Initial commit

nginx.cf

@@ -0,0 +1,193 @@
+#
+
+bundle agent nginx
+{
+vars:
+	"pkgs" slist => {
+		"nginx",
+		};
+centos::
+	"www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ;
+	"www_user" string => "nginx";
+	"www_group" string => "nginx";
+	"cfg_dir" string => "/etc/nginx";
+	"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";
+	"service_name" string => "nginx";
+	
+
+any::
+	"default_html_dir" string => "$(www_dir)/html";
+	
+}
+
+
+
+bundle agent install_nginx
+{
+methods:
+	"any" usebundle => wmde_install_packages(@(nginx.pkgs),"nginx");
+
+files:
+	"$(nginx.www_dir)/."
+	create=>"true",
+	perms => m("755"),
+	depends_on => { "nginx_pkgs_installed" },
+	handle => "nginx_www_dir_created";	
+
+	"$(nginx.default_html_dir)/."
+	create=>"true",
+	perms => uperm("$(nginx.www_user)","$(nginx.www_group)","755"),
+	depends_on => {"nginx_www_dir_created"},
+	handle=>"nginx_default_html_dir_created";
+
+
+files:
+	"$(sys.workdir)/data/agent/nginx/."
+		create => "true",
+		handle => "nginx_work_dir_created";
+
+
+commands:
+	"/bin/sh"
+	args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt",
+	inform => "false",
+	handle => "nginx_vhost_dir_cleaned",
+#	depends_on => {"apache_dummy_conf_created"},
+	contain => wmde_cmd_useshell; 
+
+
+
+}
+
+
+bundle agent nginx_vhost
+(site_param)
+{
+
+
+classes:
+	"delete" expression => $(site[disable]);
+	"use_ssl" expression => $(site[ssl]);
+	"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");
+	"do_logrotate" expression => $(site[logrotate]);
+
+vars:
+		#	"email":$(apache.admin_email),
+
+	"site_defaults" data => '
+		{
+			"aliases":[],
+			"ssl_cert":"certbot",
+			"doc_root":"$(nginx.www_dir)/$(site_param[domain])",
+			"doc_root_options":"Indexes FollowSymLinks",
+			"logging80":true,
+			"logging443":true,
+			"logrotate":false,
+		}
+	';
+
+	"site" data => mergedata(site_defaults,site_param);
+
+
+	"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";
+
+	"template_file" 
+	string => 
+		"$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache";
+
+	"domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf";
+	"domain_dir" string => "$(nginx.www_dir)/$(site[domain])";
+
+	"ssl_cert" string => ifelse( use_certbot, 
+		"$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem", 
+		"$(site[ssl_cert])");
+	"ssl_key" string => ifelse( use_certbot, 
+		"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem", 
+		"$(site[ssl_key])");
+
+	use_ssl&(use_certbot)::
+		"vhostdeps" slist => {
+			"nginx_ssl_created$(site[domain])",
+			"nginx_vhost_dir_cleaned"
+		};
+	(!use_ssl)|(!use_certbot)::
+		"vhostdeps" slist => {
+			"nginx_vhost_dir_cleaned"
+		};
+	files:
+
+	delete::
+		"$(domain_file)"
+		delete => tidy,
+		classes => if_repaired(nginx_restart);
+		
+	!delete::
+		"$(domain_file)"
+		perms => uperm("$(nginx.www_user)","$(nginx.www_group)","644"),
+		create => "true",
+		edit_template => "$(template_file)",
+		template_method => "mustache",
+		handle => "vhost_cfg_done$(site[domain])",
+		depends_on => @(vhostdeps),
+		classes => if_repaired("nginx_vhost_restart");
+
+		"$(domain_dir)/."
+			create => "true",
+			perms => uperm("$(nginx.www_user)","$(nginx.www_group)","750");
+
+methods:
+	use_ssl&use_certbot::
+		"any" usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"),
+		handle => "nginx_ssl_created$(site[domain])";
+
+		"nginx_vhost_restart"::
+			"any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"),
+			depends_on => {
+				"vhost_cfg_done$(site[domain])",
+				"nginx_ssl_created$(site[domain])" };
+		
+
+	(!use_ssl)|(!use_certbot)::
+		"nginx_vhost_restart"::
+			"any" usebundle => wmde_restart_service("$(nginx.service_name)","$(site[domain])"),
+			depends_on => {"vhost_cfg_done$(site[domain])" };
+
+#	"any" usebundle => install_logrot;
+
+files:
+#	do_logrotate::
+#	"$(logrot.dir)/$(site[domain])"
+#	create => "true",
+#	edit_defaults => backup("false"),
+#	edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot.mustache",
+#	template_method => "mustache";
+
+commands:
+	
+
+	"echo"
+	args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt",
+	inform => "false",
+	depends_on => {"vhost_cfg_done$(site[domain])"},
+	contain => wmde_cmd_useshell;
+
+
+
+reports:
+	"SITE: $(site[domain]): $(site[logrotate])";
+	"SF: @(site)";
+	"DF $(domain_file)";
+
+	delete::
+		"DELETE TRUE";
+	!delete::
+		"DELETE FALSE";
+
+#	!do_logrotate::
+#		"LOGOROOTATE FOR $(site[domain]): FALSE";
+#	do_logrotate::
+#		"LOGOROOTATE FOR $(site[domain]): TRUE";
+
+
+}
+

templates/nginx-vhost.conf.mustache

@@ -0,0 +1,61 @@
+#
+# Managed by CFEengine
+#
+
+	
+{{^vars.nginx_vhost.site.ssl}}
+server {
+	listen *:80;
+	server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};
+	root {{vars.nginx_vhost.site.doc_root}};
+
+	location ^~ /.well-known/acme-challenge/ {
+		alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
+		try_files $uri $uri/ =404;
+	}
+}
+{{/vars.nginx_vhost.site.ssl}}
+	
+	
+{{#vars.nginx_vhost.site.ssl}}
+
+server {
+	listen *:80;
+
+	server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};
+
+        location ^~ /.well-known/acme-challenge/ {
+                alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
+                try_files $uri $uri/ =404;
+        }
+
+	return       301 https://{{vars.nginx_vhost.site.domain}}$request_uri;
+}
+
+
+server {
+	listen *:443;
+	ssl on;
+
+
+	server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};
+
+        location ^~ /.well-known/acme-challenge/ {
+                alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
+                try_files $uri $uri/ =404;
+        }
+
+	ssl_certificate           {{vars.nginx_vhost.ssl_cert}};
+	ssl_certificate_key       {{vars.nginx_vhost.ssl_key}};
+
+#	ssl_dhparam               /etc/nginx/dhparam.pem;
+
+	root {{vars.nginx_vhost.site.doc_root}};
+
+}
+
+
+{{/vars.nginx_vhost.site.ssl}}
+
+
+