blob: e750eb60bf14ba59ce06acfe37b5cdf7c7ad1a61 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
#!/usr/bin/env bash
playbook_add()
{
info "webserver/add" "Installing packages"
pkg install \
certbot \
logrotate \
nginx
info "webserver/add" "Create nginx user account"
groupadd "$(config "nginx.group")"
useradd \
--home-dir /var/www \
--gid "$(config "nginx.group")" \
--system \
--shell /sbin/nologin \
"$(config "nginx.user")"
info "webserver/add" "Cleaning up whatever the package manager did"
rm -frv -- "$(config "fs.etcdir")/nginx"
info "webserver/add" "Creating desired directory structure"
mkdir -pv -- \
"$(config "fs.etcdir")/nginx" \
"$(config "fs.etcdir")/nginx/sites-available.d" \
"$(config "fs.etcdir")/nginx/sites-available.d/http" \
"$(config "fs.etcdir")/nginx/sites-available.d/https" \
"$(config "fs.etcdir")/nginx/sites-enabled.d" \
"$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
"$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
"$(config "fs.etcdir")/nginx/snippets.d" \
"$(config "fs.logdir")/nginx/access-logs" \
/var/www
info "webserver/add" "Generating dhparam.pem"
openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096
info "webserver/add" "Running sync to get all configuration going"
playbook_sync
svc enable nginx
svc start nginx
}
playbook_sync()
{
local snippets
local sites
notice "$BASHTARD_PLAYBOOK" "Updating logrotate"
file_template "logrotate.conf" \
user="$(config "nginx.user")" \
group="$(config "nginx.group")" \
> "$(config "fs.etcdir")/logrotate.d/nginx"
notice "webserver/sync" "Updating nginx.conf"
file_template "nginx.conf" \
etc="$(config "fs.etcdir")" \
user="$(config "nginx.user")" \
> "$(config "fs.etcdir")/nginx/nginx.conf"
notice "webserver/sync" "Updating mime.types"
file_template "mime.types" \
etc="$(config "fs.etcdir")" \
> "$(config "fs.etcdir")/nginx/mime.types"
notice "webserver/sync" "Updating cert.sh"
file_template "cert.sh" \
> "$(config "fs.bindir")/cert.sh" \
&& chmod +x "$(config "fs.bindir")/cert.sh"
for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/snippets.d"/*.conf
do
snippet="$(basename "$path")"
notice "webserver/sync" "Updating snippet $snippet"
file_template "snippets.d/$snippet" \
> "$(config "fs.etcdir")/nginx/snippets.d/$snippet"
done
for path_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
do
dir="$(basename "$path_dir")"
for path_site in "$path_dir"/*
do
site="$(basename "$path_site")"
notice "webserver/sync" "Updating site $dir/$site"
file_template "sites.d/$dir/$site" \
> "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site"
done
done
notice "webserver/sync" "Set nginx permissions to www user"
chown -R "$(config "nginx.user"):$(config "nginx.group")" "$(config "fs.etcdir")/nginx"
notice "webserver/sync" "Renewing Let's Encrypt certificates"
certbot renew --no-random-sleep-on-renew
[[ "$BASHTARD_COMMAND" == "add" ]] && return
svc reload nginx
}
playbook_del()
{
# Stop and remove the service
svc stop nginx
svc disable nginx
# Clean up resources
pkg uninstall nginx
rm -fr -- /etc/nginx "$(config "fs.bindir")/cert.sh" /var/www/.acme
userdel www
groupdel www
}
|
