doc: update badge

Makefile

@@ -2,7 +2,7 @@ NAME = netoik-rp
 VERSION = $(shell git describe --abbrev=0)
 RELEASE = $(shell git rev-parse --short HEAD)
 ARCH = noarch
-OWNER = samuel
+OWNER = netoik
 SUMMARY = "Netoïk Reverse Proxy"
 LICENSE = "MIT"
 URL = "https://git.netoik.io/$(OWNER)/$(NAME)"
@@ -17,50 +17,46 @@ RPM_UNITDIR = $(shell rpm --eval '%{_unitdir}')
 RPM_TARBALL_PATH = $(RPM_SOURCEDIR)/$(SOURCE0)
 RPM_BUILD_PATH = $(RPM_RPMDIR)/$(ARCH)/$(NAME)-$(VERSION)-$(RELEASE).$(ARCH).rpm
 
+.PHONY: help
+help:
+	@grep -E '^[a-zA-Z0-9_-]+:.*?## .*' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
 .PHONY: name
-name:
+name:  ## Show project name
 	@echo "$(NAME)"
 
 .PHONY: version
-version:
+version:  ## Show current project version
 	@echo "$(VERSION)"
 
 .PHONY: release
-release:
+release:  ## Show current project release
 	@echo "$(RELEASE)"
 
 .PHONY: arch
-arch:
+arch:  ## Show rpm arch target
 	@echo "$(ARCH)"
 
 .PHONY: owner
-owner:
+owner:  ## Show project owner name
 	@echo "$(OWNER)"
 
 .PHONY: summary
-summary:
+summary:  ## Show project summary
 	@echo "$(SUMMARY)"
 
 .PHONY: license
-license:
+license:  ## Show project license
 	@echo "$(LICENSE)"
 
 .PHONY: url
-url:
+url:  ## Show project homepage URL
 	@echo "$(URL)"
 
 .PHONY: source0
-source0:
+source0:  ## Show rpm source0 file name
 	@echo "$(SOURCE0)"
 
-.PHONY: install
-install:
-	install --directory $(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d $(DESTDIR)$(RPM_SYSCONFDIR)/certbot $(DESTDIR)$(RPM_UNITDIR) $(DESTDIR)$(RPM_SBINDIR)
-	install --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d files/nginx/0_security.conf files/nginx/z_default.conf
-	install --mode=600 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/certbot files/certbot/ovh.ini
-	install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR) files/systemd/certbot-renew.service files/systemd/certbot-renew.timer
-	install --mode=755 --target-directory=$(DESTDIR)$(RPM_SBINDIR) files/sbin/certbot_renew
-
 $(RPM_TARBALL_PATH): *
 	git archive --format=tar.gz \
 	            --output="$@" \
@@ -69,8 +65,24 @@ $(RPM_TARBALL_PATH): *
 	            HEAD 
 
 .PHONY: tarball
-tarball: $(RPM_TARBALL_PATH)
+tarball: $(RPM_TARBALL_PATH)  ## Build rpm tarball
+
+.PHONY: install
+install:  ## Install files into rpm dest (requires env var DESTDIR)
+	@if [ -z "$(DESTDIR)" ]; then \
+		printf "[CRITICAL] Missing env var DESTDIR\n[CRITICAL] This command is designed to be called by rpmbuild only!\n" 1>&2; \
+		exit 1; \
+	fi
+	install --mode=755 --directory $(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d $(DESTDIR)$(RPM_SYSCONFDIR)/certbot $(DESTDIR)$(RPM_UNITDIR) $(DESTDIR)$(RPM_SBINDIR)
+	install --mode=644 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d files/nginx/0_security.conf files/nginx/z_default.conf
+	install --mode=600 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/certbot files/certbot/ovh.ini
+	install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR) files/systemd/certbot-renew.service files/systemd/certbot-renew.timer
+	install --mode=755 --target-directory=$(DESTDIR)$(RPM_SBINDIR) files/sbin/certbot_renew
 
 .PHONY: upload
-upload:
+upload:  ## Upload rpm package to Gitea repository (requires env var PKG_TOKEN)
+	@if [ -z "$(PKG_TOKEN)" ]; then \
+		printf "[CRITICAL] Missing env var PKG_TOKEN\n[CRITICAL] This command is designed to be called by Gitea Actions only!\n" 1>&2; \
+		exit 1; \
+	fi
 	curl --fail-with-body --upload-file "$(RPM_BUILD_PATH)" --user "$(OWNER):$(PKG_TOKEN)" https://git.netoik.io/api/packages/$(OWNER)/rpm/upload

README.md

@@ -1,4 +1,4 @@
-# Netoïk reverse proxy ![badge](https://git.netoik.io/samuel/netoik-rp/actions/workflows/ci.yaml/badge.svg)
+# Netoïk reverse proxy ![badge](https://git.netoik.io/netoik/netoik-rp/actions/workflows/ci.yaml/badge.svg)
 
 Build an RPM package which will install several tools.
 
@@ -18,26 +18,26 @@ Build an RPM package which will install several tools.
 
 A `Makefile` is integrated to let you run some basic commands.
 
-- To display some information about the project
+- Display some information about the project
   ```shell
+  make help
   make name
   make version
   make release
-  make build_arch
+  make arch
   ```
 
-- To build a tarball:
+- Build a tarball:
   ```shell
   make tarball 
   ```
   
-- To build a rpm package:
+- Build an rpm package:
   ```shell
   rpmbuild -ba netoik-rp.spec
   ```
   
-- To upload rpm package to Gitea repository
+- Upload rpm package to Gitea repository (env var `PKG_TOKEN` is required):
-(env vars `GIT_PACKAGES_USERNAME` and `GIT_PACKAGES_TOKEN` needed):
   ```shell
   make upload
   ```
@@ -48,15 +48,16 @@ A `Makefile` is integrated to let you run some basic commands.
 Two workflows are set up.
 
 - Continuous Integration:
-  - triggered by each push on branch `main`
+  - triggered by each push event on branch `main`
-  - runs shellcheck on script `certbot_renew`
+  - runs shellcheck
-  - builds tarball and rpm package to test everything is OK
+  - builds tarball
-
+  - builds rpm package
 
 - Continuous Delivery:
-  - triggered by each tag pushed
+  - triggered by each tag push event
   - builds tarball
-  - builds and uploads rpm package to `Gitea` repository
+  - builds rpm package
+  - uploads rpm package to repository
 
 
 # Deployment
@@ -65,13 +66,13 @@ Some commands to deploy the RPM package on server
 
 - Add Gitea repo to your repo list:
   ```shell
-  dnf config-manager --add-repo https://git.netoik.io/api/packages/samuel/rpm.repo
+  dnf config-manager --add-repo https://git.netoik.io/api/packages/netoik/rpm.repo
   dnf repolist | grep gitea-samuel
   ```
 
 - Show available versions:
   ```shell
-  dnf --showduplicates netoik-rp
+  dnf search --showduplicates netoik-rp
   ```
 
 - Create certbot ovh credentials here: 
@@ -97,6 +98,11 @@ Some commands to deploy the RPM package on server
   set +a
   ```
 
+- Install or upgrade without certbot (for testing environment)
+  ```shell
+  SKIP_CERTBOT=true dnf --nogpgcheck --refresh --assumeyes --best install netoik-rp
+  ```
+
 
 # Security Notes
 

files/systemd/certbot-renew.service

@@ -2,4 +2,4 @@
 Description=Renew certbot certificates
 
 [Service]
-ExecStart=certbot_renew
+ExecStart=/usr/sbin/certbot_renew

netoik-rp.spec

@@ -22,25 +22,35 @@ Install the reverse proxy called nginx with a predefined configuration and with
 %make_install
 
 %post
-# Replace secrets in ovh.ini
+if [ -z $SKIP_CERTBOT ]; then
-envsubst < %{_sysconfdir}/certbot/ovh.ini > %{_sysconfdir}/certbot/.ovh.ini.new
+	# Check required OVH variables
-if cmp --silent %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini; then
+	if [ -z $OVH_ENDPOINT ]; then echo "Missing env var OVH_ENDPOINT!" 1>&2; exit 1; fi
-	rm %{_sysconfdir}/certbot/.ovh.ini.new
+	if [ -z $OVH_APPLICATION_NAME ]; then echo "Missing env var OVH_APPLICATION_KEY!" 1>&2; exit 1; fi
-else
+	if [ -z $OVH_APPLICATION_DESCRIPTION ]; then echo "Missing env var OVH_APPLICATION_DESCRIPTION!" 1>&2; exit 1; fi
+	if [ -z $OVH_APPLICATION_KEY ]; then echo "Missing env var OVH_APPLICATION_KEY!" 1>&2; exit 1; fi
+	if [ -z $OVH_APPLICATION_SECRET ]; then echo "Missing env var OVH_APPLICATION_SECRET!" 1>&2; exit 1; fi
+	if [ -z $OVH_CONSUMER_KEY ]; then echo "Missing env var OVH_CONSUMER_KEY!" 1>&2; exit 1; fi
+
+	# Replace secrets in ovh.ini
+	envsubst < %{_sysconfdir}/certbot/ovh.ini > %{_sysconfdir}/certbot/.ovh.ini.new
 	mv %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini
 	chmod 600 %{_sysconfdir}/certbot/ovh.ini
-fi
 
-# Create virtualenv with certot
+	# Create virtualenv with certot
-if [ ! -d "/opt/certbot" ]; then
+	if [ ! -d "/opt/certbot" ]; then
 		python3 -m venv /opt/certbot
 		/opt/certbot/bin/pip install --upgrade pip certbot certbot-nginx certbot-dns-ovh
 		ln --symbolic --force --target-directory %{_sbindir} /opt/certbot/bin/certbot
-fi
+	fi
 
-# Create certbot certificates
+	# Create certbot certificates
-if ! certbot certificates --cert-name netoik.io | grep --quiet netoik.io; then
+	if ! certbot certificates --cert-name netoik.io | grep --quiet netoik.io; then
 		certbot certonly --cert-name netoik.io --non-interactive --agree-tos --email samuel.campos@netoik.io --dns-ovh --dns-ovh-credentials %{_sysconfdir}/certbot/ovh.ini -d *.netoik.io -d *.samuel-campos.fr
+	fi
+else
+	# Skipping certbot, so create self-signed certificate
+	mkdir --parents /etc/letsencrypt/live/netoik.io
+	openssl req -newkey rsa:4096 -nodes -keyout /etc/letsencrypt/live/netoik.io/privkey.pem -x509 -days 365 -out /etc/letsencrypt/live/netoik.io/fullchain.pem -subj "/C=US/ST=State/L=City/O=Organization/OU=Department/CN=netoik.io"
 fi
 
 # Create ssl dh params if not already exists