bundlewrap/bundles/nginx/items.py

from datetime import datetime, timedelta
from mako.template import Template
from os.path import join

directories = {
    '/etc/nginx': {
        'purge': True,
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/sites-available': {
        'purge': True,
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/params': {
        'purge': True,
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/var/www': {
        'purge': True,
        'owner': 'www-data',
    },
}

files = {
    '/etc/nginx/nginx.conf': {
        'content_type': 'mako',
        'context': {
            'modules': node.metadata.get('nginx/modules'),
            'worker_processes': node.metadata.get('vm/cores'),
            'has_websockets': node.metadata.get('nginx/has_websockets'),
        },
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/params/fastcgi': {
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/params/proxy': {
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/params/uwsgi': {
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/params/scgi': {
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/mime.types': {
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/sites/80.conf': {
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
    '/etc/nginx/sites/stub_status.conf': {
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    },
}

symlinks = {
    '/etc/nginx/sites-enabled': {
        'target': '/etc/nginx/sites-available',
    },
}

actions = {
    'nginx-generate-dhparam': {
        'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096',
        'unless': 'test -f /etc/ssl/certs/dhparam.pem',
    },
}

svc_systemd = {
    'nginx': {
        'needs': {
            'action:nginx-generate-dhparam',
            'pkg_apt:nginx',
        },
    },
}


for name, config in node.metadata.get('nginx/vhosts').items():
    files[f'/etc/nginx/sites-available/{name}'] = {
        'content': Template(filename=join(repo.path, 'data', config['content'])).render(
            server_name=name,
            **config.get('context', {}),
        ),
        'needs': [],
        'needed_by': {
            'svc_systemd:nginx',
            'svc_systemd:nginx:restart',
        },
        'triggers': {
            'svc_systemd:nginx:restart',
        },
    }

    if name in node.metadata.get('letsencrypt/domains'):
        files[f'/etc/nginx/sites-available/{name}']['needs'].append(
            f'action:letsencrypt_ensure-some-certificate_{name}',
        )