doc: update readme

Makefile

@@ -56,7 +56,7 @@ source0:
 .PHONY: install
 install:
 	install --directory $(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d $(DESTDIR)$(RPM_SYSCONFDIR)/certbot $(DESTDIR)$(RPM_UNITDIR) $(DESTDIR)$(RPM_SBINDIR)
-	install --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d files/nginx/0_security.conf files/nginx/default.conf
+	install --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d files/nginx/0_security.conf files/nginx/z_default.conf
 	install --mode=600 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/certbot files/certbot/ovh.ini
 	install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR) files/systemd/certbot-renew.service files/systemd/certbot-renew.timer
 	install --mode=755 --target-directory=$(DESTDIR)$(RPM_SBINDIR) files/sbin/certbot_renew

README.md

@@ -63,21 +63,38 @@ Two workflows are set up.
 
 Some commands to deploy the RPM package on server
 
-- To add Gitea repo to your repo list:
+- Add Gitea repo to your repo list:
   ```shell
   dnf config-manager --add-repo https://git.netoik.io/api/packages/samuel/rpm.repo
   dnf repolist | grep gitea-samuel
   ```
 
-- To show available versions:
+- Show available versions:
   ```shell
   dnf --showduplicates netoik-rp
   ```
 
-- To install or upgrade:
+- Create certbot ovh credentials here: 
+  [www.ovh.com/auth/api/createToken](https://www.ovh.com/auth/api/createToken)
+
+- Setup environemnt file (fill values):
   ```shell
-  dnf --nogpgcheck install netoik-rp
+  cat > ~/.netoik-rp.env << EOF
-  dnf --nogpgcheck upgrade netoik-rp
+  OVH_ENDPOINT=""
+  OVH_APPLICATION_NAME=""
+  OVH_APPLICATION_DESCRIPTION=""
+  OVH_APPLICATION_KEY=""
+  OVH_APPLICATION_SECRET=""
+  OVH_CONSUMER_KEY=""
+  EOF
+  ```
+
+- Install or upgrade package:
+  ```shell
+  set -a
+  source ~/.netoik-rp.env
+  dnf --nogpgcheck --refresh --assumeyes --best install netoik-rp
+  set +a
   ```
 
 

files/certbot/ovh.ini

@@ -1,5 +1,5 @@
 # OVH API credentials used by Certbot
-# To generate a new token, go to: https://www.ovh.com/auth/api/createToken
+# To generate new credentials, go to: https://www.ovh.com/auth/api/createToken
 
 dns_ovh_endpoint = "$OVH_ENDPOINT"
 dns_ovh_application_name = "$OVH_APPLICATION_NAME"

files/nginx/0_security.conf

@@ -22,7 +22,7 @@ add_header                   X-XSS-Protection                     "1;mode=block"
 add_header                   X-Content-Type-Options               "nosniff"                                                                            always;
 add_header                   X-Permitted-Cross-Domain-Policies    "none"                                                                               always;
 add_header                   Referrer-Policy                      "strict-origin-when-cross-origin"                                                    always;
-add_header                   Content-Security-Policy              "default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self';"    always;
+add_header                   Content-Security-Policy              "default-src 'self' 'unsafe-inline' data:; frame-ancestors 'self'; form-action 'self';"    always;
 add_header                   Cross-Origin-Opener-Policy           "same-origin"                                                                        always;
 add_header                   Cross-Origin-Resource-Policy         "same-site"                                                                          always;
 add_header                   Permissions-Policy                   "geolocation=(), camera=(), microphone=()"                                           always;

netoik-rp.spec

@@ -62,7 +62,7 @@ fi
 
 %files
 %attr(644, root, root) %{_sysconfdir}/nginx/conf.d/0_security.conf
-%attr(644, root, root) %{_sysconfdir}/nginx/conf.d/default.conf
+%attr(644, root, root) %{_sysconfdir}/nginx/conf.d/z_default.conf
 
 %attr(755, root, root) %dir %{_sysconfdir}/certbot
 %attr(600, root, root) %{_sysconfdir}/certbot/ovh.ini