From f0feb7c74ca2252ef2513da12fc85be9684a54b4 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 25 Sep 2024 19:18:15 +0200
Subject: Copy webmap-publish.

We also replace persistent/shared RuntimeDirectory settings with
directories defined as tmpfiles.d(5) entries.  This gives more control
over access control.

We also change static compression from gzip to brotli on the HTTPd.
---
 tasks/webmap.yml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 59 insertions(+), 2 deletions(-)

(limited to 'tasks/webmap.yml')

diff --git a/tasks/webmap.yml b/tasks/webmap.yml
index 053b744..9e2c2f6 100644
--- a/tasks/webmap.yml
+++ b/tasks/webmap.yml
@@ -1,14 +1,19 @@
 - name: Install gdal-bin
   apt: pkg=gdal-bin install-recommends=true
 
-- name: Install unzip
-  apt: pkg=unzip
+- name: Install unzip and brotli
+  apt: pkg={{ packages }}
+  vars:
+    packages:
+    - unzip
+    - brotli
 
 - name: Install python dependencies
   apt: pkg={{ packages }}
   vars:
     packages:
     - python3
+    - python3-brotli
     - python3-gdal
     - python3-lxml
     - python3-requests
@@ -309,3 +314,55 @@
     target: all
 
 - meta: flush_handlers
+
+
+- name: Create system user '_webmap-publish'
+  user: name=_webmap-publish system=true
+        group=_webmap
+        createhome=false
+        home=/nonexistent
+        shell=/usr/sbin/nologin
+        comment="Webmap update (publication as MVT)"
+        password="!"
+        state=present
+
+- name: Copy /usr/local/share/webmap/publish.py
+  copy: src=webmap-tools/webmap-publish
+        dest=/usr/local/share/webmap/publish.py
+        owner=root group=root
+        mode=0755
+
+- name: Create /usr/local/bin/webmap-publish
+  file: src=../share/webmap/publish.py
+        dest=/usr/local/bin/webmap-publish
+        owner=root group=root
+        state=link force=yes
+
+- name: Create directory /var/www/webmap/tiles
+  file: path=/var/www/webmap/tiles
+        state=directory
+        owner=_webmap-publish group=root
+        mode=0755
+
+- name: Copy webmap-publish@.service
+  copy: src=etc/systemd/system/webmap-publish@.service
+        dest=/etc/systemd/system/webmap-publish@.service
+        owner=root group=root
+        mode=0644
+  notify:
+    - systemctl daemon-reload
+
+#- name: Enable webmap-publish@.service
+#  service: name=webmap-publish@{{ item }}.service enabled=true
+#  with_items: "{{ webmap_layer_groups }}"
+
+
+- name: Copy /etc/tmpfiles.d/webmap.conf
+  copy: src=etc/tmpfiles.d/webmap.conf
+        dest=/etc/tmpfiles.d/webmap.conf
+        owner=root group=root
+        mode=0644
+  notify:
+    - systemd-tmpfiles --create
+
+- meta: flush_handlers
-- 
cgit v1.2.3