cdist-contrib/type/__nginx_vhost/manifest

165 lines
4.2 KiB
Bash

#!/bin/sh
#
# 2020 Joachim Desroches <joachim.desroches@epfl.ch>
# 2021 Timothée Floure <timothee.floure@posteo.net>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Create NGINX vhosts
os="$(cat "${__global:?}"/explorer/os)"
mkdir -p "${__object:?}/files"
case "$os" in
alpine)
__package nginx
nginx_confdir="/etc/nginx"
install_reqs="__package/nginx"
require="$install_reqs" __start_on_boot nginx
export NGINX_SITEDIR="$nginx_confdir/http.d"
export NGINX_CERTDIR="$nginx_confdir/ssl"
export NGINX_SNIPPETSDIR="$nginx_confdir/snippets"
export NGINX_WEBROOT="/var/www"
export ACME_CHALLENGE_DIR="$NGINX_WEBROOT/.well-known/acme-challenge/"
;;
debian|ubuntu)
__package nginx
nginx_confdir="/etc/nginx"
install_reqs="__package/nginx"
export NGINX_SITEDIR="$nginx_confdir/sites-enabled"
export NGINX_CERTDIR="$nginx_confdir/ssl"
export NGINX_SNIPPETSDIR="$nginx_confdir/snippets"
export NGINX_WEBROOT="/var/www"
export ACME_CHALLENGE_DIR="$NGINX_WEBROOT/.well-known/acme-challenge/"
;;
*)
echo "This type does not support $os yet. Aborting." >&2;
exit 1;
esac
# Domain
if [ -f "${__object:?}/parameter/domain" ];
then
DOMAIN="$(cat "${__object:?}/parameter/domain")"
else
DOMAIN="${__object_id:?}"
fi
export DOMAIN
ALTDOMAINS=
if [ -f "${__object:?}/parameter/altdomains" ];
then
ALTDOMAINS="$(cat "${__object:?}/parameter/altdomains")"
fi
export ALTDOMAINS
# Use TLS ?
if [ -f "${__object:?}/parameter/no-tls" ];
then
TLS=
echo "WARNING: you have disabled TLS for vhost $DOMAIN" >&2
else
TLS=ssl
fi
export TLS
# Use HSTS ?
if [ -f "${__object:?}/parameter/no-hsts" ];
then
HSTS=
else
HSTS=true
fi
export HSTS
# Redirect to HTTPS ?
if [ -f "${__object:?}/parameter/to-https" ];
then
TO_HTTPS=true
else
TO_HTTPS=
fi
export HSTS
# Port to listen on
if [ -f "${__object:?}/parameter/lport" ];
then
LPORT="$(cat "${__object:?}/parameter/lport")"
else
if [ -n "$TLS" ] && [ -z "$TO_HTTPS" ];
then
LPORT=443
else
LPORT=80
fi
fi
export LPORT
# Server definition
if [ -n "$TO_HTTPS" ];
then
# Ignore configuration, simply serve ACME challenge and redirect to HTTPS.
"${__type:?}/files/to-https.conf.sh" > "${__object:?}/files/vhost.conf"
vhost_conf="${__object:?}/files/vhost.conf"
elif [ -f "${__object:?}/parameter/config" ];
then
# Extract nginx config from type parameter.
if [ "$(cat "${__object:?}/parameter/config")" = "-" ];
then
vhost_partial="${__object:?}/stdin"
else
vhost_partial=$(cat "${__object:?}/parameter/config")
fi
# Either use config as-in or template it in generic vhost structure.
if [ -f "${__object:?}/parameter/standalone-config" ]; then
vhost_conf=$vhost_partial
else
NGINX_LOGIC=$(cat "$vhost_partial") "${__type:?}/files/generic.conf.sh" \
> "${__object:?}/files/vhost.conf"
vhost_conf="${__object:?}/files/vhost.conf"
fi
else
# Default to simple static configuration.
"${__type:?}/files/static.conf.sh" > "${__object:?}/files/vhost.conf"
vhost_conf="${__object:?}/files/vhost.conf"
require="$install_reqs" __directory "$NGINX_WEBROOT/$DOMAIN"
require="__directory$NGINX_WEBROOT/$DOMAIN" \
__file "$NGINX_WEBROOT/$DOMAIN/index.html" --state exists \
--source "${__type:?}/files/index.html" \
--mode 0644
fi
# Install snippets.
require="$install_reqs" __directory "$NGINX_SNIPPETSDIR"
for snippet in hsts 301-to-https; do
require="__directory/$NGINX_SNIPPETSDIR" __file \
"$NGINX_SNIPPETSDIR/$snippet" --source "${__type:?}/files/$snippet"
done
# Install vhost.
require="$install_reqs" __directory "$NGINX_SITEDIR"
require="__directory/$NGINX_SITEDIR" __file "$NGINX_SITEDIR/$__object_id.conf" \
--source "$vhost_conf" \
--mode 0644