# Netoïk reverse proxy ![badge](https://git.netoik.io/samuel/netoik-rp/actions/workflows/ci.yaml/badge.svg) ![badge](https://git.netoik.io/samuel/netoik-rp/actions/workflows/cd.yaml/badge.svg)

Build an RPM package which will install several tools.

- `Nginx` with:
    - ssl settings
    - security headers
    - default site configuration


- `Certbot` certificates with:
    - ovh configuration to renew certs
    - a command tool certbot_renew
    - a systemctl certbot renew timer


# Development

A `Makefile` is integrated to let you run some basic commands.

- To display some information about the project
  ```shell
  make name
  make version
  make release
  make build_arch
  ```

- To build a tarball:
  ```shell
  make tarball 
  ```
  
- To build a rpm package:
  ```shell
  rpmbuild -ba netoik-rp.spec
  ```
  
- To upload rpm package to Gitea repository:
  ```shell
  # This command needs 2 env variables:
  # GIT_PACKAGES_USERNAME and GIT_PACKAGES_TOKEN
  make upload
  ```


# CI / CD

Two workflows are set up.

- Continuous Integration:
  - triggered by each push on branch `main`
  - runs shellcheck on script `certbot_renew`
  - builds tarball and rpm package to test everything is OK


- Continuous Delivery:
  - triggered by each tag pushed
  - builds tarball
  - builds and uploads rpm package to `Gitea` repository


# Deployment

Security Notes:
  - no Continuous Deployment set for security reasons **(1)**
  - no GPG signing for security reasons **(1)**

**(1)** Act runner does not have sudo access, which prevents 
from deploying via `dnf` and signing via `gpg`

Some commands to deploy the RPM package on server:
  ```shell
  # Add Gitea repo to your repolist
  dnf config-manager --add-repo https://git.netoik.io/api/packages/samuel/rpm.repo
  
  # Check Gitea repo is added
  dnf repolist | grep gitea-samuel
  
  # Show available package releases
  dnf --showduplicates netoik-rp
  
  # Install or upgrade package
  dnf --nogpgcheck install netoik-rp
  dnf --nogpgcheck upgrade netoik-rp 
  ```