From 20638178217c3980572c10ca4dba1cf5d5c4da80 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sat, 28 Jan 2023 20:11:54 +0900 Subject: [PATCH] Move `webadm` configuration parts to `webadm.rb`. --- cookbooks/nginx/deploy.rb | 84 --------------------------------------- cookbooks/nginx/webadm.rb | 58 +++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 84 deletions(-) delete mode 100644 cookbooks/nginx/deploy.rb diff --git a/cookbooks/nginx/deploy.rb b/cookbooks/nginx/deploy.rb deleted file mode 100644 index 12637fc..0000000 --- a/cookbooks/nginx/deploy.rb +++ /dev/null @@ -1,84 +0,0 @@ -##################################### -# LEGO Settings -##################################### -execute "#{LEGO_STORAGE}/lego_run.sh" do - user 'root' - cwd LEGO_STORAGE - not_if "test -d #{LEGO_STORAGE}/.lego" -end - -encrypted_remote_file '/etc/cron.d/lego' do - owner 'root' - group 'root' - mode '644' - source 'files/etc/cron.d/lego' - password ENV['ITAMAE_PASSWORD'] -end - -remote_file "/etc/lego/dhparams_4096.pem" do - owner 'root' - group 'root' - mode '444' -end - -execute "openssl rand 48 > /etc/lego/ticket.key" - - -##################################### -# Deploy nginx Settings -##################################### - -# Deploy the `sudoers` file: -remote_file '/etc/sudoers.d/webadm' do - owner 'root' - group 'root' - mode '440' -end - -# Create directories: -%w(/home/webadm/.ssh /home/webadm/repo).each do |d| - directory d do - owner 'webadm' - group 'webadm' - mode '700' - end -end - -# Deploy `~/.ssh/.ssh/authorized_keys`: -encrypted_remote_file '/home/webadm/.ssh/authorized_keys' do - owner 'webadm' - group 'webadm' - mode '600' - source 'files/home/webadm/.ssh/authorized_keys' - password ENV['ITAMAE_PASSWORD'] -end - -# Deploy secret keys -%w( id_rsa.github id_rsa.chef ).each do |conf| - encrypted_remote_file "/home/webadm/.ssh/#{conf}" do - owner 'webadm' - group 'webadm' - mode '600' - source "files/home/webadm/.ssh/#{conf}" - password ENV['ITAMAE_PASSWORD'] - end -end - -# Create `repo` directory: -git '/home/webadm/repo/nginx-config' do - user 'webadm' - repository 'https://gitea.kazu634.com/kazu634/nginx-config.git' -end - -execute '/home/webadm/repo/nginx-config/deploy.sh' do - user 'root' - cwd '/home/webadm/repo/nginx-config/' -end - -service 'consul-template' do - action :restart -end - -service 'nginx' do - action :restart -end diff --git a/cookbooks/nginx/webadm.rb b/cookbooks/nginx/webadm.rb index 7b16ccd..ec0aa53 100644 --- a/cookbooks/nginx/webadm.rb +++ b/cookbooks/nginx/webadm.rb @@ -6,3 +6,61 @@ user 'webadm' do create_home true end +##################################### +# Deploy nginx Settings +##################################### + +# Deploy the `sudoers` file: +remote_file '/etc/sudoers.d/webadm' do + owner 'root' + group 'root' + mode '440' +end + +# Create directories: +%w(/home/webadm/.ssh /home/webadm/repo).each do |d| + directory d do + owner 'webadm' + group 'webadm' + mode '700' + end +end + +# Deploy `~/.ssh/.ssh/authorized_keys`: +encrypted_remote_file '/home/webadm/.ssh/authorized_keys' do + owner 'webadm' + group 'webadm' + mode '600' + source 'files/home/webadm/.ssh/authorized_keys' + password ENV['ITAMAE_PASSWORD'] +end + +# Deploy secret keys +%w( id_rsa.github id_rsa.chef ).each do |conf| + encrypted_remote_file "/home/webadm/.ssh/#{conf}" do + owner 'webadm' + group 'webadm' + mode '600' + source "files/home/webadm/.ssh/#{conf}" + password ENV['ITAMAE_PASSWORD'] + end +end + +# Create `repo` directory: +git '/home/webadm/repo/nginx-config' do + user 'webadm' + repository 'https://github.com/kazu634/nginx-config.git' +end + +execute '/home/webadm/repo/nginx-config/deploy.sh' do + user 'root' + cwd '/home/webadm/repo/nginx-config/' +end + +service 'consul-template' do + action :restart +end + +service 'nginx' do + action :restart +end