From 4dbfdb8d4e3b0457fac4d3a43c0555557eeb4f1d Mon Sep 17 00:00:00 2001 From: samuel Date: Wed, 31 Dec 2025 16:27:04 +0100 Subject: [PATCH] Refacto to replace nginx with netoik-rp --- Makefile | 13 ++++++------ etc/nginx/nginx.conf => conf/netoik-rp.conf | 0 etc/certbot/ovh.ini.tpl => conf/ovh.ini | 0 netoik-rp.spec | 23 ++++++++++++++------- services/netoik-rp.service | 14 +++++++++++++ 5 files changed, 36 insertions(+), 14 deletions(-) rename etc/nginx/nginx.conf => conf/netoik-rp.conf (100%) rename etc/certbot/ovh.ini.tpl => conf/ovh.ini (100%) create mode 100644 services/netoik-rp.service diff --git a/Makefile b/Makefile index a29af92..35c3ff4 100644 --- a/Makefile +++ b/Makefile @@ -2,8 +2,9 @@ NAME = $(shell basename $(PWD)) VERSION = $(shell git describe | sed 's/-/./g') BRANCH = $(shell git branch --show-current) -RPM_SOURCEDIR = $(shell rpm --eval '%{_sourcedir}') -RPM_SYSCONFDIR = $(shell rpm --eval '%{_sysconfdir}') +define rpm_eval +shell rpm --eval '%{$(1)}' +endef .PHONY: name name: @@ -25,7 +26,7 @@ tarball: $(RPM_SOURCEDIR)/$(NAME)-$(VERSION).tar.gz .PHONY: install install: - install --directory $(DESTDIR)$(RPM_SYSCONFDIR)/nginx - install --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx etc/nginx/nginx.conf - install --directory $(DESTDIR)$(RPM_SYSCONFDIR)/certbot - install --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/certbot etc/certbot/ovh.ini.tpl + install --directory $(DESTDIR)$(call rpm_eval _sysconfdir)/netoik-rp + install --target-directory=$(DESTDIR)$(call rpm_eval _sysconfdir)/netoik-rp/ conf/neotik-rp.conf + install --target-directory=$(DESTDIR)$(call rpm_eval _sysconfdir)/netoik-rp/ conf/ovh.ini + install --target-directory=$(DESTDIR)$(call rpm_eval _unitdir)/ services/netoik-rp.service diff --git a/etc/nginx/nginx.conf b/conf/netoik-rp.conf similarity index 100% rename from etc/nginx/nginx.conf rename to conf/netoik-rp.conf diff --git a/etc/certbot/ovh.ini.tpl b/conf/ovh.ini similarity index 100% rename from etc/certbot/ovh.ini.tpl rename to conf/ovh.ini diff --git a/netoik-rp.spec b/netoik-rp.spec index 7cb752f..317e60a 100644 --- a/netoik-rp.spec +++ b/netoik-rp.spec @@ -23,20 +23,27 @@ Install the reverse proxy called nginx with a predefined configuration and with %post if [ $1 == 1 ]; then - %{_bindir}/env envsubst < %{_sysconfdir}/certbot/ovh.ini.tpl > %{_sysconfdir}/certbot/ovh.ini - %{_bindir}/env chmod 600 %{_sysconfdir}/certbot/ovh.ini + # Replace secrets in ovh.ini + %{_bindir}/env envsubst < %{_sysconfdir}/%{name}/ovh.ini > %{_sysconfdir}/%{name}/ovh.ini.tmp + %{_bindir}/env mv %{_sysconfdir}/%{name}/ovh.ini.tmp %{_sysconfdir}/%{name}/ovh.ini + + # Create virutal env with certbot cli %{_bindir}/env python3 -m venv /opt/certbot /opt/certbot/bin/pip install --upgrade pip certbot certbot-dns-ovh - /opt/certbot/bin/certbot certonly --dns-ovh --dns-ovh-credentials "%{_sysconfdir}/certbot/ovh.ini" -d "*.netoik.io" -d "*.samuel-campos.fr" + %{_bindir}/env ln --symbolic --target-directory %{_sbindir} /opt/certbot/bin/certbot + %{_bindir}/env certbot certonly --dns-ovh --dns-ovh-credentials "%{_sysconfdir}/%{name}/ovh.ini" -d "*.netoik.io" -d "*.samuel-campos.fr" %{_bindir}/env printf "\nAutomatic certbot renew\n0 12 * * * root sleep $((RANDOM % 3600)) && certbot renew -q\n" >> %{_sysconfdir}/crontab fi -%{_bindir}/env systemctl enable nginx -%{_bindir}/env systemctl restart nginx +%{_bindir}/env systemctl disable nginx +%{_bindir}/env systemctl stop nginx +%{_bindir}/env systemctl enable %{name} +%{_bindir}/env systemctl start %{name} %files -%attr(644, root, root) %{_sysconfdir}/nginx/nginx.conf -%attr(755, root, root) %dir %{_sysconfdir}/certbot -%attr(644, root, root) %{_sysconfdir}/certbot/ovh.ini.tpl +%attr(755, root, root) %dir %{_sysconfdir}/%{name} +%attr(600, root, root) %config %{_sysconfdir}/%{name}/ovh.ini +%attr(644, root, root) %config %{_sysconfdir}/%{name}/netoik-rp.conf +%attr(644, root, root) %config %{_unitdir}/%{name}.service %changelog %autochangelog diff --git a/services/netoik-rp.service b/services/netoik-rp.service new file mode 100644 index 0000000..dd89e69 --- /dev/null +++ b/services/netoik-rp.service @@ -0,0 +1,14 @@ +[Service] +Type=forking +PIDFile=/run/netoik-rp.pid +ExecStartPre=/usr/bin/env rm -f /run/netoik-rp.pid +ExecStartPre=/usr/bin/env nginx -t -c /etc/netoik-rp/netoik-rp.conf +ExecStart=/usr/bin/env nginx -c /etc/netoik-rp/netoik-rp.conf +ExecReload=/usr/bin/env nginx -s reload -c /etc/netoik-rp/netoik-rp.conf +KillSignal=SIGQUIT +TimeoutStopSec=5 +KillMode=mixed +PrivateTmp=true + +[Install] +WantedBy=multi-user.target