From 3cf610be3a863f397600f496f1b86c0e050d8e78 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 23 Jul 2025 15:31:23 +0200 Subject: webmap-import: Add support for raster export to COG. --- files/etc/systemd/system/webmap-import@.service | 1 + files/etc/systemd/system/webmap-raster@.service | 37 +++++++++++++++++++++++++ group_vars/all.yml | 3 ++ tasks/webmap.yml | 23 +++++++++++++-- webmap-tools | 2 +- 5 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 files/etc/systemd/system/webmap-raster@.service diff --git a/files/etc/systemd/system/webmap-import@.service b/files/etc/systemd/system/webmap-import@.service index 964c37d..b6ad0f6 100644 --- a/files/etc/systemd/system/webmap-import@.service +++ b/files/etc/systemd/system/webmap-import@.service @@ -18,6 +18,7 @@ ExecStart=/usr/local/bin/webmap-import \ --lockdir-sources=%t/lock/webmap/cache \ --mvtdir=/var/www/webmap/tiles/%I \ --mvt-compress \ + --metadata-compress \ -- %I # Hardening diff --git a/files/etc/systemd/system/webmap-raster@.service b/files/etc/systemd/system/webmap-raster@.service new file mode 100644 index 0000000..3362d5e --- /dev/null +++ b/files/etc/systemd/system/webmap-raster@.service @@ -0,0 +1,37 @@ +[Unit] +Description=Webmap updater service (export ā€˜%I’ to COG) +After=webmap-update@%i.target +After=webmap-download@%i.service +Upholds=webmap-update@%i.target + +[Service] +User=_webmap +Group=_webmap + +Nice=15 +IOSchedulingClass=idle + +Type=oneshot +ExecStart=/usr/local/bin/webmap-import \ + --cachedir=%C/webmap \ + --lockfile=%t/lock/webmap/lock \ + --lockdir-sources=%t/lock/webmap/cache \ + --rasterdir=/var/www/webmap/raster/%I \ + --metadata-compress \ + -- %I + +# Hardening +NoNewPrivileges=yes +ProtectHome=yes +ProtectSystem=strict +PrivateDevices=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies= +ReadWritePaths=%t/lock/webmap +ReadWritePaths=/var/www/webmap/raster +PrivateTmp=yes + +[Install] +WantedBy=webmap-update@%i.target diff --git a/group_vars/all.yml b/group_vars/all.yml index 08c17c1..828f000 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -13,6 +13,9 @@ webmap_layer_groups: - misc - nv +webmap_raster: + - kskog + webmap_layer_groups_nodownload: - adm - misc diff --git a/tasks/webmap.yml b/tasks/webmap.yml index de320d4..2bca58e 100644 --- a/tasks/webmap.yml +++ b/tasks/webmap.yml @@ -51,6 +51,7 @@ - common_gdal.py - import_source.py - export_mvt.py + - export_raster.py - rename_exchange.py - name: Copy webmap-update@.target @@ -87,7 +88,7 @@ - name: Enable webmap-update.timer service: name=webmap-update@{{ item }}.timer state=started enabled=true - with_items: "{{ webmap_layer_groups }}" + with_items: "{{ webmap_layer_groups | union(webmap_raster) }}" - meta: flush_handlers @@ -147,7 +148,7 @@ - name: Enable webmap-download@.service service: name=webmap-download@{{ item }}.service enabled=true - with_items: "{{ webmap_layer_groups | difference(webmap_layer_groups_nodownload) }}" + with_items: "{{ webmap_layer_groups | union(webmap_raster) | difference(webmap_layer_groups_nodownload) }}" - name: Disable some webmap-download@.service service: name=webmap-download@{{ item }}.service enabled=false @@ -346,6 +347,18 @@ service: name=webmap-import@{{ item }}.service enabled=true with_items: "{{ webmap_layer_groups }}" +- name: Copy webmap-raster@.service + copy: src=etc/systemd/system/webmap-raster@.service + dest=/etc/systemd/system/webmap-raster@.service + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + +- name: Enable webmap-raster@.service + service: name=webmap-raster@{{ item }}.service enabled=true + with_items: "{{ webmap_raster }}" + - name: Build administrative-codes.json* become: false @@ -378,6 +391,12 @@ owner=_webmap group=root mode=0755 +- name: Create directory /var/www/webmap/raster + file: path=/var/www/webmap/raster + state=directory + owner=_webmap group=root + mode=0755 + - name: Copy /etc/tmpfiles.d/webmap.conf copy: src=etc/tmpfiles.d/webmap.conf diff --git a/webmap-tools b/webmap-tools index 91abd89..412d9fb 160000 --- a/webmap-tools +++ b/webmap-tools @@ -1 +1 @@ -Subproject commit 91abd89d67748a1e057d1299698d506613ee0f9f +Subproject commit 412d9fb7280f382578698ce77831f1649e75c959 -- cgit v1.2.3