summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ansible.cfg1
-rw-r--r--files/etc/nginx/sites-available/webmap57
-rw-r--r--files/etc/postgresql/postgresql.conf4
-rw-r--r--files/etc/systemd/system/webmap-cgi.service36
-rw-r--r--files/etc/systemd/system/webmap-cgi.socket11
-rw-r--r--files/etc/systemd/system/webmap-download@.service10
-rw-r--r--files/etc/systemd/system/webmap-import@.service16
-rw-r--r--files/etc/systemd/system/webmap-publish@.service40
-rw-r--r--files/etc/systemd/system/webmap-update@.target2
-rw-r--r--files/etc/tmpfiles.d/webmap.conf15
-rw-r--r--group_vars/all.yml8
-rw-r--r--handlers/main.yml3
-rw-r--r--tasks/apt.yml9
-rw-r--r--tasks/network.yml1
-rw-r--r--tasks/webmap.yml157
m---------webmap-tools0
16 files changed, 240 insertions, 130 deletions
diff --git a/ansible.cfg b/ansible.cfg
index a35402e..cf64db8 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,6 @@
[defaults]
inventory = ./hosts.ini
+max_diff_size = 524288
[privilege_escalation]
become = True
diff --git a/files/etc/nginx/sites-available/webmap b/files/etc/nginx/sites-available/webmap
index 92809e2..efb062a 100644
--- a/files/etc/nginx/sites-available/webmap
+++ b/files/etc/nginx/sites-available/webmap
@@ -45,36 +45,75 @@ server {
ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key;
include snippets/ssl.conf;
+ root /var/www/webmap;
+ index index.html;
+
add_header Referrer-Policy "no-referrer";
- add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
- add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'self'";
-
- root /var/www/webmap;
- index index.html;
+ add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'self'";
+ #add_header Access-Control-Allow-Origin $http_origin always;
+
+ include mime.types;
+ types {
+ # application/protobuf and application/vnd.google.protobuf might be valid types too, cf.
+ # https://stackoverflow.com/questions/30505408/what-is-the-correct-protobuf-content-type
+ application/x-protobuf pbf;
+ }
location ^~ /assets/ {
expires 7d;
- gzip_static on;
+ brotli_static on;
try_files $uri =404;
}
location ^~ /tiles/ {
- expires 1d;
+ expires 30m;
brotli_static on;
try_files $uri =404;
+ # service an empty payload to save bandwidth
error_page 404 /_.txt;
}
+ location = /q {
+ expires epoch;
+ limit_except POST { deny all; }
+ #if ($request_method = OPTIONS) {
+ # add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+ # add_header Access-Control-Allow-Origin $http_origin;
+ # add_header Access-Control-Allow-Methods "POST, GET, OPTIONS";
+ # add_header Access-Control-Allow-Headers "Accept, Content-Type";
+ # add_header Access-Control-Max-Age 28800;
+ # return 204;
+ #}
+ client_max_body_size 64k;
+ gzip on;
+ gzip_types application/json text/plain;
+ include uwsgi_params;
+ uwsgi_pass unix:/run/webmap-cgi.socket;
+ }
+ location = /tiles/metadata.json {
+ expires epoch;
+ brotli_static on;
+ try_files $uri =404;
+ }
location = /_.txt {
- # cache 404 responses
+ # cache 404 responses for 30m like for valid tiles
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
- add_header Cache-Control "public; max-age=86400" always;
+ add_header Cache-Control "public; max-age=1800" always;
+ #add_header Access-Control-Allow-Origin $http_origin always;
internal;
}
location / {
+ add_header Referrer-Policy "no-referrer";
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-XSS-Protection "1; mode=block";
+ add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
+ add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://minkarta.lantmateriet.se/map/; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'self'";
+
try_files $uri $uri/ =404;
}
}
diff --git a/files/etc/postgresql/postgresql.conf b/files/etc/postgresql/postgresql.conf
new file mode 100644
index 0000000..038438a
--- /dev/null
+++ b/files/etc/postgresql/postgresql.conf
@@ -0,0 +1,4 @@
+shared_buffers = 768MB
+temp_buffers = 128MB
+work_mem = 16MB
+effective_cache_size = 1536MB
diff --git a/files/etc/systemd/system/webmap-cgi.service b/files/etc/systemd/system/webmap-cgi.service
new file mode 100644
index 0000000..88f22e5
--- /dev/null
+++ b/files/etc/systemd/system/webmap-cgi.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=Webmap CGI (Common Gateway Interface)
+After=syslog.target network.target postgresql.service
+
+[Service]
+DynamicUser=yes
+User=_webmap-cgi
+# Note: the "WARNING: you have enabled harakiri without post buffering" can
+# be ignored because body requests are in fact buffered on the nginx side
+ExecStart=/usr/bin/uwsgi -M -p2 \
+ --single-interpreter --die-on-term \
+ --close-on-exec --close-on-exec2 \
+ --max-requests 1000 \
+ --max-worker-lifetime 86400 \
+ --max-worker-lifetime-delta 11 \
+ --harakiri 60 \
+ --lazy-apps \
+ --plugins python3 \
+ --pythonpath /usr/local/share/webmap \
+ --wsgi-file /usr/libexec/webmap-cgi
+Nice=10
+RestartSec=15s
+Restart=always
+
+# Hardening
+NoNewPrivileges=yes
+ProtectHome=yes
+ProtectSystem=strict
+PrivateDevices=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX
+
+[Install]
+WantedBy=multi-user.target
diff --git a/files/etc/systemd/system/webmap-cgi.socket b/files/etc/systemd/system/webmap-cgi.socket
new file mode 100644
index 0000000..2828985
--- /dev/null
+++ b/files/etc/systemd/system/webmap-cgi.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=Webmap CGI (Common Gateway Interface) activation socket
+After=syslog.target network.target
+
+[Socket]
+ListenStream=%t/webmap-cgi.socket
+SocketUser=www-data
+SocketMode=0666
+
+[Install]
+WantedBy=sockets.target
diff --git a/files/etc/systemd/system/webmap-download@.service b/files/etc/systemd/system/webmap-download@.service
index 2c5a3e4..d7a49dc 100644
--- a/files/etc/systemd/system/webmap-download@.service
+++ b/files/etc/systemd/system/webmap-download@.service
@@ -1,5 +1,5 @@
[Unit]
-Description=Webmap updater service (download %I)
+Description=Webmap updater service (download ‘%I’)
# Chaining logic from https://serverfault.com/questions/1079993/why-does-my-systemd-timer-only-trigger-once-when-the-unit-is-a-target#answer-1128671
# XXX Looks like Upholds= prevents running a single unit, as it causes
# webmap-update@%i.target to start upon `systemctl start webmap-download@foo.service`
@@ -15,8 +15,8 @@ IOSchedulingClass=idle
Type=oneshot
ExecStart=/usr/local/bin/webmap-download \
- --cachedir=/var/cache/webmap \
- --lockdir=%t/lock/webmap/download \
+ --cachedir=%C/webmap \
+ --lockdir=%t/lock/webmap/cache \
--no-exit-code \
--quiet \
-- %I
@@ -30,8 +30,8 @@ ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-ReadWritePaths=/var/cache/webmap
-ReadWritePaths=%t/lock/webmap/download
+ReadWritePaths=%C/webmap
+ReadWritePaths=%t/lock/webmap/cache
[Install]
WantedBy=webmap-update@%i.target
diff --git a/files/etc/systemd/system/webmap-import@.service b/files/etc/systemd/system/webmap-import@.service
index 06d204c..964c37d 100644
--- a/files/etc/systemd/system/webmap-import@.service
+++ b/files/etc/systemd/system/webmap-import@.service
@@ -1,17 +1,11 @@
[Unit]
-Description=Webmap updater service (import %I to PostgreSQL)
+Description=Webmap updater service (import ‘%I’ to PostGIS)
After=postgresql.service webmap-update@%i.target
After=webmap-download@%i.service
Upholds=webmap-update@%i.target
-# XXX webmap-download write cached files atomatically but there is no
-# guarantee that GDAL/OGR opens them atomically. It'd therefore make
-# sense to use the following Conflict= directive, however systemd skips
-# webmap-download@%i.service in that case.
-#Conflicts=webmap-download@%i.service
-
[Service]
-User=_webmap-import
+User=_webmap
Group=_webmap
Nice=15
@@ -19,8 +13,11 @@ IOSchedulingClass=idle
Type=oneshot
ExecStart=/usr/local/bin/webmap-import \
- --cachedir=/var/cache/webmap \
+ --cachedir=%C/webmap \
--lockfile=%t/lock/webmap/lock \
+ --lockdir-sources=%t/lock/webmap/cache \
+ --mvtdir=/var/www/webmap/tiles/%I \
+ --mvt-compress \
-- %I
# Hardening
@@ -33,6 +30,7 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ReadWritePaths=%t/lock/webmap
+ReadWritePaths=/var/www/webmap/tiles
PrivateTmp=yes
[Install]
diff --git a/files/etc/systemd/system/webmap-publish@.service b/files/etc/systemd/system/webmap-publish@.service
deleted file mode 100644
index e2f8e6b..0000000
--- a/files/etc/systemd/system/webmap-publish@.service
+++ /dev/null
@@ -1,40 +0,0 @@
-[Unit]
-Description=Webmap updater service (publish %I as MVT)
-#After=postgresql.service webmap-update@%i.target
-#After=webmap-download@%i.service
-#After=webmap-import@%i.service
-#Upholds=webmap-update@%i.target
-
-[Service]
-User=_webmap-publish
-Group=_webmap
-
-Nice=15
-IOSchedulingClass=idle
-
-Type=oneshot
-ExecStart=/usr/local/bin/webmap-publish \
- --lockfile=%t/lock/webmap/lock \
- --destdir=/var/www/webmap/tiles/%i \
- --name=%I \
- --webroot=/var/www/webmap \
- --metadata=/var/www/webmap/tiles/metadata.json \
- --metadata-lockfile=%t/lock/webmap/tiles.lock \
- --compress \
- -- %I
-
-# Hardening
-NoNewPrivileges=yes
-ProtectHome=yes
-ProtectSystem=strict
-PrivateDevices=yes
-ProtectControlGroups=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-ReadWritePaths=/var/www/webmap/tiles
-ReadWritePaths=%t/lock/webmap
-PrivateTmp=yes
-
-#[Install]
-#WantedBy=webmap-update@%i.target
diff --git a/files/etc/systemd/system/webmap-update@.target b/files/etc/systemd/system/webmap-update@.target
index 3d9fb7f..840de96 100644
--- a/files/etc/systemd/system/webmap-update@.target
+++ b/files/etc/systemd/system/webmap-update@.target
@@ -1,3 +1,3 @@
[Unit]
-Description=Webmap updater (target unit %I)
+Description=Webmap updater (target unit ‘%I’)
StopWhenUnneeded=true
diff --git a/files/etc/tmpfiles.d/webmap.conf b/files/etc/tmpfiles.d/webmap.conf
index 620cd24..786e6dd 100644
--- a/files/etc/tmpfiles.d/webmap.conf
+++ b/files/etc/tmpfiles.d/webmap.conf
@@ -1,11 +1,8 @@
-d %t/lock/webmap 0755 root root
+d %t/lock/webmap 00755 root root
-# for webmap-download's --lockdir
-d %t/lock/webmap/download 0755 _webmap-download _webmap
+# for `webmap-download --lockdir` *and* `webmap-import --lockdir-sources`
+# (hence the set-group-ID bit and g+w)
+d %t/lock/webmap/cache 02775 _webmap-download _webmap
-# for webmap-import's *and* webmap-publish's --lockfile (hence the
-# ownership and g+w)
-f %t/lock/webmap/lock 0664 root _webmap
-
-# for webmap-publish's --metadata-lockfile
-f %t/lock/webmap/tiles.lock 0644 _webmap-publish _webmap
+# for `webmap-import --lockfile`
+f %t/lock/webmap/lock 00644 _webmap _webmap
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 5d4474a..e90c73e 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -5,8 +5,14 @@ webmap_layer_groups:
- mrr
- nvr
- sks
- - st
+ - ren
- vbk
+ - ri
+ - svk
+ - misc
+
+webmap_layer_groups_nodownload:
+ - misc
# PostgreSQL's version number and cluster name
postgresql:
diff --git a/handlers/main.yml b/handlers/main.yml
index 281951b..b6ee548 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -55,3 +55,6 @@
- name: Reload PostgreSQL
service: name=postgresql.service state=reloaded
+
+- name: Stop webmap-cgi.service
+ service: name=webmap-cgi.service state=stopped
diff --git a/tasks/apt.yml b/tasks/apt.yml
index 1023908..f17a2e4 100644
--- a/tasks/apt.yml
+++ b/tasks/apt.yml
@@ -5,8 +5,13 @@
- apt
- lsb-release
-- name: Remove /etc/apt/sources.list
- file: path=/etc/apt/sources.list state=absent
+# something keeps recreating (without content) it if we delete it, so we
+# leave it instead but ensure it's empty instead
+- name: Create empty /etc/apt/sources.list
+ copy: content=""
+ dest=/etc/apt/sources.list
+ owner=root group=root
+ mode=0644
notify:
- apt-get update
diff --git a/tasks/network.yml b/tasks/network.yml
index 1551f82..a02b07c 100644
--- a/tasks/network.yml
+++ b/tasks/network.yml
@@ -32,6 +32,7 @@
packages:
- systemd-resolved
- libnss-resolve
+ - libnss-myhostname
- name: Create directory /etc/systemd/resolved.conf.d
file: path=/etc/systemd/resolved.conf.d
diff --git a/tasks/webmap.yml b/tasks/webmap.yml
index 9e2c2f6..d694387 100644
--- a/tasks/webmap.yml
+++ b/tasks/webmap.yml
@@ -15,7 +15,6 @@
- python3
- python3-brotli
- python3-gdal
- - python3-lxml
- python3-requests
- python3-systemd
- python3-tqdm
@@ -41,11 +40,18 @@
owner=root group=root
mode=0755
-- name: Copy /usr/local/share/webmap/common.py
- copy: src=webmap-tools/common.py
- dest=/usr/local/share/webmap/common.py
+- name: Copy /usr/local/share/webmap/*.py modules
+ copy: src=webmap-tools/{{ item }}
+ dest=/usr/local/share/webmap/{{ item }}
owner=root group=root
mode=0644
+ with_items:
+ # TODO these should be compiled
+ - common.py
+ - common_gdal.py
+ - import_source.py
+ - export_mvt.py
+ - rename_exchange.py
- name: Copy webmap-update@.target
copy: src=etc/systemd/system/webmap-update@.target
@@ -96,18 +102,25 @@
owner=root group=root
state=link force=yes
-- name: Copy /usr/local/share/webmap/webmap-download-mrr.py
- copy: src=webmap-tools/webmap-download-mrr.py
- dest=/usr/local/share/webmap/webmap-download-mrr.py
- owner=root group=root
- mode=0644
-
- name: Create directory /var/cache/webmap
file: path=/var/cache/webmap
state=directory
owner=_webmap-download group=root
mode=0755
+- name: Create directory /var/cache/webmap/custom
+ file: path=/var/cache/webmap/custom
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy custom layers into /var/cache/webmap/custom
+ copy: src=webmap-tools/layers/custom/
+ dest=/var/cache/webmap/custom/
+ owner=root group=root
+ mode=0644
+ directory_mode=0755
+
- name: Copy webmap-download@.service
copy: src=etc/systemd/system/webmap-download@.service
dest=/etc/systemd/system/webmap-download@.service
@@ -118,13 +131,17 @@
- name: Enable webmap-download@.service
service: name=webmap-download@{{ item }}.service enabled=true
- with_items: "{{ webmap_layer_groups }}"
+ with_items: "{{ webmap_layer_groups | difference(webmap_layer_groups_nodownload) }}"
+
+- name: Disable some webmap-download@.service
+ service: name=webmap-download@{{ item }}.service enabled=false
+ with_items: "{{ webmap_layer_groups_nodownload }}"
- meta: flush_handlers
-- name: Create system user '_webmap-import'
- user: name=_webmap-import system=true
+- name: Create system user '_webmap'
+ user: name=_webmap system=true
group=_webmap
createhome=false
home=/nonexistent
@@ -148,6 +165,13 @@
# PostgreSQL needs to be restarted to see the new locale
notify: Restart PostgreSQL
+- name: Configure PostgreSQL
+ copy: src=etc/postgresql/postgresql.conf
+ dest=/etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/conf.d/local.conf
+ owner=postgres group=postgres
+ mode=0644
+ notify: Restart PostgreSQL
+
- name: Start PostgreSQL
service: name=postgresql@{{ postgresql.version }}-{{ postgresql.cluster }}.service state=started
@@ -179,7 +203,7 @@
become: true
become_user: postgres
community.postgresql.postgresql_user:
- db: webmap
+ login_db: webmap
name: "{{ item }}"
with_items:
- webmap_import
@@ -200,7 +224,7 @@
ansible.builtin.lineinfile:
path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf
regexp: '^pgmap_webmap\s.*\swebmap_import\s*$'
- line: 'pgmap_webmap _webmap-import webmap_import'
+ line: 'pgmap_webmap _webmap webmap_import'
create: false
notify: Reload PostgreSQL
@@ -217,7 +241,7 @@
become_user: postgres
community.postgresql.postgresql_schema:
name: postgis
- db: webmap
+ login_db: webmap
owner: postgres
- name: Install 'postgis' PostgreSQL extension to the webmap database in the postgis schema
@@ -225,7 +249,7 @@
become_user: postgres
community.postgresql.postgresql_ext:
name: postgis
- db: webmap
+ login_db: webmap
schema: postgis
comment: Geographic objects support for PostgreSQL
@@ -233,7 +257,7 @@
become: true
become_user: postgres
community.postgresql.postgresql_privs:
- database: webmap
+ login_db: webmap
privs: CONNECT
type: database
role: webmap_import,webmap_guest
@@ -242,7 +266,7 @@
become: true
become_user: postgres
community.postgresql.postgresql_privs:
- database: webmap
+ login_db: webmap
privs: USAGE
type: schema
obj: postgis
@@ -253,7 +277,7 @@
become: true
become_user: postgres
community.postgresql.postgresql_privs:
- database: webmap
+ login_db: webmap
privs: CREATE
type: schema
obj: postgis
@@ -264,7 +288,7 @@
become: true
become_user: postgres
community.postgresql.postgresql_privs:
- database: webmap
+ login_db: webmap
privs: SELECT
type: table
obj: ALL_IN_SCHEMA
@@ -275,7 +299,7 @@
become: true
become_user: postgres
community.postgresql.postgresql_privs:
- database: webmap
+ login_db: webmap
privs: USAGE,SELECT
type: sequence
obj: ALL_IN_SCHEMA
@@ -306,6 +330,7 @@
service: name=webmap-import@{{ item }}.service enabled=true
with_items: "{{ webmap_layer_groups }}"
+
- name: Build administrative-codes.json*
become: false
local_action:
@@ -313,56 +338,80 @@
chdir: ./webmap-tools/administrative-codes
target: all
-- meta: flush_handlers
-
-
-- name: Create system user '_webmap-publish'
- user: name=_webmap-publish system=true
- group=_webmap
- createhome=false
- home=/nonexistent
- shell=/usr/sbin/nologin
- comment="Webmap update (publication as MVT)"
- password="!"
- state=present
-
-- name: Copy /usr/local/share/webmap/publish.py
- copy: src=webmap-tools/webmap-publish
- dest=/usr/local/share/webmap/publish.py
+- name: Create directory /var/www/webmap/data
+ file: path=/var/www/webmap/data
+ state=directory
owner=root group=root
mode=0755
-- name: Create /usr/local/bin/webmap-publish
- file: src=../share/webmap/publish.py
- dest=/usr/local/bin/webmap-publish
+- name: Copy /var/www/webmap/data/administrative-codes.json*
+ copy: src=./webmap-tools/administrative-codes/{{ item }}
+ dest=/var/www/webmap/data/{{ item }}
owner=root group=root
- state=link force=yes
+ mode=0644
+ with_items:
+ - administrative-codes.json
+ - administrative-codes.json.br
+
+- meta: flush_handlers
+
- name: Create directory /var/www/webmap/tiles
file: path=/var/www/webmap/tiles
state=directory
- owner=_webmap-publish group=root
+ owner=_webmap group=root
mode=0755
-- name: Copy webmap-publish@.service
- copy: src=etc/systemd/system/webmap-publish@.service
- dest=/etc/systemd/system/webmap-publish@.service
+
+- name: Copy /etc/tmpfiles.d/webmap.conf
+ copy: src=etc/tmpfiles.d/webmap.conf
+ dest=/etc/tmpfiles.d/webmap.conf
owner=root group=root
mode=0644
notify:
- - systemctl daemon-reload
+ - systemd-tmpfiles --create
-#- name: Enable webmap-publish@.service
-# service: name=webmap-publish@{{ item }}.service enabled=true
-# with_items: "{{ webmap_layer_groups }}"
+- meta: flush_handlers
-- name: Copy /etc/tmpfiles.d/webmap.conf
- copy: src=etc/tmpfiles.d/webmap.conf
- dest=/etc/tmpfiles.d/webmap.conf
+- name: Install Python/WSGI dependencies
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - uwsgi-core
+ - uwsgi-plugin-python3
+ # TODO[trixie]: install python3-psycopg-c instead
+ - python3-psycopg
+
+- name: Copy webmap-cgi.socket
+ copy: src=etc/systemd/system/webmap-cgi.socket
+ dest=/etc/systemd/system/webmap-cgi.socket
owner=root group=root
mode=0644
notify:
- - systemd-tmpfiles --create
+ - systemctl daemon-reload
+
+- name: Copy webmap-cgi.service
+ copy: src=etc/systemd/system/webmap-cgi.service
+ dest=/etc/systemd/system/webmap-cgi.service
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+ - Stop webmap-cgi.service
+
+- name: Copy /usr/libexec/webmap-cgi
+ copy: src=./webmap-tools/webmap-cgi
+ dest=/usr/libexec/webmap-cgi
+ owner=root group=root
+ mode=0755
+ notify:
+ - Stop webmap-cgi.service
- meta: flush_handlers
+
+- name: Enable webmap-cgi.socket
+ service: name=webmap-cgi.socket state=started enabled=true
+
+- name: Disable webmap-cgi.service
+ service: name=webmap-cgi.service enabled=false
diff --git a/webmap-tools b/webmap-tools
-Subproject 7cda119879cf48ba72ba34522fa9cdf9ef6d9b4
+Subproject 3e9586f0a9708afca40ab50a2987fc0090256e2