From f64cadd81fbaebeb8496f3cd9053764fec06a64e Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Mon, 18 Apr 2022 08:53:56 +0200
Subject: Various fixes to make the webserver playbook work

---
 playbooks.d/webserver/playbook.bash | 39 ++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

(limited to 'playbooks.d/webserver/playbook.bash')

diff --git a/playbooks.d/webserver/playbook.bash b/playbooks.d/webserver/playbook.bash
index 5c422f6..85c38be 100644
--- a/playbooks.d/webserver/playbook.bash
+++ b/playbooks.d/webserver/playbook.bash
@@ -3,7 +3,7 @@
 playbook_add()
 {
 	info "webserver/add" "Installing packages"
-	pkg install nginx
+	pkg install certbot nginx
 
 	info "webserver/add" "Create www user"
 	groupadd www
@@ -18,11 +18,19 @@ playbook_add()
 	rm -frv -- "$(config "fs.etcdir")/nginx"
 
 	info "webserver/add" "Creating desired directory structure"
-	mkdir -pv -- "$(config "fs.etcdir")/nginx"
-	mkdir -pv -- "$(config "fs.etcdir")/nginx/sites-available.d"
-	mkdir -pv -- "$(config "fs.etcdir")/nginx/sites-enabled.d"
-	mkdir -pv -- "$(config "fs.etcdir")/nginx/snippets.d"
-	mkdir -pv -- /var/www
+	mkdir -pv -- \
+		"$(config "fs.etcdir")/nginx" \
+		"$(config "fs.etcdir")/nginx/sites-available.d" \
+		"$(config "fs.etcdir")/nginx/sites-available.d/http" \
+		"$(config "fs.etcdir")/nginx/sites-available.d/https" \
+		"$(config "fs.etcdir")/nginx/sites-enabled.d" \
+		"$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
+		"$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
+		"$(config "fs.etcdir")/nginx/snippets.d" \
+		/var/www
+
+	info "webserver/add" "Generating dhparam.pem"
+	openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096
 
 	info "webserver/add" "Running sync to get all configuration going"
 	playbook_sync
@@ -60,17 +68,26 @@ playbook_sync()
 			> "$(config "fs.etcdir")/nginx/snippets.d/$snippet"
 	done
 
-	for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
+	for path_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
 	do
-		site="$(basename "$path")"
+		dir="$(basename "$path_dir")"
 
-		notice "webserver/sync" "Updating site $site"
-		file_template "sites.d/$site" \
-			> "$(config "fs.etcdir")/nginx/sites-available.d/$site"
+		for path_site in "$path_dir"/*
+		do
+			site="$(basename "$path_site")"
+
+			notice "webserver/sync" "Updating site $dir/$site"
+			file_template "sites.d/$dir/$site" \
+				> "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site"
+		done
 	done
 
+	notice "webserver/sync" "Set nginx permissions to www user"
 	chown -R www:www "$(config "fs.etcdir")/nginx"
 
+	notice "webserver/sync" "Renewing Let's Encrypt certificates"
+	certbot renew --no-random-sleep-on-renew
+
 	[[ "$BASHTARD_COMMAND" == "add" ]] && return
 
 	svc reload nginx
-- 
cgit v1.1