From 9239806c0ffdb7e0a6b2fef49759b84b4fbf3575 Mon Sep 17 00:00:00 2001 From: Zen Date: Sun, 27 Feb 2022 14:47:32 -0600 Subject: [PATCH] Finished modularizing NGINX configuration --- README.md | 10 +- ingredients/copper | 178 +++++++++++++++++++++++--- ingredients/iron | 35 ++--- ingredients/lead | 16 ++- recipes/ao.sh | 77 ++--------- recipes/wordpress.sh | 2 +- resources/{ => nginx}/ao.nginx.conf | 2 +- resources/{ => nginx}/base.nginx.conf | 0 resources/wordpress.nginx.conf | 24 ---- 9 files changed, 212 insertions(+), 132 deletions(-) rename resources/{ => nginx}/ao.nginx.conf (90%) rename resources/{ => nginx}/base.nginx.conf (100%) delete mode 100644 resources/wordpress.nginx.conf diff --git a/README.md b/README.md index 8a603fb..bba3ec6 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # Alchemy -A collection of scripts for working with bare metal. +A collection of scripts for transmuting bare metal and encouraging +autonomous decentralization. ## Initialization Ideally, this package should be able to be initialized by running `make alchemy`. @@ -11,7 +12,7 @@ in which case you can initialize the environment by running the following: Recipes are a core component of the Alchemy ecosystem. They are stored in the `recipes/` directory and common ones can be sourced via make. -Some common recipes are listed below: +Some basic recipes are listed below: `make autonomy` runs an interactive installer to get AO up and running on the current system @@ -53,3 +54,8 @@ Due to the nature of images being both bulky and platform-dependent, they are no The `resources/` folder contains templates and other files that are small enough to be moved around with the scripts. Some of these files are fragile and should be considered read-only. + +### Design Notes +#### POSIX Compatibility +This is important to aim for in the name of making something that is +as universal as possible. Aim to only use /bin/sh compatible syntax. diff --git a/ingredients/copper b/ingredients/copper index a7507c6..e583184 100644 --- a/ingredients/copper +++ b/ingredients/copper @@ -19,10 +19,14 @@ locate_torrc() { TORRCPATH='/etc/tor/torrc' elif [ -e $HOME/.tor/torrc ]; then TORRCPATH="${HOME}/.tor/torrc" + elif [ -e $HOME/.tor/torrc ]; then + TORRCPATH="${HOME}/.tor/torrc" else echo -e "${RED}Uh oh...${RESET} I couldn't figure out\ where your torrc file is. That might cause some issues" - exit 1 + sleep 3 + echo "Anyways..." + sleep 2 fi fi @@ -72,27 +76,167 @@ get_external_ip() { remember "EXTERNAL_IP=$EXTERNAL_IP" } -get_domain_name() { - read -p "Do you have a domain name pointing to this computer? (y/n): " dns +initialize_nginx() { + install_if_needed nginx + + # Making sure this version of NGINX supports sites-enabled + if [[ -z $(sudo cat /etc/nginx/nginx.conf | grep sites-enabled) ]]; then + sudo mkdir -p /etc/nginx/sites-available + sudo mkdir -p /etc/nginx/sites-enabled + sudo cp resources/nginx/base.nginx.conf /etc/nginx/nginx.conf + fi + + sudo mkdir -p /etc/nginx/logs +} + +make_site() { + SITE=${1} + shift + if [ -f resources/nginx/${SITE}.nginx.conf ]; then + NGINX_SITE_LOCATION=/etc/nginx/sites-available/${SITE} + if [ -f $NGINX_SITE_LOCATION ]; then + echo -en "You already have a site available for ${SITE}, \ + what would you like to do? ${BOLD}R${RESET}eset it,\ + ${BOLD}A${RESET}ctivate it, or do ${BOLD}N${RESET}\ + othing? ( r / a / n ): " + read whatdo + case $whatdo in + "R" | "r") + echo "Resetting sites-available/${SITE}" + sudo rm /etc/nginx/sites-available/${SITE} + ;; + "A" | "a") + echo "Activating sites-available/${SITE}" + if [ ! -e /etc/nginx/sites-enabled/${SITE} ]; then + sudo ln -s /etc/nginx/sites-available/${SITE} /etc/nginx/sites-enabled/ + fi + ;; + "N" | "n") + echo "Okay, we'll leave it be." + ;; + *) + echo "Instructions unclear, accidentally an choice" + ;; + esac + fi + + if [ ! -f $NGINX_SITE_LOCATION ]; then + sudo cp resources/nginx/${SITE}.nginx.conf $NGINX_SITE_LOCATION + + for keyval; do + KEY=$(echo $keyval | cut -d'=' -f 1) + VAL=$(echo $keyval | cut -d'=' -f 2) + + echo "Substituting $KEY for $VAL" + sudo sed -i "s#$KEY#$VAL#g" $NGINX_SITE_LOCATION + done + + if [ ! -e /etc/nginx/sites-enabled/${SITE} ]; then + sudo ln -s /etc/nginx/sites-available/${SITE} /etc/nginx/sites-enabled/ + fi + fi + else + echo "" + echo -e "${RED}Sorry${RESET}, ${SITE} isn't available as an nginx template" + echo "We have..." + echo `ls resources/nginx` + fi +} + +get_domain() { + if [ ! -z $DOMAIN ]; then + echo -e "Your domain name is currently set to ${BLUE}${DOMAIN}${RESET}" + echo -ne "would you like to change it? ${BLUE}(y/n): ${RESET}" + read newdns + case $newdns in + y | Y) + forget "DOMAIN" + ;; + esac + echo "" + fi + + if [ -z $DOMAIN ]; then + echo -en "Do you have a domain name pointing to this computer? ${BLUE}(y/n)${RESET}: " + read dns + echo "" + case $dns in + y | Y) + echo "Good to hear! What is it?" + OKAY=0 + while [ $OKAY -eq 0 ]; do + echo -n "http://" + read DOMAIN + echo "" + echo -ne "is ${BLUE}http://${DOMAIN}${RESET} correct? ${BLUE}(y/n): ${RESET}" + read correct + case $correct in + y | Y) + OKAY=1 + ;; + *) + echo "Okay, let's try again! What is your domain name?" + ;; + esac + done + echo "${BLUE}${DOMAIN}${RESET}, got it." + remember "DOMAIN=${DOMAIN}" + ;; + *) + echo "Okay, let's just leave it open for now." + ;; + esac + fi +} + +configure_domain_for_site() { + get_domain + if [ -f /etc/nginx/sites-enabled/${1} ]; then + if [ ! -z $DOMAIN ]; then + sed -i "s#server_name.*#server_name $DOMAIN;#" /etc/nginx/sites-enabled/${1} + else + echo "You didn't provide a domain to configure!" + fi + else + echo "Sorry, we don't have a site enabled for ${1}" + fi echo "" - case $dns in - y | Y) - echo "Good to hear! What is it?" - read -p "http://" domain - ;; - *) - echo "Okay, let's just leave it open for now." - domain=$(dig @resolver4.opendns.com myip.opendns.com +short) - anywhere=1 - echo "Try accessing this AO from either localhost, 127.0.0.1, or ${domain}" - ;; - esac +} - if [ "$anywhere" -eq 1 ]; then +enable_ssl() { + if [ ! -z $SSL ]; then + echo "We've already gone through the SSL enabling process! Skipping" + else + if [ ! -z $DOMAIN ]; then + read -p "Would you like to enable SSL via Certbot? (y/n): " -n1 ssl + echo "" + case $ssl in + y | Y) + echo "Alright, let's get Certbot in here!" + install_if_needed python3 certbot python3-certbot-nginx + echo -e "${BOLD}Take it away, Certbot${NC}" + SSL=$(sudo certbot --nginx) + remember "SSL=$SSL" + ;; + *) + echo "Yea, SSL is like, totally whatever anyways..." + ;; + esac + else + echo "We can't configure SSL without a domain! Skipping" + fi + fi + + if [ -z $DOMAIN ]; then ACCESS_POINT=http://localhost else - ACCESS_POINT=https://$domain + if [ -z $SSL ]; then + ACCESS_POINT=http://$DOMAIN + else + ACCESS_POINT=https://$DOMAIN + fi fi + remember "ACCESS_POINT=${ACCESS_POINT}" } build_service_from_template() { diff --git a/ingredients/iron b/ingredients/iron index 8c276cb..16afc1e 100644 --- a/ingredients/iron +++ b/ingredients/iron @@ -13,10 +13,18 @@ # installing common frameworks. Expect to use this one a lot if you're # writing alchemy recipes! + +# ------------------- NodeJS Ecosystem ------------------- + +if [ -d $NVM_DIR ]; then + source $NVM_DIR/nvm.sh + source $NVM_DIR/bash_completion +fi + set_node_to() { if check_exists nvm; then - nvm install v16.13.0 - nvm alias default v16.13.0 + nvm install $1 + nvm alias default $1 nvm use default else echo "nvm not available, something went wrong..." @@ -25,21 +33,14 @@ set_node_to() { install_nvm() { echo -e "${BOLD}Installing Node Version Manager${RESET}" - chmod +x scripts/nvm_install.sh - scripts/nvm_install.sh &> /dev/null - - remember "NVM_DIR=$HOME/.nvm" - [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm - [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion - - case $SHELL in - "/bin/zsh") - source ~/.zshrc - ;; - "/bin/bashrc") - source ~/.bashrc - ;; - esac + if [ -n $NVM_DIR ]; then + echo "nvm already installed! skipping" + else + chmod +x scripts/nvm_install.sh + scripts/nvm_install.sh &> /dev/null + + remember "NVM_DIR=$HOME/.nvm" + fi } IRON=1 diff --git a/ingredients/lead b/ingredients/lead index e6ba4c8..9ee29b6 100644 --- a/ingredients/lead +++ b/ingredients/lead @@ -100,8 +100,13 @@ install_if_needed() { done } -# This one looks like gibberish because we're using regex, don't worry. +# These two might look like gibberish because we're using regex, don't worry. # It takes values and stores them away in the env for later reference +forget() { + unset ${1} + sed -i "/^${1}.*$/d" .env +} + remember() { KEY=$(echo ${1} | cut -d'=' -f 1) VALUE=$(echo ${1} | cut -d'=' -f 2) @@ -114,10 +119,13 @@ remember() { echo "Valid characters for env values: letters, numbers, \".\",\"/\",\"_\"" fi + # If we're setting a valid key/value pair if [[ ${1} =~ ^[A-Z_]+\=[A-Za-z0-9/._]*$ ]]; then - if [[ -n $(env | grep ${KEY}) ]]; then + + # If we're trying to set the value to something new + if [[ ! $(env | grep ${KEY}) = $1 ]]; then echo -e "${BLUE}${KEY}${RESET} has already been defined in the env!" - echo -n "would you like to overwrite it? ${BLUE}(y/n)${RESET} " + echo -en "would you like to overwrite it? ${BLUE}(y/n)${RESET} " read overwrite case $overwrite in "y" | "Y") @@ -128,10 +136,12 @@ remember() { ;; esac else + forget ${KEY} echo "${1}" >> .env export ${1} fi fi } + LEAD=1 diff --git a/recipes/ao.sh b/recipes/ao.sh index 9db2005..a5bb227 100755 --- a/recipes/ao.sh +++ b/recipes/ao.sh @@ -98,16 +98,19 @@ remember "AO=${AO}" echo "" if [ $AO = "3" ] || [ $AO = 'react' ]; then - if ! check_exists nvm; then + if [ -z $NVM_DIR ]; then install_nvm + source ingredients/iron else echo -e "${BLUE}Node${RESET} already installed" echo "" fi - echo "Setting Node to v16.13.0 for compatibility" + echo "Setting Node to ${BLUE}v16.13.0${RESET} for compatibility" set_node_to v16.13.0 + echo "" echo -e "${GREEN}Done!${RESET}" + echo "" fi if [ $AO = "3" ] || [ $AO = 'react' ]; then @@ -206,73 +209,13 @@ esac echo "" echo -e "You still there? I need to ask you some questions! \n\n${BLUE}(enter)${RESET}" read - echo "" - read -p "Do you have a domain name pointing to this computer? (y/n): " dns - echo "" - case $dns in - y | Y) - echo "Good to hear! What is it?" - read -p "http://" domain - ;; - *) - echo "Okay, let's just leave it open for now." - domain=$(dig @resolver4.opendns.com myip.opendns.com +short) - anywhere=1 - echo "Try accessing this AO from either localhost, 127.0.0.1, or ${domain}" - ;; - esac - - if [ "$anywhere" -eq 1 ]; then - ACCESS_POINT=http://localhost - else - ACCESS_POINT=https://$domain - fi - - echo "" - - # Making sure this version of NGINX supports sites-enabled - if [[ -z $(sudo cat /etc/nginx/nginx.conf | grep sites-enabled) ]]; then - sudo mkdir -p /etc/nginx/sites-available - sudo mkdir -p /etc/nginx/sites-enabled - sudo cp resources/base.nginx.conf /etc/nginx/nginx.conf - fi - sudo mkdir -p /etc/nginx/logs + initialize_nginx + make_site ao "FILE_ROOT=${HOME}/ao-${AO}/dist" + configure_domain_for_site ao + enable_ssl - AO_NGINX_CONF=/etc/nginx/sites-available/ao - sudo cp resources/ao.nginx.conf $AO_NGINX_CONF - - if [ -n $anywhere ]; then - sudo sed -i "s#SERVER_NAME#_#" $AO_NGINX_CONF - else - sudo sed -i "s#SERVER_NAME#${domain}#" $AO_NGINX_CONF - fi - - sudo sed -i "s#FILE_ROOT#${HOME}/ao-react/dist#" $AO_NGINX_CONF - - if [ ! -e /etc/nginx/sites-enabled/ao ]; then - sudo ln -s /etc/nginx/sites-available/ao /etc/nginx/sites-enabled/ - fi - echo "" - echo "Excellent! We've configured $AO_NGINX_CONF to serve your AO from $domain" - echo "" - - if [ -z $anywhere ]; then - read -p "Would you like to enable SSL via Certbot? (y/n): " -n1 ssl - echo "" - case $ssl in - y | Y) - echo "Alright, let's get Certbot in here!" - install_if_needed python3 certbot python3-certbot-nginx - echo -e "${BOLD}Take it away, Certbot${NC}" - sudo certbot --nginx - ;; - *) - echo "Yea, SSL is lame anyways..." - ;; - esac - fi - echo "" + echo -e "Excellent! We've configured this computer to serve your AO from ${BLUE}${ACCESS_POINT}${RESET}" # ------------------- Step 7 - Systemd Setup ------------------- diff --git a/recipes/wordpress.sh b/recipes/wordpress.sh index 7c11d91..25c8ef4 100755 --- a/recipes/wordpress.sh +++ b/recipes/wordpress.sh @@ -156,7 +156,7 @@ case $boot in esac echo "" WP_NGINX_CONF=/etc/nginx/sites-available/wp -sudo cp resources/wordpress.nginx.conf $WP_NGINX_CONF +sudo cp resources/nginx/wordpress.nginx.conf $WP_NGINX_CONF sudo sed -i "s#SERVER_NAME#${domain}#" $WP_NGINX_CONF sudo sed -i "s#FILE_ROOT#${WP_DIR}/wordpress#" $WP_NGINX_CONF sudo ln -s /etc/nginx/sites-available/wp /etc/nginx/sites-enabled/ diff --git a/resources/ao.nginx.conf b/resources/nginx/ao.nginx.conf similarity index 90% rename from resources/ao.nginx.conf rename to resources/nginx/ao.nginx.conf index 926fe20..aaf6b2a 100644 --- a/resources/ao.nginx.conf +++ b/resources/nginx/ao.nginx.conf @@ -2,7 +2,7 @@ server { listen 80 default_server; listen [::]:80 default_server; - server_name SERVER_NAME; + server_name _; root FILE_ROOT; index index.html; diff --git a/resources/base.nginx.conf b/resources/nginx/base.nginx.conf similarity index 100% rename from resources/base.nginx.conf rename to resources/nginx/base.nginx.conf diff --git a/resources/wordpress.nginx.conf b/resources/wordpress.nginx.conf deleted file mode 100644 index f84a734..0000000 --- a/resources/wordpress.nginx.conf +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 80 default_server; - listen [::]:80 default_server; - - server_name SERVER_NAME; - root FILE_ROOT; - index index.php; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /index.php?$args; - } - - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_intercept_errors on; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass unix:/run/php/php7.4-fpm.sock; - } -}