.ruby-version

@@ -1 +1 @@
-3.2.2
+3.1.2

cookbooks/base/packages.rb

@@ -62,13 +62,3 @@ end
     mode '755'
   end
 end
-
-# mDNS
-package 'avahi-daemon'
-
-execute 'ufw allow 5353/udp' do
-  user 'root'
-
-  not_if 'LANG=c ufw status | grep 5353'
-  notifies :run, 'execute[ufw reload-or-enable]'
-end

cookbooks/consul/attributes.rb

@@ -23,6 +23,6 @@ node.reverse_merge!({
     'ipaddr' => ipaddr,
     'dns' => dns,
     'encrypt' => 's2T3XUTb9MjHYOw8I820O5YkN2G6eJrjLjJRTnEAKoM=',
-    'token' => '39f8fc02-7ec7-ec7b-7bc6-e6e16bb8deca'
+    'token' => 'acb7096c-dcda-775a-b52c-b47c96b38d0e'
   }
 })

cookbooks/everun/nginx.rb

@@ -24,7 +24,7 @@ execute 'mount -a' do
   action :nothing
 end
 
-remote_file '/etc/cron.d/everun-blog' do
+remote_file '/etc/cron.d/everun' do
   owner 'root'
   group 'root'
   mode '644'

cookbooks/nginx/attributes.rb

@@ -3,7 +3,7 @@
 # -------------------------------------------
 node.reverse_merge!({
   'nginx' => {
-    'version' => '1.25.0',
+    'version' => '1.23.2',
     'skip_lego' => 'true',
     'skip_webadm' => 'true'
   }

cookbooks/nginx/build.rb

@@ -78,7 +78,7 @@ directory MODULEDIR do
 end
 
 # Build starts here:
-execute "#{NGINXBUILD} -d working -v #{version} -c configure.sh -zlib -pcre -libressl -libresslversion 3.8.0" do
+execute "#{NGINXBUILD} -d working -v #{version} -c configure.sh -zlib -pcre -openssl" do
   cwd WORKDIR
   user USER
 

cookbooks/nginx/files/etc/cron.d/everun

@@ -1,10 +0,0 @@
-md5:e2c4b92cac6937e5c2e14bcb166748cf:salt:35-2-158-147-217-138-24-188:aes-256-cfb:m5WUGUv4kMl3U4EpsDCZbTmqfDQEp3CGzBk84671Dhxt0rRtETnCY2ECGD7W
-+O9MMKk0jCDCUxz7EZoggsHQL40dwvcCKs5qgcFFmZYOMygfxBVJ+cqBZ//0
-Zdav0tp1Qc3ejX2x3kmZBgAn4WCRVCmIZYtPYj0w4nrAohXSITJOo6MKNfsB
-ASvoywRNHTYJAxT/UrYrJudR3Yq2a0gIcVgGZAYBKOUb2syMTixo245x128p
-pX2QtcHjE87g9uGeUVWLkIM9m5uvBGULgdKknO03PXF0jWHxQvv/RRN+aG0H
-To70zhqrlJWibKlO9PgPyVhoQSgxBG9i2f18hw2Kcnr0xSYvfC3yfkvem5C2
-Zgpj+xRIfbB6tw7k/ePdguBJ5e94Y5nDtavMr58Wxgtnleyc3/k/iRgK1wpD
-BUrf83ZWMt3QPwDL4J5npo+4YDCObrsvO3BD14XMUHpSpCvVdKCnMnngQdRt
-7TERfhMMRCPcHbUD9gFh6HcsT+GzU6a9iwyJ03nYweWB/nXGGfwnTfrklwfJ
-CuTSFnA=

cookbooks/nginx/files/etc/cron.d/kazu634

@@ -1,10 +0,0 @@
-md5:3429dd1d1b7fae6ff356c639afaeaa7c:salt:114-48-239-183-69-3-57-50:aes-256-cfb:/mKhySMGT7hiRIYO45LOqBxEmwI6wCQKvrwdK+sOJq5p5xbn7wDiYwUWnhGT
-feCcW0iiVS0Qq5Wpnf01KTBaQWPditaR/CBYxCToV0EZ+7lA6HUTaX7qELGP
-nPTkPn6CmTgW7I/kI9XfkeeSbT0Ti+2xo3XSpce1kftGp67aBcxM6XLSCKiS
-IUMFoQIBHbUlJxJ5y6vj3uA/2v/r99y/dHymoKS695abnFPfq6rDqnJC7PKe
-wEeLoObLSauqgnTF4CZUgZxaSSVUCNRjkV3WTHiu3UIEsHjiwJFBqJfWzVr9
-dvgzZAFt5YUwwGHEhZjtO66/Tp8Po4SZzRRDbftCBSS8nIZQ66qYwmKHGK98
-eYOFtpbQYnVMJKWd+orSDse61CcaT2tPgTZ4fjln/a4Ru4V5Kr4/HRyRmn6J
-bIzBVuBVuh8T0oh36GSefSjfL7KyProS4waFlX53qwrMPHBmP873cJ2ZO1GN
-HYk2QEUPP1BWEWiv9kfNu6mZPKVHIL7CEkvOAxlDWaKjgll5eNbbfzDw1hh3
-Hn3RPGs=

cookbooks/nginx/files/etc/cron.d/lego

@@ -0,0 +1,15 @@
+md5:c79b07af6291083d791d1902a2637509:salt:199-29-148-147-93-118-94-214:aes-256-cfb:+1A39ytpBJ0l9yD+eCP5DmHnSILgFr9JLu0o+JoVbBEY2JoJiv6e0M23etSN
+OHHH/AlnnrSarWA7UzO3aXZP8aNsi5N6VWXwGLw4XtqnwjWryUebGjIDwGrU
+ioN1q0lVfw+Yqo5k27eVrVJNrL/Ki/Uu5NPqdGZScFcBq4FYjDUfFAuJqKCB
+LAf24VqY3d9DhxibsVlM4kkEczOzjX0opRLPAyef50pSlu53SCnM/93v8ekN
+03JUPGove1klD+gwYBWEx6PLJp/ECnPeRhIqRayEDTpGQ7kVoK7zruJGTPhj
+Esk9yd6wabSHVv7TrsyFQxqzVn93zd/KnivKtCs1qf7kvg24zpvAygjn5RhW
+MyXxIPDw7TE64xzwzhmu2/mVRZrUxsY2entJ9OJFqi9a7n54Io6iLKN70b3R
+ecg2qXX8arlSKqb4QzqegRr1/w3t67EsuyTArU6Juj48gHKGiwbp9pdMTLdZ
+L7lLUn8pbFNldWFCT4UjYtXPPpdNbm9Fp4RQXTYZdY8cYYGHzffLwCk7GlGX
+uTpXtmGnfyQtZm+c7X2MP/dWCyyexBQXj+S5YSdE47XVYMnCKrVJjej6Q2je
+qTd+Axrzn9K4p7Q9fOwOKLMUXOgfMMmHbfw2xmcpt+oWIWm+JyiGngylOu0b
+zxWrff+iUIL0EedLSes0Opc4/gFKqa97r5qv5qwDKR7jgjeULDe6Rzn/Xv+M
+lVGm3YGZnnNGG7Nf/qIn2SEyEi89DbPTLfOeeFx1ThVMVTjU7sLivyIrmz5e
+8T0Cq/i9K2A8iijhyOugDWikNCRjQK8ZzL6WAtzL7nWLYp5jCTD9PFMfDgFo
+7t4zAqat4iT1HtZdt7hiUO5MbA==

cookbooks/nginx/files/etc/lego/everun_run.sh

@@ -1,8 +1,8 @@
-md5:f1a7f852ea51d6b8563181be132d4bf6:salt:76-196-202-16-222-165-29-232:aes-256-cfb:VPluMlC6LE/wPGIAbOA0h3Fp3wMYRezRTglVEMPD+V28/jR6jaEwDKi45AXn
+md5:e7887186aea3bbd3d6b4951de375c79d:salt:136-75-189-47-2-186-228-12:aes-256-cfb:7pH09CBmCgVKJDl2WTrPt25WbDmnb6nxroKOpF/0/f1o98IelqLWvsFwSXzI
-CiaRSCOUTfJrzt4CsKgF1kcEYTMWCM69ouxDYyclZcy64PVSRQYBSGQBBBF8
+1e56t8SGpgDt9X+a13QDO5JaSyBAINMbzZMDXMqDuN49BMbo1nbEvWOG0DTC
-bFGP6ThlTVCQDPWNA78yzvu4PjaY17wD0qD9HRbG3ZJC//lZI/vfvSVyjEMU
+7zrsNK/l3qIMo8ArpvnF36QZseXibP1rrRb1IslwmlfuvZz5Vg39IAcQH/Ny
-5ftZ+jcD580LD9uREohvH/zVamWCrqqRAIARZvw4pRykMm03NAf/YXiEDvq2
+3bSdxcE3ssbr9XuaG3HmPpTHmywn5Pc5lCSbKMW1mnCEMlPOiL4pJdHQzy24
-dZIRhCChnxRJH42C7J2LSo2oUlDbBrR+d7jPuXxyb4T5LdaLB85He8g1lVzZ
+YAlrt7A+TNIBk056J4DrfnRYaB2FhrXtN8BFjAzkH5RJvRBRVbCHnZM30bxG
-uD+FFQILLMHMikHGdOj9/D47kZ8NIScJsR0VQ8qJ8i9cTLlqCNNO5zrHB9gZ
+hJgzmPK2MBflKTM1tSQ6ZwUnZie84AETk0hZZBTjHSWHvI21zStTe974R/cC
-I3J0qLNx0lLSPPWXb0EqK9dJoJ1XxpFdeheM0H4/neD7jSFWex88NIqgq5J0
+0KMPAWSprEt0Vpa81GBhwrC7UVCyEeE0DhaFiM5vCgvqSuMDFzESGGTztJzW
-O+azGw==
+baxx8T8CfNAcvpkcRyfQYk7S

cookbooks/nginx/files/etc/lego/kazu634_run.sh

@@ -1,8 +1,8 @@
-md5:fe7470a6514ffd6ce9155dd5195e52b3:salt:174-213-110-154-108-197-80-172:aes-256-cfb:xV7p959ZUno2nSxaS5sTZ8zmY0qp6QawO5omjLQE/eTfPbwjvrUh8Zafv7kE
+md5:96eae5dbfe873212499d1cda58215bc0:salt:45-243-88-46-67-155-255-124:aes-256-cfb:q3OckWaetMF6FqeKkB2j34jtTSs4xOtwz0ZBG0hP3NjCUxK13XH55/IIjTI3
-GZ5JHCuQk//sjiH4ldnGMyIVRL1XDH7R+xZoZQkuTB9RaJL8GeNIoJgGacBH
+HDrqT+2FWXPxUOBEk0JNqJ1jJKIRLR7Td0yfa908RH2fRHsyXNs9So4fx3cM
-1SGDdrU1BFcTXlEK4BCIxmfHw57aj7wKjhgd3+MSdswdZSm3dDhLNcC4HV5u
+SDkTQO6olnKBr9hGm/ua1ohvRFfoUSMu1eNfe+X0FkZZxES0CJBBb43vitDq
-VDRDpe4gFNNu4xz4zLYvuJfK8ei/QFd9xHs7/WSUqP2TkNJbuefr4FxujHVj
+dsL1lgP1Co0HjvrGu3VKRPSDbUYhfI7raq4jZAy5Q9IJrMLrLdKjlJYjg5St
-BJpgLl5kPAF8nqW6IvSNCFPsxA1XcDHsmWlbtaINzE547Gr4lZI4S1J+yVRr
+1Cso0QR938DG3UM0uLXrj9YZ5BdNCqUFvu/gJPjA+VfL4giAYy5cmslEuvV7
-XNOGILWnKdT4cNkl4YytqjtwLnNDLrS9XBg4QcWyIPXxQqavYOdEoUwbR2GZ
+EKkFuTmOOBY4fXSZIDfQinl966QgnCQgmYiPNctyVMtJPF7GA0K/FPMx/CHH
-mu/U4lnfDK/rKZ0AkpoqW4KWB6XYXdUKPczJJ9INK+Updi/+I9iIRDt7efB2
+KZUuXkKo04jeSWuQ9ZQC81xEifZb1CXlh0p9AIn2i9aSMrRBMHGmzfEb4FKH
-WpgNgQ==
+8d4onnK27xWC

cookbooks/nginx/files/etc/nginx/nginx.conf

@@ -96,27 +96,16 @@ http {
     # Logging Settings
     ##
 
-    log_format json escape=json
+    log_format ltsv "time:$time_local\thost:$remote_addr"
-      '{'
+                    "\tforwardedfor:$http_x_forwarded_for\t"
-        '"time":"$time_local",'
+                    "method:$request_method\tpath:$request_uri\tprotocol:$server_protocol"
-        '"host":"$remote_addr",'
+                    "\tstatus:$status\tsize:$body_bytes_sent\treferer:$http_referer"
-        '"forwardedfor":"$http_x_forwarded_for",'
+                    "\tua:$http_user_agent\ttaken_sec:$request_time"
-        '"method":"$request_method",'
+                    "\tbackend:$upstream_addr\tbackend_status:$upstream_status"
-        '"path":"$request_uri",'
+                    "\tcache:$upstream_http_x_cache\tbackend_runtime:$upstream_response_time"
-        '"protocol":"$server_protocol",'
+                    "\tvhost:$host";
-        '"status":"$status",'
-        '"size":"$body_bytes_sent",'
-        '"referer":"$http_referer",'
-        '"ua":"$http_user_agent",'
-        '"taken_sec":"$request_time",'
-        '"backend":"$upstream_addr",'
-        '"backend_status":"$upstream_status",'
-        '"cache":"$upstream_http_x_cache",'
-        '"backend_runtime":"$upstream_response_time",'
-        '"vhost":"$host"'
-      '}';
 
-    access_log /var/log/nginx/access.log json;
+    access_log /var/log/nginx/access.log ltsv;
     error_log /var/log/nginx/error.log;
 
     ##

cookbooks/nginx/files/etc/systemd/system/vector-nginx-access.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Vector
-Documentation=https://vector.dev
-After=network-online.target
-Requires=network-online.target
-
-[Service]
-ExecStart=/usr/bin/vector --config /etc/vector/nginx-access.toml
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=always
-StandardOutput=journal
-StandardError=journal
-SyslogIdentifier=vector
-
-[Install]
-WantedBy=multi-user.target
-

cookbooks/nginx/files/etc/systemd/system/vector-nginx-error.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Vector
-Documentation=https://vector.dev
-After=network-online.target
-Requires=network-online.target
-
-[Service]
-ExecStart=/usr/bin/vector --config /etc/vector/nginx-error.toml
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=always
-StandardOutput=journal
-StandardError=journal
-SyslogIdentifier=vector
-
-[Install]
-WantedBy=multi-user.target
-

cookbooks/nginx/files/etc/vector/nginx-access.toml

@@ -1,65 +0,0 @@
-data_dir = "/var/lib/vector/"
-
-[sources.nginx]
-  type = "file"
-  include = [ "/var/log/nginx/*access.log" ]
-  ignore_older_secs = 600
-  read_from = "beginning"
-
-[transforms.nginx_transform]
-  type = "remap"
-  inputs = ["nginx"]
-  source = '''
-    .hostname = .host
-
-    l = parse_json!(.message)
-    . = merge!(., l)
-
-    del(.message)
-    del(.host)
-
-    .status = string!(.status)
-    if match(.status, r'^[23]') {
-      .level = "info"
-    } else if match(.status, r'^[4]') {
-      .level = "warn"
-    } else {
-      .level = "error"
-    }
-
-    .timestamp = parse_timestamp!(.time, format: "%d/%b/%Y:%T %z")
-    del(.time)
-  '''
-
-[sinks.nginx_output]
-type = "file"
-inputs = [ "nginx_transform" ]
-compression = "none"
-path = "/tmp/nginx-access-%Y-%m-%d.log"
-
-  [sinks.nginx_output.encoding]
-  codec = "json"
-
-  [sinks.nginx_output.buffer]
-  max_size = 268435488
-  type = "disk"
-
-[sinks.nginx_loki]
-type = "loki"
-inputs = [ "nginx_transform" ]
-endpoint = "http://loki.service.consul:3100"
-compression = "snappy"
-
-  [sinks.nginx_loki.labels]
-  level = "{{ level }}"
-  hostname = "{{ hostname }}"
-  job = "nginx"
-  vhost = "{{ vhost }}"
-
-  [sinks.nginx_loki.encoding]
-  codec = "json"
-
-  [sinks.nginx_loki.buffer]
-  max_size = 268435488
-  type = "disk"
-

cookbooks/nginx/files/etc/vector/nginx-error.toml

@@ -1,56 +0,0 @@
-data_dir = "/var/lib/vector/"
-
-[sources.nginx-error]
-  type = "file"
-  include = [ "/var/log/nginx/*error.log" ]
-  ignore_older_secs = 600
-  read_from = "beginning"
-
-[transforms.nginx-error_transform]
-  type = "remap"
-  inputs = ["nginx-error"]
-  source = '''
-    .hostname = .host
-    del(.host)
-
-    el, err = parse_regex(.message, r'^(?P<timestamp>[^ ]+ [^ ]+) (?P<level>[^ ]+) (?P<message>.*)$')
-    . = merge(., el)
-
-    tmp, err = replace(.level, "[", "")
-    .level = replace(tmp, "]", "")
-
-    .timestamp = parse_timestamp!(.timestamp, "%Y/%m/%d %T")
-  '''
-
-[sinks.nginx-error_output]
-type = "file"
-inputs = [ "nginx-error_transform" ]
-compression = "none"
-path = "/tmp/nginx-error-%Y-%m-%d.log"
-
-  [sinks.nginx-error_output.encoding]
-  codec = "json"
-
-  [sinks.nginx-error_output.buffer]
-  max_size = 268435488
-  type = "disk"
-
-[sinks.nginx-error_loki]
-type = "loki"
-inputs = [ "nginx-error_transform" ]
-endpoint = "http://loki.service.consul:3100"
-compression = "snappy"
-
-  [sinks.nginx-error_loki.labels]
-  level = "{{ level }}"
-  hostname = "{{ hostname }}"
-  vhost = "{{ vhost }}"
-  job = "nginx"
-
-  [sinks.nginx-error_loki.encoding]
-  codec = "json"
-
-  [sinks.nginx-error_loki.buffer]
-  max_size = 268435488
-  type = "disk"
-

cookbooks/nginx/files/home/webadm/nginx-build/configure.sh

@@ -8,4 +8,4 @@
             --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module \
             --with-http_v2_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module \
             --with-http_addition_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module \
-            --with-http_sub_module --with-stream --with-stream_ssl_module --with-http_v3_module
+            --with-http_sub_module --with-stream --with-stream_ssl_module

cookbooks/nginx/lego.rb

@@ -91,14 +91,14 @@ end
     user 'root'
     cwd LEGO_STORAGE
   end
+end
 
-  encrypted_remote_file "/etc/cron.d/#{domain}" do
+encrypted_remote_file '/etc/cron.d/lego' do
-    owner 'root'
+  owner 'root'
-    group 'root'
+  group 'root'
-    mode '644'
+  mode '644'
-    source   "files/etc/cron.d/#{domain}"
+  source   'files/etc/cron.d/lego'
-    password ENV['ITAMAE_PASSWORD']
+  password ENV['ITAMAE_PASSWORD']
-  end
 end
 
 remote_file "/etc/lego/dhparams_4096.pem" do

cookbooks/nginx/setup.rb

@@ -13,7 +13,7 @@ remote_file '/lib/systemd/system/nginx.service' do
 end
 
 # Firewall Setting:
-%w( 80/tcp 443/tcp 443/udp ).each do |port|
+%w( 80/tcp 443/tcp ).each do |port|
   execute "ufw allow #{port}" do
     user 'root'
 
@@ -35,36 +35,25 @@ service 'nginx' do
   action [ :enable, :start ]
 end
 
-# Deploy `vector` config:
+# Deploy `promtail` config file:
-remote_file '/etc/vector/nginx-access.toml' do
+HOSTNAME = run_command('uname -n').stdout.chomp
+
+template '/etc/promtail/nginx.yaml' do
+  owner 'root'
+  group 'root'
+  mode '644'
+
+  variables(HOSTNAME: HOSTNAME, LOKIENDPOINT: node['promtail']['lokiendpoint'])
+end
+
+# Deploy the `systemd` configuration:
+remote_file '/lib/systemd/system/promtail-nginx.service' do
   owner 'root'
   group 'root'
   mode '644'
 end
 
-remote_file '/etc/systemd/system/vector-nginx-access.service' do
+# Service setting:
-  owner 'root'
+service 'promtail-nginx' do
-  group 'root'
+  action [ :enable, :restart ]
-  mode '644'
 end
-
-service 'vector-nginx-access' do
-  action [ :enable, :start ]
-end
-
-remote_file '/etc/vector/nginx-error.toml' do
-  owner 'root'
-  group 'root'
-  mode '644'
-end
-
-remote_file '/etc/systemd/system/vector-nginx-error.service' do
-  owner 'root'
-  group 'root'
-  mode '644'
-end
-
-service 'vector-nginx-error' do
-  action [ :enable, :start ]
-end
-