From bd359d8ec6d94d116ffedfafece49f090c979c3f Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Tue, 4 May 2021 11:35:39 +0900 Subject: [PATCH] Modify the nginx deployment. --- cookbooks/nginx/default.rb | 1 + cookbooks/nginx/deploy.rb | 84 ++++++++++++++++++++++++++++++++++++++ cookbooks/nginx/webadm.rb | 54 ------------------------ 3 files changed, 85 insertions(+), 54 deletions(-) create mode 100644 cookbooks/nginx/deploy.rb diff --git a/cookbooks/nginx/default.rb b/cookbooks/nginx/default.rb index 07d52f6..65e98b7 100644 --- a/cookbooks/nginx/default.rb +++ b/cookbooks/nginx/default.rb @@ -43,3 +43,4 @@ include_recipe './build.rb' # Setup nginx: include_recipe './setup.rb' + diff --git a/cookbooks/nginx/deploy.rb b/cookbooks/nginx/deploy.rb new file mode 100644 index 0000000..12637fc --- /dev/null +++ b/cookbooks/nginx/deploy.rb @@ -0,0 +1,84 @@ +##################################### +# LEGO Settings +##################################### +execute "#{LEGO_STORAGE}/lego_run.sh" do + user 'root' + cwd LEGO_STORAGE + not_if "test -d #{LEGO_STORAGE}/.lego" +end + +encrypted_remote_file '/etc/cron.d/lego' do + owner 'root' + group 'root' + mode '644' + source 'files/etc/cron.d/lego' + password ENV['ITAMAE_PASSWORD'] +end + +remote_file "/etc/lego/dhparams_4096.pem" do + owner 'root' + group 'root' + mode '444' +end + +execute "openssl rand 48 > /etc/lego/ticket.key" + + +##################################### +# Deploy nginx Settings +##################################### + +# Deploy the `sudoers` file: +remote_file '/etc/sudoers.d/webadm' do + owner 'root' + group 'root' + mode '440' +end + +# Create directories: +%w(/home/webadm/.ssh /home/webadm/repo).each do |d| + directory d do + owner 'webadm' + group 'webadm' + mode '700' + end +end + +# Deploy `~/.ssh/.ssh/authorized_keys`: +encrypted_remote_file '/home/webadm/.ssh/authorized_keys' do + owner 'webadm' + group 'webadm' + mode '600' + source 'files/home/webadm/.ssh/authorized_keys' + password ENV['ITAMAE_PASSWORD'] +end + +# Deploy secret keys +%w( id_rsa.github id_rsa.chef ).each do |conf| + encrypted_remote_file "/home/webadm/.ssh/#{conf}" do + owner 'webadm' + group 'webadm' + mode '600' + source "files/home/webadm/.ssh/#{conf}" + password ENV['ITAMAE_PASSWORD'] + end +end + +# Create `repo` directory: +git '/home/webadm/repo/nginx-config' do + user 'webadm' + repository 'https://gitea.kazu634.com/kazu634/nginx-config.git' +end + +execute '/home/webadm/repo/nginx-config/deploy.sh' do + user 'root' + cwd '/home/webadm/repo/nginx-config/' +end + +service 'consul-template' do + action :restart +end + +service 'nginx' do + action :restart +end diff --git a/cookbooks/nginx/webadm.rb b/cookbooks/nginx/webadm.rb index aab4f1e..7b16ccd 100644 --- a/cookbooks/nginx/webadm.rb +++ b/cookbooks/nginx/webadm.rb @@ -6,57 +6,3 @@ user 'webadm' do create_home true end -# Deploy the `sudoers` file: -remote_file '/etc/sudoers.d/webadm' do - owner 'root' - group 'root' - mode '440' -end - -# Create directories: -%w(/home/webadm/.ssh /home/webadm/repo).each do |d| - directory d do - owner 'webadm' - group 'webadm' - mode '700' - end -end - -# Deploy `~/.ssh/.ssh/authorized_keys`: -encrypted_remote_file '/home/webadm/.ssh/authorized_keys' do - owner 'webadm' - group 'webadm' - mode '600' - source 'files/home/webadm/.ssh/authorized_keys' - password ENV['ITAMAE_PASSWORD'] -end - -# Deploy secret keys -%w( id_rsa.github id_rsa.chef ).each do |conf| - encrypted_remote_file "/home/webadm/.ssh/#{conf}" do - owner 'webadm' - group 'webadm' - mode '600' - source "files/home/webadm/.ssh/#{conf}" - password ENV['ITAMAE_PASSWORD'] - end -end - -# Create `repo` directory: -git '/home/webadm/repo/nginx-config' do - user 'webadm' - repository 'https://gitea.kazu634.com/kazu634/nginx-config.git' -end - -execute '/home/webadm/repo/nginx-config/deploy.sh' do - user 'root' - cwd '/home/webadm/repo/nginx-config/' -end - -service 'consul-template' do - action :restart -end - -service 'nginx' do - action :restart -end