cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
CroneKorkN 2025-06-09 19:46:00 +02:00
parent 18a2522919
commit 84b7017504
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
3 changed files with 30 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bundles/nginx/files/nginx.conf
View file

@ -39,5 +39,5 @@ http {
} }
% endif % endif
include /etc/nginx/sites/*; include /etc/nginx/sites-enabled/*;
} }

19
bundles/nginx/items.py
View file

@ -9,7 +9,7 @@ directories = {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
}, },
}, },
'/etc/nginx/sites': { '/etc/nginx/sites-available': {
'purge': True, 'purge': True,
'triggers': { 'triggers': {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
@ -25,6 +25,13 @@ directories = {
'purge': True, 'purge': True,
'owner': 'www-data', 'owner': 'www-data',
}, },
# temp
'/var/www/certbot': {
'owner': 'www-data',
'group': 'www-data',
'mode': '0755',
}
} }
files = { files = {
@ -76,6 +83,12 @@ files = {
}, },
} }
symlinks = {
'/etc/nginx/sites-enabled': {
'target': '/etc/nginx/sites-available',
},
}
actions = { actions = {
'nginx-generate-dhparam': { 'nginx-generate-dhparam': {
'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096', 'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096',
@ -94,7 +107,7 @@ svc_systemd = {
for name, config in node.metadata.get('nginx/vhosts').items(): for name, config in node.metadata.get('nginx/vhosts').items():
files[f'/etc/nginx/sites/{name}'] = { files[f'/etc/nginx/sites-available/{name}'] = {
'content': Template(filename=join(repo.path, 'data', config['content'])).render( 'content': Template(filename=join(repo.path, 'data', config['content'])).render(
server_name=name, server_name=name,
**config.get('context', {}), **config.get('context', {}),
@ -110,6 +123,6 @@ for name, config in node.metadata.get('nginx/vhosts').items():
} }
if name in node.metadata.get('letsencrypt/domains'): if name in node.metadata.get('letsencrypt/domains'):
files[f'/etc/nginx/sites/{name}']['needs'].append( files[f'/etc/nginx/sites-available/{name}']['needs'].append(
f'action:letsencrypt_ensure-some-certificate_{name}', f'action:letsencrypt_ensure-some-certificate_{name}',
) )

15
data/yourls/vhost.conf
View file

@ -3,12 +3,13 @@ server {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name ${server_name}; server_name ${server_name};
ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem; ssl_certificate /etc/letsencrypt/archive/${server_name}/fullchain1.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem; ssl_certificate_key /etc/letsencrypt/archive/${server_name}/privkey1.pem;
root /var/www/yourls/htdocs; root /var/www/yourls/htdocs;
location / { location / {
index index.php index.html index.htm;
try_files $uri $uri/ /yourls-loader.php$is_args$args; try_files $uri $uri/ /yourls-loader.php$is_args$args;
} }
@ -17,4 +18,14 @@ server {
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_pass unix:/run/php/php${php_version}-fpm.sock; fastcgi_pass unix:/run/php/php${php_version}-fpm.sock;
} }
# temp
location ^~ /.well-known/acme-challenge/ {
alias /var/www/certbot/;
} }
}
# FIXME: this is a temporary solution to allow the certbot challenge to work:
# - ssl_certificate
# - ssl_certificate_key