resolver addresses
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/9c5e9eb3e852d666b37f621ef3973bbffa337241

Add brackets around IPv6 resolver addresses
---

diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb
index 224cb975d..fdf937980 100644
--- a/cookbooks/community/recipes/default.rb
+++ b/cookbooks/community/recipes/default.rb
@@ -81,13 +81,17 @@ template "/srv/community.openstreetmap.org/docker/containers/data.yml" do
   notifies :run, "notify_group[discourse_container_new_data]"
 end
 
+resolvers = node[:networking][:nameservers].map do |resolver|
+  resolver =~ /:/ ? "[#{resolver}]" : resolver
+end
+
 template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do
   source "web_only.yml.erb"
   owner "root"
   group "root"
   mode "640"
   variables :license_keys => license_keys, :passwords => passwords,
-            :prometheus_servers => prometheus_servers
+            :prometheus_servers => prometheus_servers, :resolvers => resolvers
   notifies :run, "notify_group[discourse_container_new_web_only]"
 end
 
diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb
index 5ec88d923..31d4c18fe 100644
--- a/cookbooks/community/templates/default/web_only.yml.erb
+++ b/cookbooks/community/templates/default/web_only.yml.erb
@@ -129,6 +129,6 @@ hooks:
         to: |
           add_header Strict-Transport-Security 'max-age=63072000' always;
           ssl_stapling on;
-          resolver <%= node[:networking][:nameservers].join(" ") %>;
+          resolver <%= @resolvers.join(" ") %>;
           resolver_timeout 5s;
           ssl_dhparam /shared/ssl/dhparam.pem;