diff options
Diffstat (limited to 'playbooks.d/webserver-nginx/playbook.bash')
-rw-r--r-- | playbooks.d/webserver-nginx/playbook.bash | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/playbooks.d/webserver-nginx/playbook.bash b/playbooks.d/webserver-nginx/playbook.bash new file mode 100644 index 0000000..85c38be --- /dev/null +++ b/playbooks.d/webserver-nginx/playbook.bash @@ -0,0 +1,107 @@ +#!/usr/bin/env bash + +playbook_add() +{ + info "webserver/add" "Installing packages" + pkg install certbot nginx + + info "webserver/add" "Create www user" + groupadd www + useradd \ + --home-dir /var/www \ + --gid www \ + --system \ + --shell /sbin/nologin \ + www + + info "webserver/add" "Cleaning up whatever the package manager did" + rm -frv -- "$(config "fs.etcdir")/nginx" + + info "webserver/add" "Creating desired directory structure" + mkdir -pv -- \ + "$(config "fs.etcdir")/nginx" \ + "$(config "fs.etcdir")/nginx/sites-available.d" \ + "$(config "fs.etcdir")/nginx/sites-available.d/http" \ + "$(config "fs.etcdir")/nginx/sites-available.d/https" \ + "$(config "fs.etcdir")/nginx/sites-enabled.d" \ + "$(config "fs.etcdir")/nginx/sites-enabled.d/http" \ + "$(config "fs.etcdir")/nginx/sites-enabled.d/https" \ + "$(config "fs.etcdir")/nginx/snippets.d" \ + /var/www + + info "webserver/add" "Generating dhparam.pem" + openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096 + + info "webserver/add" "Running sync to get all configuration going" + playbook_sync + + svc enable nginx + svc start nginx +} + +playbook_sync() +{ + local snippets + local sites + + notice "webserver/sync" "Updating nginx.conf" + file_template "nginx.conf" \ + etc="$(config "fs.etcdir")" \ + > "$(config "fs.etcdir")/nginx/nginx.conf" + + notice "webserver/sync" "Updating mime.types" + file_template "mime.types" \ + etc="$(config "fs.etcdir")" \ + > "$(config "fs.etcdir")/nginx/mime.types" + + notice "webserver/sync" "Updating cert.sh" + file_template "cert.sh" \ + > "$(config "fs.bindir")/cert.sh" \ + && chmod +x "$(config "fs.bindir")/cert.sh" + + for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/snippets.d"/*.conf + do + snippet="$(basename "$path")" + + notice "webserver/sync" "Updating snippet $snippet" + file_template "snippets.d/$snippet" \ + > "$(config "fs.etcdir")/nginx/snippets.d/$snippet" + done + + for path_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/* + do + dir="$(basename "$path_dir")" + + for path_site in "$path_dir"/* + do + site="$(basename "$path_site")" + + notice "webserver/sync" "Updating site $dir/$site" + file_template "sites.d/$dir/$site" \ + > "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site" + done + done + + notice "webserver/sync" "Set nginx permissions to www user" + chown -R www:www "$(config "fs.etcdir")/nginx" + + notice "webserver/sync" "Renewing Let's Encrypt certificates" + certbot renew --no-random-sleep-on-renew + + [[ "$BASHTARD_COMMAND" == "add" ]] && return + + svc reload nginx +} + +playbook_del() +{ + # Stop and remove the service + svc stop nginx + svc disable nginx + + # Clean up resources + pkg uninstall nginx + rm -fr -- /etc/nginx "$(config "fs.bindir")/cert.sh" /var/www/.acme + userdel www + groupdel www +} |