2019-03-03 08:50:49 +00:00
|
|
|
# Create a user for managing `nginx`:
|
|
|
|
|
user 'webadm' do
|
|
|
|
|
home '/home/webadm'
|
|
|
|
|
shell '/bin/bash'
|
|
|
|
|
password '$1$lzfGward$TODNAMe9S9v.BXqpCV0p60'
|
|
|
|
|
create_home true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Deploy the `sudoers` file:
|
|
|
|
|
remote_file '/etc/sudoers.d/webadm' do
|
|
|
|
|
owner 'root'
|
|
|
|
|
group 'root'
|
|
|
|
|
mode '440'
|
|
|
|
|
end
|
|
|
|
|
|
2020-10-10 13:08:21 +00:00
|
|
|
# Create directories:
|
|
|
|
|
%w(/home/webadm/.ssh /home/webadm/repo).each do |d|
|
|
|
|
|
directory d do
|
|
|
|
|
owner 'webadm'
|
|
|
|
|
group 'webadm'
|
|
|
|
|
mode '700'
|
|
|
|
|
end
|
2019-03-03 08:50:49 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Deploy `~/.ssh/.ssh/authorized_keys`:
|
|
|
|
|
encrypted_remote_file '/home/webadm/.ssh/authorized_keys' do
|
|
|
|
|
owner 'webadm'
|
|
|
|
|
group 'webadm'
|
|
|
|
|
mode '600'
|
|
|
|
|
source 'files/home/webadm/.ssh/authorized_keys'
|
|
|
|
|
password ENV['ITAMAE_PASSWORD']
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Deploy secret keys
|
2019-10-27 06:40:08 +00:00
|
|
|
%w( id_rsa.github id_rsa.chef ).each do |conf|
|
2019-03-03 08:50:49 +00:00
|
|
|
encrypted_remote_file "/home/webadm/.ssh/#{conf}" do
|
|
|
|
|
owner 'webadm'
|
|
|
|
|
group 'webadm'
|
|
|
|
|
mode '600'
|
|
|
|
|
source "files/home/webadm/.ssh/#{conf}"
|
|
|
|
|
password ENV['ITAMAE_PASSWORD']
|
|
|
|
|
end
|
|
|
|
|
end
|
2019-11-03 05:42:07 +00:00
|
|
|
|
|
|
|
|
# Create `repo` directory:
|
|
|
|
|
git '/home/webadm/repo/nginx-config' do
|
|
|
|
|
user 'webadm'
|
|
|
|
|
repository 'https://gitea.kazu634.com/kazu634/nginx-config.git'
|
|
|
|
|
end
|
|
|
|
|
|
