summaryrefslogtreecommitdiff
path: root/playbooks.d/webserver-nginx/playbook.bash
diff options
context:
space:
mode:
authorPatrick Spek <p.spek@tyil.nl>2022-04-25 13:45:34 +0200
committerPatrick Spek <p.spek@tyil.nl>2022-04-25 13:45:34 +0200
commit908718a622fe229d17da7303b117eee0fe7f8d9d (patch)
tree2fa0a4a6e6f953327a463165e6cfed7caea86cd1 /playbooks.d/webserver-nginx/playbook.bash
parentd5f5413825e75268abaa10d208beac48dd75d159 (diff)
Rename playbooks
Diffstat (limited to 'playbooks.d/webserver-nginx/playbook.bash')
-rw-r--r--playbooks.d/webserver-nginx/playbook.bash107
1 files changed, 107 insertions, 0 deletions
diff --git a/playbooks.d/webserver-nginx/playbook.bash b/playbooks.d/webserver-nginx/playbook.bash
new file mode 100644
index 0000000..85c38be
--- /dev/null
+++ b/playbooks.d/webserver-nginx/playbook.bash
@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+
+playbook_add()
+{
+ info "webserver/add" "Installing packages"
+ pkg install certbot nginx
+
+ info "webserver/add" "Create www user"
+ groupadd www
+ useradd \
+ --home-dir /var/www \
+ --gid www \
+ --system \
+ --shell /sbin/nologin \
+ www
+
+ info "webserver/add" "Cleaning up whatever the package manager did"
+ rm -frv -- "$(config "fs.etcdir")/nginx"
+
+ info "webserver/add" "Creating desired directory structure"
+ mkdir -pv -- \
+ "$(config "fs.etcdir")/nginx" \
+ "$(config "fs.etcdir")/nginx/sites-available.d" \
+ "$(config "fs.etcdir")/nginx/sites-available.d/http" \
+ "$(config "fs.etcdir")/nginx/sites-available.d/https" \
+ "$(config "fs.etcdir")/nginx/sites-enabled.d" \
+ "$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
+ "$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
+ "$(config "fs.etcdir")/nginx/snippets.d" \
+ /var/www
+
+ info "webserver/add" "Generating dhparam.pem"
+ openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096
+
+ info "webserver/add" "Running sync to get all configuration going"
+ playbook_sync
+
+ svc enable nginx
+ svc start nginx
+}
+
+playbook_sync()
+{
+ local snippets
+ local sites
+
+ notice "webserver/sync" "Updating nginx.conf"
+ file_template "nginx.conf" \
+ etc="$(config "fs.etcdir")" \
+ > "$(config "fs.etcdir")/nginx/nginx.conf"
+
+ notice "webserver/sync" "Updating mime.types"
+ file_template "mime.types" \
+ etc="$(config "fs.etcdir")" \
+ > "$(config "fs.etcdir")/nginx/mime.types"
+
+ notice "webserver/sync" "Updating cert.sh"
+ file_template "cert.sh" \
+ > "$(config "fs.bindir")/cert.sh" \
+ && chmod +x "$(config "fs.bindir")/cert.sh"
+
+ for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/snippets.d"/*.conf
+ do
+ snippet="$(basename "$path")"
+
+ notice "webserver/sync" "Updating snippet $snippet"
+ file_template "snippets.d/$snippet" \
+ > "$(config "fs.etcdir")/nginx/snippets.d/$snippet"
+ done
+
+ for path_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
+ do
+ dir="$(basename "$path_dir")"
+
+ for path_site in "$path_dir"/*
+ do
+ site="$(basename "$path_site")"
+
+ notice "webserver/sync" "Updating site $dir/$site"
+ file_template "sites.d/$dir/$site" \
+ > "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site"
+ done
+ done
+
+ notice "webserver/sync" "Set nginx permissions to www user"
+ chown -R www:www "$(config "fs.etcdir")/nginx"
+
+ notice "webserver/sync" "Renewing Let's Encrypt certificates"
+ certbot renew --no-random-sleep-on-renew
+
+ [[ "$BASHTARD_COMMAND" == "add" ]] && return
+
+ svc reload nginx
+}
+
+playbook_del()
+{
+ # Stop and remove the service
+ svc stop nginx
+ svc disable nginx
+
+ # Clean up resources
+ pkg uninstall nginx
+ rm -fr -- /etc/nginx "$(config "fs.bindir")/cert.sh" /var/www/.acme
+ userdel www
+ groupdel www
+}