Zen
/
Alchemy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Finished modularizing NGINX configuration

main
Zen 3 years ago
parent
b410fa83bf
commit
9239806c0f
9 changed files with 212 additions and 132 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      README.md
  2. 178
      ingredients/copper
  3. 35
      ingredients/iron
  4. 16
      ingredients/lead
  5. 77
      recipes/ao.sh
  6. 2
      recipes/wordpress.sh
  7. 2
      resources/nginx/ao.nginx.conf
  8. 0
      resources/nginx/base.nginx.conf
  9. 24
      resources/wordpress.nginx.conf

10
README.md
Unescape View File

@ -1,5 +1,6 @@
# Alchemy # Alchemy
A collection of scripts for working with bare metal. A collection of scripts for transmuting bare metal and encouraging
autonomous decentralization.
## Initialization ## Initialization
Ideally, this package should be able to be initialized by running `make alchemy`. Ideally, this package should be able to be initialized by running `make alchemy`.
@ -11,7 +12,7 @@ in which case you can initialize the environment by running the following:
Recipes are a core component of the Alchemy ecosystem. They are stored Recipes are a core component of the Alchemy ecosystem. They are stored
in the `recipes/` directory and common ones can be sourced via make. in the `recipes/` directory and common ones can be sourced via make.
Some common recipes are listed below: Some basic recipes are listed below:
`make autonomy` runs an interactive installer to get AO up and running on the current system `make autonomy` runs an interactive installer to get AO up and running on the current system
@ -53,3 +54,8 @@ Due to the nature of images being both bulky and platform-dependent, they are no
The `resources/` folder contains templates and other files that are small enough to be moved around with the scripts. The `resources/` folder contains templates and other files that are small enough to be moved around with the scripts.
Some of these files are fragile and should be considered read-only. Some of these files are fragile and should be considered read-only.
### Design Notes
#### POSIX Compatibility
This is important to aim for in the name of making something that is
as universal as possible. Aim to only use /bin/sh compatible syntax.

178
ingredients/copper
Unescape View File

@ -19,10 +19,14 @@ locate_torrc() {
TORRCPATH='/etc/tor/torrc' TORRCPATH='/etc/tor/torrc'
elif [ -e $HOME/.tor/torrc ]; then elif [ -e $HOME/.tor/torrc ]; then
TORRCPATH="${HOME}/.tor/torrc" TORRCPATH="${HOME}/.tor/torrc"
elif [ -e $HOME/.tor/torrc ]; then
TORRCPATH="${HOME}/.tor/torrc"
else else
echo -e "${RED}Uh oh...${RESET} I couldn't figure out\ echo -e "${RED}Uh oh...${RESET} I couldn't figure out\
where your torrc file is. That might cause some issues" where your torrc file is. That might cause some issues"
exit 1 sleep 3
echo "Anyways..."
sleep 2
fi fi
fi fi
@ -72,27 +76,167 @@ get_external_ip() {
remember "EXTERNAL_IP=$EXTERNAL_IP" remember "EXTERNAL_IP=$EXTERNAL_IP"
} }
get_domain_name() { initialize_nginx() {
read -p "Do you have a domain name pointing to this computer? (y/n): " dns install_if_needed nginx
# Making sure this version of NGINX supports sites-enabled
if [[ -z $(sudo cat /etc/nginx/nginx.conf | grep sites-enabled) ]]; then
sudo mkdir -p /etc/nginx/sites-available
sudo mkdir -p /etc/nginx/sites-enabled
sudo cp resources/nginx/base.nginx.conf /etc/nginx/nginx.conf
fi
sudo mkdir -p /etc/nginx/logs
}
make_site() {
SITE=${1}
shift
if [ -f resources/nginx/${SITE}.nginx.conf ]; then
NGINX_SITE_LOCATION=/etc/nginx/sites-available/${SITE}
if [ -f $NGINX_SITE_LOCATION ]; then
echo -en "You already have a site available for ${SITE}, \
what would you like to do? ${BOLD}R${RESET}eset it,\
${BOLD}A${RESET}ctivate it, or do ${BOLD}N${RESET}\
othing? ( r / a / n ): "
read whatdo
case $whatdo in
"R" | "r")
echo "Resetting sites-available/${SITE}"
sudo rm /etc/nginx/sites-available/${SITE}
;;
"A" | "a")
echo "Activating sites-available/${SITE}"
if [ ! -e /etc/nginx/sites-enabled/${SITE} ]; then
sudo ln -s /etc/nginx/sites-available/${SITE} /etc/nginx/sites-enabled/
fi
;;
"N" | "n")
echo "Okay, we'll leave it be."
;;
*)
echo "Instructions unclear, accidentally an choice"
;;
esac
fi
if [ ! -f $NGINX_SITE_LOCATION ]; then
sudo cp resources/nginx/${SITE}.nginx.conf $NGINX_SITE_LOCATION
for keyval; do
KEY=$(echo $keyval | cut -d'=' -f 1)
VAL=$(echo $keyval | cut -d'=' -f 2)
echo "Substituting $KEY for $VAL"
sudo sed -i "s#$KEY#$VAL#g" $NGINX_SITE_LOCATION
done
if [ ! -e /etc/nginx/sites-enabled/${SITE} ]; then
sudo ln -s /etc/nginx/sites-available/${SITE} /etc/nginx/sites-enabled/
fi
fi
else
echo ""
echo -e "${RED}Sorry${RESET}, ${SITE} isn't available as an nginx template"
echo "We have..."
echo `ls resources/nginx`
fi
}
get_domain() {
if [ ! -z $DOMAIN ]; then
echo -e "Your domain name is currently set to ${BLUE}${DOMAIN}${RESET}"
echo -ne "would you like to change it? ${BLUE}(y/n): ${RESET}"
read newdns
case $newdns in
y | Y)
forget "DOMAIN"
;;
esac
echo ""
fi
if [ -z $DOMAIN ]; then
echo -en "Do you have a domain name pointing to this computer? ${BLUE}(y/n)${RESET}: "
read dns
echo ""
case $dns in
y | Y)
echo "Good to hear! What is it?"
OKAY=0
while [ $OKAY -eq 0 ]; do
echo -n "http://"
read DOMAIN
echo ""
echo -ne "is ${BLUE}http://${DOMAIN}${RESET} correct? ${BLUE}(y/n): ${RESET}"
read correct
case $correct in
y | Y)
OKAY=1
;;
*)
echo "Okay, let's try again! What is your domain name?"
;;
esac
done
echo "${BLUE}${DOMAIN}${RESET}, got it."
remember "DOMAIN=${DOMAIN}"
;;
*)
echo "Okay, let's just leave it open for now."
;;
esac
fi
}
configure_domain_for_site() {
get_domain
if [ -f /etc/nginx/sites-enabled/${1} ]; then
if [ ! -z $DOMAIN ]; then
sed -i "s#server_name.*#server_name $DOMAIN;#" /etc/nginx/sites-enabled/${1}
else
echo "You didn't provide a domain to configure!"
fi
else
echo "Sorry, we don't have a site enabled for ${1}"
fi
echo "" echo ""
case $dns in }
y | Y)
echo "Good to hear! What is it?" enable_ssl() {
read -p "http://" domain if [ ! -z $SSL ]; then
;; echo "We've already gone through the SSL enabling process! Skipping"
*) else
echo "Okay, let's just leave it open for now." if [ ! -z $DOMAIN ]; then
domain=$(dig @resolver4.opendns.com myip.opendns.com +short) read -p "Would you like to enable SSL via Certbot? (y/n): " -n1 ssl
anywhere=1 echo ""
echo "Try accessing this AO from either localhost, 127.0.0.1, or ${domain}" case $ssl in
;; y | Y)
esac echo "Alright, let's get Certbot in here!"
install_if_needed python3 certbot python3-certbot-nginx
echo -e "${BOLD}Take it away, Certbot${NC}"
SSL=$(sudo certbot --nginx)
remember "SSL=$SSL"
;;
*)
echo "Yea, SSL is like, totally whatever anyways..."
;;
esac
else
echo "We can't configure SSL without a domain! Skipping"
fi
fi
if [ "$anywhere" -eq 1 ]; then if [ -z $DOMAIN ]; then
ACCESS_POINT=http://localhost ACCESS_POINT=http://localhost
else else
ACCESS_POINT=https://$domain if [ -z $SSL ]; then
ACCESS_POINT=http://$DOMAIN
else
ACCESS_POINT=https://$DOMAIN
fi
fi fi
remember "ACCESS_POINT=${ACCESS_POINT}"
} }
build_service_from_template() { build_service_from_template() {

35
ingredients/iron
Unescape View File

@ -13,10 +13,18 @@
# installing common frameworks. Expect to use this one a lot if you're # installing common frameworks. Expect to use this one a lot if you're
# writing alchemy recipes! # writing alchemy recipes!
# ------------------- NodeJS Ecosystem -------------------
if [ -d $NVM_DIR ]; then
source $NVM_DIR/nvm.sh
source $NVM_DIR/bash_completion
fi
set_node_to() { set_node_to() {
if check_exists nvm; then if check_exists nvm; then
nvm install v16.13.0 nvm install $1
nvm alias default v16.13.0 nvm alias default $1
nvm use default nvm use default
else else
echo "nvm not available, something went wrong..." echo "nvm not available, something went wrong..."
@ -25,21 +33,14 @@ set_node_to() {
install_nvm() { install_nvm() {
echo -e "${BOLD}Installing Node Version Manager${RESET}" echo -e "${BOLD}Installing Node Version Manager${RESET}"
chmod +x scripts/nvm_install.sh if [ -n $NVM_DIR ]; then
scripts/nvm_install.sh &> /dev/null echo "nvm already installed! skipping"
else
remember "NVM_DIR=$HOME/.nvm" chmod +x scripts/nvm_install.sh
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm scripts/nvm_install.sh &> /dev/null
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
remember "NVM_DIR=$HOME/.nvm"
case $SHELL in fi
"/bin/zsh")
source ~/.zshrc
;;
"/bin/bashrc")
source ~/.bashrc
;;
esac
} }
IRON=1 IRON=1

16
ingredients/lead
Unescape View File

@ -100,8 +100,13 @@ install_if_needed() {
done done
} }
# This one looks like gibberish because we're using regex, don't worry. # These two might look like gibberish because we're using regex, don't worry.
# It takes values and stores them away in the env for later reference # It takes values and stores them away in the env for later reference
forget() {
unset ${1}
sed -i "/^${1}.*$/d" .env
}
remember() { remember() {
KEY=$(echo ${1} | cut -d'=' -f 1) KEY=$(echo ${1} | cut -d'=' -f 1)
VALUE=$(echo ${1} | cut -d'=' -f 2) VALUE=$(echo ${1} | cut -d'=' -f 2)
@ -114,10 +119,13 @@ remember() {
echo "Valid characters for env values: letters, numbers, \".\",\"/\",\"_\"" echo "Valid characters for env values: letters, numbers, \".\",\"/\",\"_\""
fi fi
# If we're setting a valid key/value pair
if [[ ${1} =~ ^[A-Z_]+\=[A-Za-z0-9/._]*$ ]]; then if [[ ${1} =~ ^[A-Z_]+\=[A-Za-z0-9/._]*$ ]]; then
if [[ -n $(env | grep ${KEY}) ]]; then
# If we're trying to set the value to something new
if [[ ! $(env | grep ${KEY}) = $1 ]]; then
echo -e "${BLUE}${KEY}${RESET} has already been defined in the env!" echo -e "${BLUE}${KEY}${RESET} has already been defined in the env!"
echo -n "would you like to overwrite it? ${BLUE}(y/n)${RESET} " echo -en "would you like to overwrite it? ${BLUE}(y/n)${RESET} "
read overwrite read overwrite
case $overwrite in case $overwrite in
"y" | "Y") "y" | "Y")
@ -128,10 +136,12 @@ remember() {
;; ;;
esac esac
else else
forget ${KEY}
echo "${1}" >> .env echo "${1}" >> .env
export ${1} export ${1}
fi fi
fi fi
} }
LEAD=1 LEAD=1

77
recipes/ao.sh
Unescape View File

@ -98,16 +98,19 @@ remember "AO=${AO}"
echo "" echo ""
if [ $AO = "3" ] || [ $AO = 'react' ]; then if [ $AO = "3" ] || [ $AO = 'react' ]; then
if ! check_exists nvm; then if [ -z $NVM_DIR ]; then
install_nvm install_nvm
source ingredients/iron
else else
echo -e "${BLUE}Node${RESET} already installed" echo -e "${BLUE}Node${RESET} already installed"
echo "" echo ""
fi fi
echo "Setting Node to v16.13.0 for compatibility" echo "Setting Node to ${BLUE}v16.13.0${RESET} for compatibility"
set_node_to v16.13.0 set_node_to v16.13.0
echo ""
echo -e "${GREEN}Done!${RESET}" echo -e "${GREEN}Done!${RESET}"
echo ""
fi fi
if [ $AO = "3" ] || [ $AO = 'react' ]; then if [ $AO = "3" ] || [ $AO = 'react' ]; then
@ -206,73 +209,13 @@ esac
echo "" echo ""
echo -e "You still there? I need to ask you some questions! \n\n${BLUE}(enter)${RESET}" echo -e "You still there? I need to ask you some questions! \n\n${BLUE}(enter)${RESET}"
read read
echo ""
read -p "Do you have a domain name pointing to this computer? (y/n): " dns
echo ""
case $dns in
y | Y)
echo "Good to hear! What is it?"
read -p "http://" domain
;;
*)
echo "Okay, let's just leave it open for now."
domain=$(dig @resolver4.opendns.com myip.opendns.com +short)
anywhere=1
echo "Try accessing this AO from either localhost, 127.0.0.1, or ${domain}"
;;
esac
if [ "$anywhere" -eq 1 ]; then
ACCESS_POINT=http://localhost
else
ACCESS_POINT=https://$domain
fi
echo ""
# Making sure this version of NGINX supports sites-enabled
if [[ -z $(sudo cat /etc/nginx/nginx.conf | grep sites-enabled) ]]; then
sudo mkdir -p /etc/nginx/sites-available
sudo mkdir -p /etc/nginx/sites-enabled
sudo cp resources/base.nginx.conf /etc/nginx/nginx.conf
fi
sudo mkdir -p /etc/nginx/logs initialize_nginx
make_site ao "FILE_ROOT=${HOME}/ao-${AO}/dist"
configure_domain_for_site ao
enable_ssl
AO_NGINX_CONF=/etc/nginx/sites-available/ao echo -e "Excellent! We've configured this computer to serve your AO from ${BLUE}${ACCESS_POINT}${RESET}"
sudo cp resources/ao.nginx.conf $AO_NGINX_CONF
if [ -n $anywhere ]; then
sudo sed -i "s#SERVER_NAME#_#" $AO_NGINX_CONF
else
sudo sed -i "s#SERVER_NAME#${domain}#" $AO_NGINX_CONF
fi
sudo sed -i "s#FILE_ROOT#${HOME}/ao-react/dist#" $AO_NGINX_CONF
if [ ! -e /etc/nginx/sites-enabled/ao ]; then
sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/
fi
echo ""
echo "Excellent! We've configured $AO_NGINX_CONF to serve your AO from $domain"
echo ""
if [ -z $anywhere ]; then
read -p "Would you like to enable SSL via Certbot? (y/n): " -n1 ssl
echo ""
case $ssl in
y | Y)
echo "Alright, let's get Certbot in here!"
install_if_needed python3 certbot python3-certbot-nginx
echo -e "${BOLD}Take it away, Certbot${NC}"
sudo certbot --nginx
;;
*)
echo "Yea, SSL is lame anyways..."
;;
esac
fi
echo ""
# ------------------- Step 7 - Systemd Setup ------------------- # ------------------- Step 7 - Systemd Setup -------------------

2
recipes/wordpress.sh
Unescape View File

@ -156,7 +156,7 @@ case $boot in
esac esac
echo "" echo ""
WP_NGINX_CONF=/etc/nginx/sites-available/wp WP_NGINX_CONF=/etc/nginx/sites-available/wp
sudo cp resources/wordpress.nginx.conf $WP_NGINX_CONF sudo cp resources/nginx/wordpress.nginx.conf $WP_NGINX_CONF
sudo sed -i "s#SERVER_NAME#${domain}#" $WP_NGINX_CONF sudo sed -i "s#SERVER_NAME#${domain}#" $WP_NGINX_CONF
sudo sed -i "s#FILE_ROOT#${WP_DIR}/wordpress#" $WP_NGINX_CONF sudo sed -i "s#FILE_ROOT#${WP_DIR}/wordpress#" $WP_NGINX_CONF
sudo ln -s /etc/nginx/sites-available/wp /etc/nginx/sites-enabled/ sudo ln -s /etc/nginx/sites-available/wp /etc/nginx/sites-enabled/

2
resources/ao.nginx.conf → resources/nginx/ao.nginx.conf
Unescape View File

@ -2,7 +2,7 @@ server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
server_name SERVER_NAME; server_name _;
root FILE_ROOT; root FILE_ROOT;
index index.html; index index.html;

0
resources/base.nginx.conf → resources/nginx/base.nginx.conf
Unescape View File

24
resources/wordpress.nginx.conf
Unescape View File

@ -1,24 +0,0 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name SERVER_NAME;
root FILE_ROOT;
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
Write Preview
Loading…
Cancel
Save