From d95a8e6d597b19f4459f23363629910b3e4f8fbc Mon Sep 17 00:00:00 2001
From: cronekorkn <git@ckn.li>
Date: Fri, 25 Aug 2023 21:24:13 +0200
Subject: [PATCH] wip

---
 bundles/nginx/files/fastcgi   |  4 ----
 data/nginx/run_program.conf   | 29 +++++++++++++++++++++++++++++
 nodes/home.rufbereitschaft.py | 22 ++++++++++++++++++++--
 3 files changed, 49 insertions(+), 6 deletions(-)
 create mode 100644 data/nginx/run_program.conf

diff --git a/bundles/nginx/files/fastcgi b/bundles/nginx/files/fastcgi
index d115cf1..8acfabc 100644
--- a/bundles/nginx/files/fastcgi
+++ b/bundles/nginx/files/fastcgi
@@ -1,4 +1,3 @@
-fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
@@ -24,6 +23,3 @@ fastcgi_param  SERVER_NAME        $server_name;
 
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
-
-# This is the only thing that's different to the debian default.
-fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
diff --git a/data/nginx/run_program.conf b/data/nginx/run_program.conf
new file mode 100644
index 0000000..a5d3222
--- /dev/null
+++ b/data/nginx/run_program.conf
@@ -0,0 +1,29 @@
+# https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name ${server_name};
+
+    ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
+    ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
+
+    location / {
+        # Disable gzip (it makes scripts feel slower since they have to complete
+        # before getting gzipped)
+        gzip off;
+
+        # Set the root to /usr/lib (inside this location this means that we are
+        # giving access to the files under /usr/lib/cgi-bin)
+        root	/usr/lib;
+
+        # Fastcgi socket
+        fastcgi_pass  unix:/run/fcgiwrap.socket;
+
+        # Fastcgi parameters, include the standard ones
+        include /etc/nginx/params/fastcgi;
+
+        # Adjust non standard parameters (SCRIPT_FILENAME)
+        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/hello.cgi;
+    }
+}
diff --git a/nodes/home.rufbereitschaft.py b/nodes/home.rufbereitschaft.py
index aae1da3..cdb40fe 100644
--- a/nodes/home.rufbereitschaft.py
+++ b/nodes/home.rufbereitschaft.py
@@ -6,6 +6,7 @@
         'hardware',
         'home',
         'monitored',
+        'webserver',
     ],
     'bundles': [
         'wireguard',
@@ -19,8 +20,22 @@
                 'gateway4': '10.0.0.1',
             },
         },
-        'wireguard': {
-            'my_ip': '10.200.128.11/24',
+        'apt': {
+            'packages': {
+                'alsa-utils': {},
+                'espeak': {},
+                'libnginx-mod-http-lua': {},
+            },
+        },
+        'nginx': {
+            'vhosts': {
+                'rufbereitschaftsalarm.ckn.li': {
+                    'content': 'nginx/run_program.conf',
+                    'context': {
+                        'script': 'hello',
+                    },
+                },
+            },
         },
         'systemd': {
             'units': {
@@ -50,5 +65,8 @@
                 },
             },
         },
+        'wireguard': {
+            'my_ip': '10.200.128.11/24',
+        },
     },
 }