# Netoïk reverse proxy ![badge](https://git.netoik.io/samuel/netoik-rp/actions/workflows/ci.yaml/badge.svg)

Build an RPM package which will install several tools.

- `Nginx` with:
    - ssl settings
    - security headers
    - default site configuration


- `Certbot` certificates with:
    - ovh configuration to renew certs
    - a command tool certbot_renew
    - a systemctl certbot renew timer


# Development

A `Makefile` is integrated to let you run some basic commands.

- To display some information about the project
  ```shell
  make name
  make version
  make release
  make build_arch
  ```

- To build a tarball:
  ```shell
  make tarball 
  ```
  
- To build a rpm package:
  ```shell
  rpmbuild -ba netoik-rp.spec
  ```
  
- To upload rpm package to Gitea repository
(env vars `GIT_PACKAGES_USERNAME` and `GIT_PACKAGES_TOKEN` needed):
  ```shell
  make upload
  ```


# CI / CD

Two workflows are set up.

- Continuous Integration:
  - triggered by each push on branch `main`
  - runs shellcheck on script `certbot_renew`
  - builds tarball and rpm package to test everything is OK


- Continuous Delivery:
  - triggered by each tag pushed
  - builds tarball
  - builds and uploads rpm package to `Gitea` repository


# Deployment

Some commands to deploy the RPM package on server

- Add Gitea repo to your repo list:
  ```shell
  dnf config-manager --add-repo https://git.netoik.io/api/packages/samuel/rpm.repo
  dnf repolist | grep gitea-samuel
  ```

- Show available versions:
  ```shell
  dnf --showduplicates netoik-rp
  ```

- Create certbot ovh credentials here: 
  [www.ovh.com/auth/api/createToken](https://www.ovh.com/auth/api/createToken)

- Setup environemnt file (fill values):
  ```shell
  cat > ~/.netoik-rp.env << EOF
  OVH_ENDPOINT=""
  OVH_APPLICATION_NAME=""
  OVH_APPLICATION_DESCRIPTION=""
  OVH_APPLICATION_KEY=""
  OVH_APPLICATION_SECRET=""
  OVH_CONSUMER_KEY=""
  EOF
  ```

- Install or upgrade package:
  ```shell
  set -a
  source ~/.netoik-rp.env
  dnf --nogpgcheck --refresh --assumeyes --best install netoik-rp
  set +a
  ```


# Security Notes

For security reasons, act runners does not have sudo privileges and so there is:
- **no** Continuous Deployment because act runners cannot use `dnf`
- **no** GPG signing because act runners cannot use `gpg`