wmdeit-cf-wmdelib/nginx.cf

#

bundle agent nginx
{
vars:
	"pkgs" slist => {
		"nginx",
	};
centos::
	"www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ;
	"www_user" string => "nginx";
	"www_group" string => "nginx";
	"cfg_dir" string => "/etc/nginx";
	"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";
	"service_name" string => "nginx";
	"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
debian::
	"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;
	"www_user" string => "www-data";
	"www_group" string => "www-data";
	"cfg_dir" string => "/etc/nginx";
	"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";
	"service_name" string => "nginx";
	"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
freebsd::
	"restart_cmd" string => "/usr/sbin/service $(service_name) restart";
any::
	"service_deps" slist => {
		"nginx_pkgs_installed",
		"nginx_www_dir_created",
	};

any::
	"default_html_dir" string => "$(www_dir)/html";

}

bundle agent install_nginx
{
	methods:
		"any" usebundle => wmde_install_packages(@(nginx.pkgs),"nginx");

	files:
		"$(nginx.www_dir)/."
			create=>"true",
			perms => m("755"),
			depends_on => { "nginx_pkgs_installed" },
			handle => "nginx_www_dir_created";

		"$(nginx.default_html_dir)/."
			create=>"true",
			perms => mog("755","$(nginx.www_user)","$(nginx.www_group)"),
			depends_on => {"nginx_www_dir_created"},
			handle=>"nginx_default_html_dir_created";


	files:
		"$(sys.workdir)/data/agent/nginx/."
			create => "true",
			handle => "nginx_work_dir_created";

	methods:
		"any" usebundle => wmde_enable_service("nginx");
		"any" usebundle => wmde_service("$(nginx.service_name)","nginx_kept","nginx_repaired"),
			depends_on => @(nginx.service_deps) ;

	commands:
		"/bin/sh"
			args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt",
			inform => "false",
			handle => "nginx_vhost_dir_cleaned",
#			depends_on => {"nginx_dummy_conf_created"},
			contain => wmde_cmd_useshell;
}

bundle agent nginx_vhosts( sites )
{
vars:
	"idx" slist => getindices(@(sites));
methods:
	"$(idx)" usebundle => nginx_vhost(@(sites[$(idx)]));

reports:
}

bundle agent nginx_vhost( site_param )
# @brief Configure a single vhost / server block in nginx conf.d subdir
# @param site_param data See below for full description
# 
# The site_param data object consists of a JSON description of the site to
# be configured.
# {
#	"domain":"sub.example.org",
#	"aliases":[ "sub.example.net", "sub.example.de" ],
#	"doc_root":"$(nginx.www_dir)/$(site_param[domain])",
#	"doc_root_options":"Indexes FollowSymLinks",
#	"logging80":true|false,
#	"logging443":true|false,
#	"logrotate":true|false,
#	"listen":"*:80",
#	"use_ssl": true|false,
#	"sslraw":"",
#	"raw":"",
#	"ssl":true|false,
#	"dnsapi":$(dnsapi),
#	"ssl_cert":"lego|certbot",
#	"email":"noc@example.org",
#	"lego_raw":"",
#	"lego_renew_raw":"",
#	"lego_renew_raw2":" && /usr/local/bin/reload_nginx.sh",
#	"disable":true|false,
#	"delete": true|false,
#	"do_logrotate": true|false
# }
# domain	The main `server_name` to configure the server block. This
#			value is used to identify this config.
# aliases	A list of alternative `server_name`s for this server block. 
# doc_root	Path in the filesystem to use for the `root`.
# doc_root_options	Options for the server block. Currently unused.
# logging80	Boolean if to log non-ssl traffic. Currently unused.
# logging443	Boolean if to log ssl traffic. Currently unused.
# listen	String value to use for the `listen` directive.
# sslraw	Multi-line string value for additional ssl config options to
#			add raw.
# email	Email string for Let's Encrypt certificate account.
# ssl	Boolean if to enable a secondary server block with ssl config.
# dnsapi	JSON object for dns01 challenge, used for lego
# ssl_cert	"lego" or "certbot", which client to use. "lego" allows use
#			of dns01 challenges and supports many DNS hosting APIs.
# lego_raw	?
# lego_renew_raw	?
# lego_renew_raw2	?
# raw	Multi-line string value for additional config options to
#		add raw.
# disable Boolean if to disable the server block.
# delete Boolean if to delete the server block.
# do_logrotate Boolean if to configure logrotation for this server block.

{
	classes:
		"delete" expression => $(site[disable]);
		"use_ssl" expression => $(site[ssl]);
		"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");
		"use_lego" expression => strcmp("lego","$(site[ssl_cert])");
		"do_logrotate" expression => $(site[logrotate]);

	vars:
		"site_defaults" data => '{
			"aliases":[],
			"ssl_cert":"certbot",
			"doc_root":"$(nginx.www_dir)/$(site_param[domain])",
			"doc_root_options":"Indexes FollowSymLinks",
			"logging80":true,
			"logging443":true,
			"logrotate":false,
			"listen":"*:80",
			"sslraw":""
		}';
		"site" data => mergedata(site_defaults,site_param);
		"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";

		"template_file" string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache";

		"domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf";
		"domain_dir" string => "$(nginx.www_dir)/$(site[domain])";

		"ssl_cert" string => ifelse( use_certbot,
			"$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem",
			"$(site[ssl_cert])");
		"ssl_key" string => ifelse( use_certbot,
			"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem",
			"$(site[ssl_key])");

		use_lego::
			"ssl_cert" string => "$(lego.data_dir)/certificates/$(site[domain]).crt";
			"ssl_key" string => "$(lego.data_dir)/certificates/$(site[domain]).key";

		use_ssl&(use_certbot|use_lego)::
			"vhostdeps" slist => {
				"nginx_ssl_created$(site[domain])",
				"nginx_vhost_dir_cleaned"
			};


		(!use_ssl)|(!use_certbot)|(!use_lego)::
			"vhostdeps" slist => {
				"nginx_vhost_dir_cleaned"
			};
	files:
		delete::
			"$(domain_file)"
				delete => tidy,
				classes => if_repaired(nginx_restart);
		!delete::
			"$(domain_file)"
				perms => mog("644","$(nginx.www_user)","$(nginx.www_group)"),
				create => "true",
				edit_template => "$(template_file)",
				template_method => "mustache",
				handle => "vhost_cfg_done$(site[domain])",
				depends_on => @(vhostdeps),
				classes => results("bundle","domain_config");

			"$(domain_dir)/."
				create => "true",
				perms => mog("750","$(nginx.www_user)","$(nginx.www_group)");

methods:
	use_ssl&use_certbot::
		"any"
			usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"),
			handle => "nginx_ssl_created$(site[domain])";

		"any"
			usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
			if => "domain_config_repaired",
			depends_on => {
				"vhost_cfg_done$(site[domain])",
				"nginx_ssl_created$(site[domain])" 
			};

	use_ssl&use_lego::
		"any"
			usebundle => lego_dns_cert(@(site)), #,"$(site[domain])"),
			handle => "nginx_ssl_created$(site[domain])";

		"any"
			usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
			if => "domain_config_repaired",
			depends_on => {
				"vhost_cfg_done$(site[domain])",
				"nginx_ssl_created$(site[domain])" 
			};


	((!use_ssl)|(!use_certbot))::
		"any"
			usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
			if => "domain_config_repaired",
			depends_on => {"vhost_cfg_done$(site[domain])" };

files:
#	do_logrotate::
#	"$(logrot.dir)/$(site[domain])"
#	create => "true",
#	edit_defaults => backup("false"),
#	edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot.mustache",
#	template_method => "mustache";

commands:
	"echo"
		args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt",
		inform => "false",
		depends_on => {"vhost_cfg_done$(site[domain])"},
		contain => wmde_cmd_useshell;


reports:

#	"SITE: $(site[domain]): $(site[logrotate])";
#	"SF: @(site)";
#	"DF $(domain_file)";

#	delete::
#		"DELETE TRUE";
#	!delete::
#		"DELETE FALSE";

#	!do_logrotate::
#		"LOGOROOTATE FOR $(site[domain]): FALSE";
#	do_logrotate::
#		"LOGOROOTATE FOR $(site[domain]): TRUE";
}


bundle agent nginx_restart_service(service_name,domain)
{
classes:
	"nginx_must_restart" scope=> "namespace";
commands:
	"/usr/sbin/nginx -t" handle => "nginx_syntax_ok_$(domain)";

methods:
	!nginx_do_not_restart::
		"any"
			usebundle => wmde_restart_service($(service_name),$(domain)),
			depends_on => {"nginx_syntax_ok_$(domain)"};

reports:
#	"RESTART NGINX" depends_on => {"nginx_syntax_ok_$(domain)"};
#	nginx_do_not_restart::
#		"RESTART IS DISABLED";

}


bundle agent nginx_matomo
(site)
{
vars: 
	"pid" string => "/var/run/matomo-logger-$(site[domain]).pid";
	"log" string => "$(nginx.log_dir)/$(site[domain])-access.log";
	"siteid" string => "$(site[matomoid])";
	"logger_script" string => "/tmp/matomo-logger-$(site[domain]).sh";
freebsd::
	"analyt_cmd" string => "/usr/local/bin/python3.9 $(matomo.log_importer)";
debian::
	"analyt_cmd" string => "/usr/bin/python3 $(matomo.log_importer)";
centos::
	"analyt_cmd" string => "/usr/bin/python3 $(matomo.log_importer)";
	
matomo::
	"cmd" string => "/usr/bin/pkill -P `cat $(pid)` ; exec /bin/sh -c 'echo $$ > $(pid); echo \"hello\" | /usr/bin/tail -n+1 -f $(log) | $(analyt_cmd) --token-auth=$(site[matomotoken]) --disable-bulk-tracking --idsite=$(siteid) --url=$(site[matomosite]) --exclude-path=/wp-login.php --exclude-path=/wp-json/\\* --recorders=1 --recorder-max-payload-size=1 --log-format-name=ncsa_extended --exclude-path=\\*.php --exclude-path=/wp-admin/\\* - > /dev/null'
";
!matomo::
	"cmd" string => "";
any::
	"cmd_esc" string => escape ($(cmd));
	#	"cmd": "$(cmd_esc)",

	"site_str" string => storejson(@(site));
#	"site_json" string => '{
#		"site" : "$(site_str)"
#	}';
	
	"site_json" string => '{
		"cmd": "$(cmd)",
		"service": "$(apache.service_name)",	
		"site": $(site_str)
	}';

	"template_file" 
	string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot-matomo.mustache";

methods:
	"any" usebundle => install_logrot;

files:
	"$(logrot.dir)/$(site[domain])"
	create => "true",
	edit_defaults => backup("false"),
	edit_template => "$(template_file)",
	template_method => "mustache";
#	template_data => parsejson("$(site_json)");

	matomo::
	"$(pid)"
	create => "true";


	"$(logger_script)"
	create => "true",
	perms => m("755"),
	content => '#!/bin/sh
if [ "$1" != "child" ]; then
	"$(logger_script)" child &
else
	setsid >/dev/null 2>&1
	exec 0<&- 1>/dev/null 2>&1
	$(cmd)
fi
',
	handle => "loggerscript_$(site[domain])_created";	


classes:
	"matomo" expression => isvariable("site[matomoid]");


commands:
	matomo::
	"/bin/sh -c "
	args => "'kill -0 `cat $(pid)` &&  echo -start_matomo || echo +start_matomo'",
	inform => "false",
	module => "true";

	start_matomo::
		"$(logger_script)"
		args => "$(logger_script)",
		contain => wmde_cmd_useshell,
		depends_on => {"loggerscript_$(site[domain])_created"}; 


#		"/bin/sh"
#		args => "$(logger_script) &",
#		contain => wmde_cmd_useshell,
#		depends_on => {"loggerscript_$(site[domain])_created"}; 

methods:
#	start_matomo::
#		"call" usebundle => daemonize( "/bin/sh $(logger_script)" ),
#			depends_on => {"loggerscript_$(site[domain])_created"};

reports:
	#start_matomo::
	#	"MUST START - WHY";

	#"ESC ESC $(site_json)";

matomo::

}
Initial commit 2024-02-20 17:10:12 +00:00			`#`

			`bundle agent nginx`
			`{`
			`vars:`
			`"pkgs" slist => {`
			`"nginx",`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`};`
Initial commit 2024-02-20 17:10:12 +00:00			`centos::`
			`"www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ;`
			`"www_user" string => "nginx";`
			`"www_group" string => "nginx";`
			`"cfg_dir" string => "/etc/nginx";`
			`"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";`
			`"service_name" string => "nginx";`
Added restart_cmd variable 2024-10-09 11:23:31 +00:00			`"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";`
Works on Debian (>=12), raw parameter added 2024-02-21 09:36:46 +00:00			`debian::`
			`"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;`
			`"www_user" string => "www-data";`
			`"www_group" string => "www-data";`
			`"cfg_dir" string => "/etc/nginx";`
			`"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";`
			`"service_name" string => "nginx";`
Added restart_cmd variable 2024-10-09 11:23:31 +00:00			`"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";`
			`freebsd::`
			`"restart_cmd" string => "/usr/sbin/service $(service_name) restart";`
Removed some apache stuff 2024-02-21 14:55:00 +00:00			`any::`
			`"service_deps" slist => {`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`"nginx_pkgs_installed",`
			`"nginx_www_dir_created",`
Removed some apache stuff 2024-02-21 14:55:00 +00:00			`};`
Works on Debian (>=12), raw parameter added 2024-02-21 09:36:46 +00:00
Initial commit 2024-02-20 17:10:12 +00:00			`any::`
			`"default_html_dir" string => "$(www_dir)/html";`

added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`}`
Initial commit 2024-02-20 17:10:12 +00:00
			`bundle agent install_nginx`
			`{`
Notcommit 2025-11-11 09:43:35 +00:00			`methods:`
			`"any" usebundle => wmde_install_packages(@(nginx.pkgs),"nginx");`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`files:`
			`"$(nginx.www_dir)/."`
			`create=>"true",`
			`perms => m("755"),`
			`depends_on => { "nginx_pkgs_installed" },`
			`handle => "nginx_www_dir_created";`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`"$(nginx.default_html_dir)/."`
			`create=>"true",`
			`perms => mog("755","$(nginx.www_user)","$(nginx.www_group)"),`
			`depends_on => {"nginx_www_dir_created"},`
			`handle=>"nginx_default_html_dir_created";`
Initial commit 2024-02-20 17:10:12 +00:00

Notcommit 2025-11-11 09:43:35 +00:00			`files:`
			`"$(sys.workdir)/data/agent/nginx/."`
			`create => "true",`
			`handle => "nginx_work_dir_created";`

			`methods:`
			`"any" usebundle => wmde_enable_service("nginx");`
			`"any" usebundle => wmde_service("$(nginx.service_name)","nginx_kept","nginx_repaired"),`
			`depends_on => @(nginx.service_deps) ;`

			`commands:`
			`"/bin/sh"`
			`args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt",`
			`inform => "false",`
			`handle => "nginx_vhost_dir_cleaned",`
			`# depends_on => {"nginx_dummy_conf_created"},`
			`contain => wmde_cmd_useshell;`
			`}`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`bundle agent nginx_vhosts( sites )`
			`{`
			`vars:`
			`"idx" slist => getindices(@(sites));`
Removed some apache stuff 2024-02-21 14:55:00 +00:00			`methods:`
Notcommit 2025-11-11 09:43:35 +00:00			`"$(idx)" usebundle => nginx_vhost(@(sites[$(idx)]));`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`reports:`
Initial commit 2024-02-20 17:10:12 +00:00			`}`

Notcommit 2025-11-11 09:43:35 +00:00			`bundle agent nginx_vhost( site_param )`
			`# @brief Configure a single vhost / server block in nginx conf.d subdir`
			`# @param site_param data See below for full description`
			`#`
			`# The site_param data object consists of a JSON description of the site to`
			`# be configured.`
			`# {`
			`# "domain":"sub.example.org",`
			`# "aliases":[ "sub.example.net", "sub.example.de" ],`
			`# "doc_root":"$(nginx.www_dir)/$(site_param[domain])",`
			`# "doc_root_options":"Indexes FollowSymLinks",`
			`# "logging80":true\|false,`
			`# "logging443":true\|false,`
			`# "logrotate":true\|false,`
			`# "listen":"*:80",`
			`# "use_ssl": true\|false,`
			`# "sslraw":"",`
			`# "raw":"",`
			`# "ssl":true\|false,`
			`# "dnsapi":$(dnsapi),`
			`# "ssl_cert":"lego\|certbot",`
			`# "email":"noc@example.org",`
			`# "lego_raw":"",`
			`# "lego_renew_raw":"",`
			`# "lego_renew_raw2":" && /usr/local/bin/reload_nginx.sh",`
			`# "disable":true\|false,`
			`# "delete": true\|false,`
			`# "do_logrotate": true\|false`
			`# }`
			# domain The main `server_name` to configure the server block. This
			`# value is used to identify this config.`
			# aliases A list of alternative `server_name`s for this server block.
			# doc_root Path in the filesystem to use for the `root`.
			`# doc_root_options Options for the server block. Currently unused.`
			`# logging80 Boolean if to log non-ssl traffic. Currently unused.`
			`# logging443 Boolean if to log ssl traffic. Currently unused.`
			# listen String value to use for the `listen` directive.
			`# sslraw Multi-line string value for additional ssl config options to`
			`# add raw.`
			`# email Email string for Let's Encrypt certificate account.`
			`# ssl Boolean if to enable a secondary server block with ssl config.`
			`# dnsapi JSON object for dns01 challenge, used for lego`
			`# ssl_cert "lego" or "certbot", which client to use. "lego" allows use`
			`# of dns01 challenges and supports many DNS hosting APIs.`
			`# lego_raw ?`
			`# lego_renew_raw ?`
			`# lego_renew_raw2 ?`
			`# raw Multi-line string value for additional config options to`
			`# add raw.`
			`# disable Boolean if to disable the server block.`
			`# delete Boolean if to delete the server block.`
			`# do_logrotate Boolean if to configure logrotation for this server block.`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`{`
			`classes:`
			`"delete" expression => $(site[disable]);`
			`"use_ssl" expression => $(site[ssl]);`
			`"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");`
			`"use_lego" expression => strcmp("lego","$(site[ssl_cert])");`
			`"do_logrotate" expression => $(site[logrotate]);`

			`vars:`
			`"site_defaults" data => '{`
Initial commit 2024-02-20 17:10:12 +00:00			`"aliases":[],`
			`"ssl_cert":"certbot",`
			`"doc_root":"$(nginx.www_dir)/$(site_param[domain])",`
			`"doc_root_options":"Indexes FollowSymLinks",`
			`"logging80":true,`
			`"logging443":true,`
			`"logrotate":false,`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`"listen":"*:80",`
			`"sslraw":""`
Notcommit 2025-11-11 09:43:35 +00:00			`}';`
			`"site" data => mergedata(site_defaults,site_param);`
			`"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`"template_file" string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache";`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`"domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf";`
			`"domain_dir" string => "$(nginx.www_dir)/$(site[domain])";`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`"ssl_cert" string => ifelse( use_certbot,`
			`"$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem",`
			`"$(site[ssl_cert])");`
			`"ssl_key" string => ifelse( use_certbot,`
			`"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem",`
			`"$(site[ssl_key])");`
Initial commit 2024-02-20 17:10:12 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`use_lego::`
			`"ssl_cert" string => "$(lego.data_dir)/certificates/$(site[domain]).crt";`
			`"ssl_key" string => "$(lego.data_dir)/certificates/$(site[domain]).key";`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`use_ssl&(use_certbot\|use_lego)::`
			`"vhostdeps" slist => {`
			`"nginx_ssl_created$(site[domain])",`
			`"nginx_vhost_dir_cleaned"`
			`};`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00

Notcommit 2025-11-11 09:43:35 +00:00			`(!use_ssl)\|(!use_certbot)\|(!use_lego)::`
			`"vhostdeps" slist => {`
			`"nginx_vhost_dir_cleaned"`
			`};`
Initial commit 2024-02-20 17:10:12 +00:00			`files:`
Notcommit 2025-11-11 09:43:35 +00:00			`delete::`
			`"$(domain_file)"`
			`delete => tidy,`
			`classes => if_repaired(nginx_restart);`
			`!delete::`
			`"$(domain_file)"`
			`perms => mog("644","$(nginx.www_user)","$(nginx.www_group)"),`
			`create => "true",`
			`edit_template => "$(template_file)",`
			`template_method => "mustache",`
			`handle => "vhost_cfg_done$(site[domain])",`
			`depends_on => @(vhostdeps),`
			`classes => results("bundle","domain_config");`

			`"$(domain_dir)/."`
			`create => "true",`
			`perms => mog("750","$(nginx.www_user)","$(nginx.www_group)");`
Initial commit 2024-02-20 17:10:12 +00:00
			`methods:`
			`use_ssl&use_certbot::`
Notcommit 2025-11-11 09:43:35 +00:00			`"any"`
			`usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"),`
			`handle => "nginx_ssl_created$(site[domain])";`

			`"any"`
			`usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),`
			`if => "domain_config_repaired",`
			`depends_on => {`
			`"vhost_cfg_done$(site[domain])",`
			`"nginx_ssl_created$(site[domain])"`
			`};`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
			`use_ssl&use_lego::`
Notcommit 2025-11-11 09:43:35 +00:00			`"any"`
			`usebundle => lego_dns_cert(@(site)), #,"$(site[domain])"),`
			`handle => "nginx_ssl_created$(site[domain])";`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
Notcommit 2025-11-11 09:43:35 +00:00			`"any"`
			`usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),`
			`if => "domain_config_repaired",`
			`depends_on => {`
			`"vhost_cfg_done$(site[domain])",`
			`"nginx_ssl_created$(site[domain])"`
			`};`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
Initial commit 2024-02-20 17:10:12 +00:00

added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`((!use_ssl)\|(!use_certbot))::`
Notcommit 2025-11-11 09:43:35 +00:00			`"any"`
			`usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),`
			`if => "domain_config_repaired",`
			`depends_on => {"vhost_cfg_done$(site[domain])" };`
Initial commit 2024-02-20 17:10:12 +00:00
			`files:`
			`# do_logrotate::`
			`# "$(logrot.dir)/$(site[domain])"`
			`# create => "true",`
			`# edit_defaults => backup("false"),`
			`# edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot.mustache",`
			`# template_method => "mustache";`

			`commands:`
			`"echo"`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt",`
			`inform => "false",`
			`depends_on => {"vhost_cfg_done$(site[domain])"},`
			`contain => wmde_cmd_useshell;`
Initial commit 2024-02-20 17:10:12 +00:00


			`reports:`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
Removed debug prints 2024-04-04 09:30:30 +00:00			`# "SITE: $(site[domain]): $(site[logrotate])";`
			`# "SF: @(site)";`
			`# "DF $(domain_file)";`
Initial commit 2024-02-20 17:10:12 +00:00
Removed more debug prints 2024-04-04 09:31:35 +00:00			`# delete::`
			`# "DELETE TRUE";`
			`# !delete::`
			`# "DELETE FALSE";`
Initial commit 2024-02-20 17:10:12 +00:00
			`# !do_logrotate::`
			`# "LOGOROOTATE FOR $(site[domain]): FALSE";`
			`# do_logrotate::`
			`# "LOGOROOTATE FOR $(site[domain]): TRUE";`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`}`
Initial commit 2024-02-20 17:10:12 +00:00


added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`bundle agent nginx_restart_service(service_name,domain)`
			`{`
			`classes:`
			`"nginx_must_restart" scope=> "namespace";`
			`commands:`
			`"/usr/sbin/nginx -t" handle => "nginx_syntax_ok_$(domain)";`

			`methods:`
			`!nginx_do_not_restart::`
Notcommit 2025-11-11 09:43:35 +00:00			`"any"`
			`usebundle => wmde_restart_service($(service_name),$(domain)),`
			`depends_on => {"nginx_syntax_ok_$(domain)"};`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
			`reports:`
			`# "RESTART NGINX" depends_on => {"nginx_syntax_ok_$(domain)"};`
			`# nginx_do_not_restart::`
			`# "RESTART IS DISABLED";`

			`}`
Removed debug prints 2024-04-04 09:30:30 +00:00


Notcommit 2025-11-11 09:43:35 +00:00			`bundle agent nginx_matomo`
			`(site)`
Removed debug prints 2024-04-04 09:30:30 +00:00			`{`
Notcommit 2025-11-11 09:43:35 +00:00			`vars:`
			`"pid" string => "/var/run/matomo-logger-$(site[domain]).pid";`
			`"log" string => "$(nginx.log_dir)/$(site[domain])-access.log";`
			`"siteid" string => "$(site[matomoid])";`
			`"logger_script" string => "/tmp/matomo-logger-$(site[domain]).sh";`
			`freebsd::`
			`"analyt_cmd" string => "/usr/local/bin/python3.9 $(matomo.log_importer)";`
			`debian::`
			`"analyt_cmd" string => "/usr/bin/python3 $(matomo.log_importer)";`
			`centos::`
			`"analyt_cmd" string => "/usr/bin/python3 $(matomo.log_importer)";`

			`matomo::`
			"cmd" string => "/usr/bin/pkill -P `cat $(pid)` ; exec /bin/sh -c 'echo $$ > $(pid); echo \"hello\" \| /usr/bin/tail -n+1 -f $(log) \| $(analyt_cmd) --token-auth=$(site[matomotoken]) --disable-bulk-tracking --idsite=$(siteid) --url=$(site[matomosite]) --exclude-path=/wp-login.php --exclude-path=/wp-json/\\* --recorders=1 --recorder-max-payload-size=1 --log-format-name=ncsa_extended --exclude-path=\\.php --exclude-path=/wp-admin/\\ - > /dev/null'
			`";`
			`!matomo::`
			`"cmd" string => "";`
			`any::`
			`"cmd_esc" string => escape ($(cmd));`
			`# "cmd": "$(cmd_esc)",`

			`"site_str" string => storejson(@(site));`
			`# "site_json" string => '{`
			`# "site" : "$(site_str)"`
			`# }';`

			`"site_json" string => '{`
			`"cmd": "$(cmd)",`
			`"service": "$(apache.service_name)",`
			`"site": $(site_str)`
			`}';`

			`"template_file"`
			`string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot-matomo.mustache";`

Removed debug prints 2024-04-04 09:30:30 +00:00			`methods:`
Notcommit 2025-11-11 09:43:35 +00:00			`"any" usebundle => install_logrot;`

			`files:`
			`"$(logrot.dir)/$(site[domain])"`
			`create => "true",`
			`edit_defaults => backup("false"),`
			`edit_template => "$(template_file)",`
			`template_method => "mustache";`
			`# template_data => parsejson("$(site_json)");`

			`matomo::`
			`"$(pid)"`
			`create => "true";`


			`"$(logger_script)"`
			`create => "true",`
			`perms => m("755"),`
			`content => '#!/bin/sh`
			`if [ "$1" != "child" ]; then`
			`"$(logger_script)" child &`
			`else`
			`setsid >/dev/null 2>&1`
			`exec 0<&- 1>/dev/null 2>&1`
			`$(cmd)`
			`fi`
			`',`
			`handle => "loggerscript_$(site[domain])_created";`


			`classes:`
			`"matomo" expression => isvariable("site[matomoid]");`


			`commands:`
			`matomo::`
			`"/bin/sh -c "`
			args => "'kill -0 `cat $(pid)` && echo -start_matomo \|\| echo +start_matomo'",
			`inform => "false",`
			`module => "true";`

			`start_matomo::`
			`"$(logger_script)"`
			`args => "$(logger_script)",`
			`contain => wmde_cmd_useshell,`
			`depends_on => {"loggerscript_$(site[domain])_created"};`


			`# "/bin/sh"`
			`# args => "$(logger_script) &",`
			`# contain => wmde_cmd_useshell,`
			`# depends_on => {"loggerscript_$(site[domain])_created"};`

			`methods:`
			`# start_matomo::`
			`# "call" usebundle => daemonize( "/bin/sh $(logger_script)" ),`
			`# depends_on => {"loggerscript_$(site[domain])_created"};`
Removed debug prints 2024-04-04 09:30:30 +00:00
			`reports:`
Notcommit 2025-11-11 09:43:35 +00:00			`#start_matomo::`
			`# "MUST START - WHY";`

			`#"ESC ESC $(site_json)";`

			`matomo::`

Removed debug prints 2024-04-04 09:30:30 +00:00			`}`
Notcommit 2025-11-11 09:43:35 +00:00