wmdeit-cf-wmdelib/nginx.cf

230 lines
5.2 KiB
CFEngine3
Raw Normal View History

2024-02-20 17:10:12 +00:00
#
bundle agent nginx
{
vars:
"pkgs" slist => {
"nginx",
};
centos::
"www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ;
"www_user" string => "nginx";
"www_group" string => "nginx";
"cfg_dir" string => "/etc/nginx";
"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";
"service_name" string => "nginx";
debian::
"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;
"www_user" string => "www-data";
"www_group" string => "www-data";
"cfg_dir" string => "/etc/nginx";
"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";
"service_name" string => "nginx";
2024-02-21 14:55:00 +00:00
any::
"service_deps" slist => {
"nginx_pkgs_installed",
"nginx_www_dir_created",
};
2024-02-20 17:10:12 +00:00
any::
"default_html_dir" string => "$(www_dir)/html";
}
bundle agent install_nginx
{
methods:
"any" usebundle => wmde_install_packages(@(nginx.pkgs),"nginx");
files:
"$(nginx.www_dir)/."
create=>"true",
perms => m("755"),
depends_on => { "nginx_pkgs_installed" },
handle => "nginx_www_dir_created";
"$(nginx.default_html_dir)/."
create=>"true",
perms => uperm("$(nginx.www_user)","$(nginx.www_group)","755"),
depends_on => {"nginx_www_dir_created"},
handle=>"nginx_default_html_dir_created";
files:
"$(sys.workdir)/data/agent/nginx/."
create => "true",
handle => "nginx_work_dir_created";
2024-02-21 14:55:00 +00:00
methods:
"any" usebundle => wmde_enable_service("nginx");
"any" usebundle => wmde_service("$(nginx.service_name)","nginx_kept","nginx_repaired"),
depends_on => @(nginx.service_deps) ;
2024-02-20 17:10:12 +00:00
commands:
"/bin/sh"
args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt",
inform => "false",
handle => "nginx_vhost_dir_cleaned",
2024-02-21 14:55:00 +00:00
# depends_on => {"nginx_dummy_conf_created"},
2024-02-20 17:10:12 +00:00
contain => wmde_cmd_useshell;
}
bundle agent nginx_vhost
(site_param)
{
classes:
"delete" expression => $(site[disable]);
"use_ssl" expression => $(site[ssl]);
"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");
"do_logrotate" expression => $(site[logrotate]);
vars:
2024-02-21 14:55:00 +00:00
# "email":$(nginx.admin_email),
2024-02-20 17:10:12 +00:00
"site_defaults" data => '
{
"aliases":[],
"ssl_cert":"certbot",
"doc_root":"$(nginx.www_dir)/$(site_param[domain])",
"doc_root_options":"Indexes FollowSymLinks",
"logging80":true,
"logging443":true,
"logrotate":false,
}
';
"site" data => mergedata(site_defaults,site_param);
"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";
"template_file"
string =>
"$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache";
"domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf";
"domain_dir" string => "$(nginx.www_dir)/$(site[domain])";
"ssl_cert" string => ifelse( use_certbot,
"$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem",
"$(site[ssl_cert])");
"ssl_key" string => ifelse( use_certbot,
"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem",
"$(site[ssl_key])");
use_ssl&(use_certbot)::
"vhostdeps" slist => {
"nginx_ssl_created$(site[domain])",
"nginx_vhost_dir_cleaned"
};
(!use_ssl)|(!use_certbot)::
"vhostdeps" slist => {
"nginx_vhost_dir_cleaned"
};
files:
delete::
"$(domain_file)"
delete => tidy,
classes => if_repaired(nginx_restart);
!delete::
"$(domain_file)"
perms => uperm("$(nginx.www_user)","$(nginx.www_group)","644"),
create => "true",
edit_template => "$(template_file)",
template_method => "mustache",
handle => "vhost_cfg_done$(site[domain])",
depends_on => @(vhostdeps),
classes => if_repaired("nginx_vhost_restart");
"$(domain_dir)/."
create => "true",
perms => uperm("$(nginx.www_user)","$(nginx.www_group)","750");
methods:
use_ssl&use_certbot::
"any" usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"),
handle => "nginx_ssl_created$(site[domain])";
"nginx_vhost_restart"::
"any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"),
depends_on => {
"vhost_cfg_done$(site[domain])",
"nginx_ssl_created$(site[domain])" };
(!use_ssl)|(!use_certbot)::
"nginx_vhost_restart"::
"any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"),
depends_on => {"vhost_cfg_done$(site[domain])" };
# "any" usebundle => install_logrot;
files:
# do_logrotate::
# "$(logrot.dir)/$(site[domain])"
# create => "true",
# edit_defaults => backup("false"),
# edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot.mustache",
# template_method => "mustache";
commands:
"echo"
args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt",
inform => "false",
depends_on => {"vhost_cfg_done$(site[domain])"},
contain => wmde_cmd_useshell;
reports:
2024-04-04 09:30:30 +00:00
# "SITE: $(site[domain]): $(site[logrotate])";
# "SF: @(site)";
# "DF $(domain_file)";
2024-02-20 17:10:12 +00:00
2024-04-04 09:31:35 +00:00
# delete::
# "DELETE TRUE";
# !delete::
# "DELETE FALSE";
2024-02-20 17:10:12 +00:00
# !do_logrotate::
# "LOGOROOTATE FOR $(site[domain]): FALSE";
# do_logrotate::
# "LOGOROOTATE FOR $(site[domain]): TRUE";
}
2024-04-04 09:30:30 +00:00
bundle agent nginx_vhosts(sites)
{
vars:
"idx" slist => getindices(@(sites));
methods:
"any" usebundle => nginx_vhost(@(sites[$(idx)]));
reports:
}