blob: 95d025477768fc0e3aacacd1fb687897c42b455a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
#!/usr/bin/env bash
playbook_add()
{
info "webserver/add" "Installing packages"
pkg install \
certbot \
goaccess \
logrotate \
nginx
info "webserver/add" "Create nginx user account"
groupadd "$(config "nginx.group")"
useradd \
--home-dir /var/www \
--gid "$(config "nginx.group")" \
--system \
--shell /sbin/nologin \
"$(config "nginx.user")"
info "webserver/add" "Cleaning up whatever the package manager did"
rm -frv -- "$(config "fs.etcdir")/nginx"
info "webserver/add" "Creating desired directory structure"
mkdir -pv -- \
"$(config "fs.etcdir")/nginx" \
"$(config "fs.etcdir")/nginx/sites-available.d" \
"$(config "fs.etcdir")/nginx/sites-available.d/http" \
"$(config "fs.etcdir")/nginx/sites-available.d/https" \
"$(config "fs.etcdir")/nginx/sites-available.d/revproxy" \
"$(config "fs.etcdir")/nginx/sites-enabled.d" \
"$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
"$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
"$(config "fs.etcdir")/nginx/sites-enabled.d/revproxy" \
"$(config "fs.etcdir")/nginx/snippets.d" \
"$(config "fs.logdir")/nginx/access" \
/var/www
info "webserver/add" "Generating dhparam.pem"
openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096
info "webserver/add" "Running sync to get all configuration going"
playbook_sync
svc enable nginx
svc start nginx
}
playbook_sync()
{
local snippets
local sites
notice "$BASHTARD_PLAYBOOK" "Updating logrotate"
file_template "logrotate.conf" \
user="$(config "nginx.user")" \
group="$(config "nginx.group")" \
> "$(config "fs.etcdir")/logrotate.d/nginx"
notice "$BASHTARD_PLAYBOOK" "Configure goaccess service"
mkdir -pv /etc/systemd/system
file_template "goaccess.service" \
user="$(config "nginx.user")" \
group="$(config "nginx.group")" \
> "/etc/systemd/system/goaccess@.service"
notice "webserver/sync" "Updating nginx.conf"
file_template "nginx.conf" \
etc="$(config "fs.etcdir")" \
user="$(config "nginx.user")" \
> "$(config "fs.etcdir")/nginx/nginx.conf"
notice "webserver/sync" "Updating mime.types"
file_template "mime.types" \
etc="$(config "fs.etcdir")" \
> "$(config "fs.etcdir")/nginx/mime.types"
notice "webserver/sync" "Updating cert.sh"
file_template "cert.sh" \
> "$(config "fs.bindir")/cert.sh" \
&& chmod +x "$(config "fs.bindir")/cert.sh"
for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/snippets.d"/*.conf
do
snippet="$(basename "$path")"
notice "webserver/sync" "Updating snippet $snippet"
file_template "snippets.d/$snippet" \
> "$(config "fs.etcdir")/nginx/snippets.d/$snippet"
done
for sites_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
do
dir="$(basename "$sites_dir")"
for path_site in "$sites_dir"/*
do
site="$(basename "$path_site")"
notice "webserver/sync" "Updating site $dir/$site"
file_template "sites.d/$dir/$site" \
> "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site"
done
done
notice "webserver/sync" "Set nginx permissions to www user"
chown -R "$(config "nginx.user"):$(config "nginx.group")" "$(config "fs.etcdir")/nginx"
notice "webserver/sync" "Renewing Let's Encrypt certificates"
certbot renew --no-random-sleep-on-renew
notice "webserver/sync" "Set Let's Encrypt permissions to www user"
chown -R "$(config "nginx.user"):$(config "nginx.group")" "$(config "fs.etcdir")/letsencrypt"
[[ "$BASHTARD_COMMAND" == "add" ]] && return
svc reload nginx
}
playbook_del()
{
# Stop and remove the service
svc stop nginx
svc disable nginx
# Clean up resources
pkg uninstall nginx
rm -fr -- /etc/nginx "$(config "fs.bindir")/cert.sh" /var/www/.acme
userdel www
groupdel www
}
|