kazu634
/
itamae
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'modify-blog-deployment' of kazu634/itamae into master

This commit is contained in:
Kazuhiro MUSASHI 2019-11-06 00:12:48 +09:00 committed by Gitea
parent 12f21856bd 272afbaf2e
commit 99136245c4
9 changed files with 43 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cookbooks/blog/default.rb
View File

@ -1,6 +1,5 @@
include_recipe './attributes.rb'
if node['blog']['production']
include_recipe './ssl.rb'
include_recipe './nginx.rb'
end

1
cookbooks/blog/files/etc/cron.d/blog
View File

@ -1,2 +1 @@
@reboot webadm cp -pr /home/webadm/works/public/* /var/www/blog/
12 3 * * * root openssl rand 48 > /etc/letsencrypt/live/blog.kazu634.com/ticket.key

32
cookbooks/blog/nginx.rb
View File

@ -1,29 +1,3 @@
# Deploy the nginx configuration file:
remote_file '/etc/nginx/sites-available/blog' do
owner 'root'
group 'root'
mode '644'
end
# Deploy cron tab configuration for nginx
remote_file '/etc/cron.d/blog' do
owner 'root'
group 'root'
mode '644'
end
# Create link:
link '/etc/nginx/sites-enabled/blog' do
user 'root'
to '/etc/nginx/sites-available/blog'
notifies :restart, 'service[nginx]'
end
service 'nginx' do
action :nothing
end
# Create the nginx directory:
directory '/var/www/blog' do
owner 'www-data'
@ -48,6 +22,12 @@ execute 'mount -a' do
action :nothing
end
remote_file '/etc/cron.d/blog' do
owner 'root'
group 'root'
mode '644'
end
# Add monit configuration file for monitoring nginx logs:
remote_file '/etc/monit/conf.d/blog-log.conf' do
owner 'root'

16
cookbooks/blog/ssl.rb
View File

@ -1,16 +0,0 @@
[
'rm -f /etc/nginx/sites-enabled/*',
'ln -f -s /etc/nginx/sites-available/maintenance /etc/nginx/sites-enabled/maintenance',
'systemctl reload nginx',
"test -e /etc/letsencrypt/live/#{node['blog']['FQDN']}/cert.pem || certbot certonly --webroot -d #{node['blog']['FQDN']} --webroot-path /usr/share/nginx/html/ --email simoom634@yahoo.co.jp --agree-tos -n",
'/home/webadm/bin/nginx-config.sh',
].each do |cmd|
execute cmd
end
remote_file "/etc/letsencrypt/live/#{node['blog']['FQDN']}/dhparams_4096.pem" do
owner 'root'
group 'root'
end
execute "openssl rand 48 > /etc/letsencrypt/live/#{node['blog']['FQDN']}/ticket.key"

19
cookbooks/nginx/files/etc/cron.d/lego
View File

@ -1,9 +1,10 @@
md5:57b921ce69f66f9e8a55f701b6ba1280:salt:181-24-185-209-50-114-63-114:aes-256-cfb:wvv7sg+fdPPpfs6v8NeRSCVXCLpdVrcsI5jr1ct959oIDy2E9mip1wEEt00v
fP+9XCrHZnRG9aXy7jdVHZfuLI9Pw9ADqL7kJK35CQAue6LKHewSDnwr64CN
aFaw5pNSdnMpvGvzZiPe0nsqWTucsHl/0/BsnFNYBSdLRH2IZcYG2Do8iYbl
loml6MZ+Lfaf1YEMUREKkPwNn+vq3eC4ihLd/fs2n21tlq9DBGbTlsL37k/D
3sIea62lB2uym+3fi4vaSvP4MvYedaJ8WcXYFINMh4miTYMmXCUHLPiDJrX+
YEVO6QU00psjCqXj/kpYPVhvJRg74E9S6cKfsT/ZDJG7Blm95aVnTEgG2fJV
MG19BdzXIE/4qrqclFO0A7s/syl9vCC+jecqmP7jWnDiO3eVvPrmr0XHfuIE
owMUMLnUGfQqK7AS5oYKDEa2g30o44U/PljI91B9jYXwScny0S6g+NRZBZcP
vG+o4g2oGTVwVrXc
md5:30a0e77addb4f453a88596f1d19c504d:salt:179-208-102-156-63-139-97-68:aes-256-cfb:lH4eJhn7bmGIA2yV3C9OC3nPS7fFs9gewhGr8ZnGwcJy12EHYkrRhgJOJbyv
Rn7vyHEbHWUpcTI6PdYs7HX+7OjxiNTkEvagc8DwGegy9TUcnDLwoeyXzX9o
MU4/DI3B06wguG04HRpv3428uF1r6a+wNbi1CGaTfFqIDlTFW920BM7vEKhn
HrvLrO6m8mCHpqfCFUF7UPIUx+0DhfH9yCfqIa0Wz+x7QwEGdzXJY8i8oA1/
ryV4248P3WVv18GD/Pm3Kjq1LDkjwwgsjFm8m/V1WDL+1uWv6aWILUqdqYge
4hgDgT6TjsovatXsBTGJ21f21J/qlTRvhIXNHs62RAcLglFAShFp6RPY/VMf
mQqccWxKhidms/nqM9Xh+3o8dqhqr8FWMdVlQ1SX/Yi1OzB64e2i1MxiqpvQ
DfCOxJLVo13WuoiDmquuI4PV16ozl1p+0ccaQEDEoQZK0AsOBJJ6aCloSak0
MMM1+fmvvqB2MaFUUt2txsv/5J1lNVZ3xW6H5veOSFNTXMFBqLPFSjoMDOEs
s+lkHd+AneN5YTUIGxDCpfdsPhginA==

0
cookbooks/blog/files/etc/letsencrypt/live/blog.kazu634.com/dhparams_4096.pem → cookbooks/nginx/files/etc/lego/dhparams_4096.pem
View File

8
cookbooks/nginx/lego.rb
View File

@ -98,3 +98,11 @@ encrypted_remote_file '/etc/cron.d/lego' do
source 'files/etc/cron.d/lego'
password ENV['ITAMAE_PASSWORD']
end
remote_file "/etc/lego/dhparams_4096.pem" do
owner 'root'
group 'root'
mode '444'
end
execute "openssl rand 48 > /etc/lego/ticket.key"

30
cookbooks/nginx/setup.rb
View File

@ -7,12 +7,18 @@
end
end
%w( sites-available sites-enabled stream-available stream-enabled).each do |d|
directory "/etc/nginx/#{d}" do
owner 'root'
group 'root'
mode '755'
link '/etc/nginx/sites-enabled' do
to '/home/webadm/repo/nginx-config/sites-available'
user 'root'
notifies :reload, 'service[nginx]'
end
link '/etc/nginx/stream-enabled' do
to '/home/webadm/repo/nginx-config/stream-available'
user 'root'
notifies :reload, 'service[nginx]'
end
# Deploy the nginx configuration files:
@ -24,20 +30,6 @@ remote_file '/etc/nginx/nginx.conf' do
notifies :reload, 'service[nginx]'
end
%w( default maintenance ).each do |conf|
remote_file "/etc/nginx/sites-available/#{conf}" do
owner 'root'
group 'root'
mode '644'
end
end
link '/etc/nginx/sites-enabled/default' do
to '/etc/nginx/sites-available/default'
notifies :reload, 'service[nginx]'
end
# Log rotation setting:
remote_file '/etc/logrotate.d/nginx' do
owner 'root'

7
cookbooks/nginx/webadm.rb
View File

@ -39,3 +39,10 @@ end
password ENV['ITAMAE_PASSWORD']
end
end
# Create `repo` directory:
git '/home/webadm/repo/nginx-config' do
user 'webadm'
repository 'https://gitea.kazu634.com/kazu634/nginx-config.git'
end