# Netoïk reverse proxy ![badge](https://git.netoik.io/samuel/netoik-rp/actions/workflows/ci.yaml/badge.svg)

Build an RPM package which will install several tools.

- `Nginx` with:
    - ssl settings
    - security headers
    - default site configuration


- `Certbot` certificates with:
    - ovh configuration to renew certs
    - a command tool certbot_renew
    - a systemctl certbot renew timer


# Development

A `Makefile` is integrated to let you run some basic commands.

- To display some information about the project
  ```shell
  make name
  make version
  make release
  make build_arch
  ```

- To build a tarball:
  ```shell
  make tarball 
  ```
  
- To build a rpm package:
  ```shell
  rpmbuild -ba netoik-rp.spec
  ```
  
- To upload rpm package to Gitea repository:
  ```shell
  # This command needs 2 env variables:
  # GIT_PACKAGES_USERNAME and GIT_PACKAGES_TOKEN
  make upload
  ```


# CI / CD

Two workflows are set up.

- Continuous Integration:
  - triggered by each push on branch `main`
  - runs shellcheck on script `certbot_renew`
  - builds tarball and rpm package to test everything is OK


- Continuous Delivery:
  - triggered by each tag pushed
  - builds tarball
  - builds and uploads rpm package to `Gitea` repository


# Deployment

Some commands to deploy the RPM package on server:
  ```shell
  # Add Gitea repo to your repolist
  dnf config-manager --add-repo https://git.netoik.io/api/packages/samuel/rpm.repo
  
  # Check Gitea repo is added
  dnf repolist | grep gitea-samuel
  
  # Show available package releases
  dnf --showduplicates netoik-rp
  
  # Install or upgrade package
  dnf --nogpgcheck install netoik-rp
  dnf --nogpgcheck upgrade netoik-rp 
  ```

# Security Notes

For security reasons, act runners does not have sudo privileges and so there is:
- **no** Continuous Deployment because act runners cannot use `dnf`
- **no** GPG signing because act runners cannot use `gpg`