2023-05-26 20:35:50 +00:00
|
|
|
from io import StringIO
|
2024-03-11 15:59:17 +00:00
|
|
|
import importlib.resources
|
2023-05-26 20:35:50 +00:00
|
|
|
|
|
|
|
|
from pyinfra import host
|
|
|
|
|
from pyinfra.api.deploy import deploy
|
2023-07-07 07:08:25 +00:00
|
|
|
from pyinfra.operations import files, server, apt, systemd
|
2023-05-26 20:35:50 +00:00
|
|
|
from pyinfra.facts.deb import DebPackages
|
2023-07-07 07:08:25 +00:00
|
|
|
from pyinfra_acmetool import deploy_acmetool
|
2023-05-26 20:35:50 +00:00
|
|
|
|
2024-03-11 15:59:17 +00:00
|
|
|
def deploy_nginx():
|
2023-05-26 20:35:50 +00:00
|
|
|
if not host.get_fact(DebPackages):
|
|
|
|
|
raise DeployError(("Can't deploy prerequisites on non-deb system"))
|
|
|
|
|
|
2023-07-07 07:28:37 +00:00
|
|
|
apt.update(cache_time=3600 * 24)
|
|
|
|
|
|
2023-05-26 20:35:50 +00:00
|
|
|
apt.packages(
|
|
|
|
|
name = "Install nginx-extras",
|
|
|
|
|
packages = ["nginx-extras"],
|
|
|
|
|
)
|
|
|
|
|
|
2024-03-11 15:59:17 +00:00
|
|
|
|
|
|
|
|
def add_nginx_domain(domain: str, config_path: str = None, proxy_port: int = None, enabled=True, acmetool=True):
|
2023-07-07 07:08:25 +00:00
|
|
|
"""Let a domain be handled by nginx, create a Let's Encrypt certificate for it, and deploy the config.
|
|
|
|
|
|
|
|
|
|
:param domain: the domain of the website
|
|
|
|
|
:param config_path: the local path to the nginx config file
|
2024-03-11 15:59:17 +00:00
|
|
|
:param proxy_port: proxy_pass all HTTP traffic to some internal port
|
2023-07-07 07:08:25 +00:00
|
|
|
:param enabled: whether the site should be enabled at /etc/nginx/sites-enabled
|
2024-03-11 15:59:17 +00:00
|
|
|
:param acmetool: whether acmetool should fetch TLS certs for the domain
|
2023-07-07 07:08:25 +00:00
|
|
|
"""
|
|
|
|
|
default_config_link = files.link(
|
|
|
|
|
path="/etc/nginx/sites-enabled/default", present=False
|
|
|
|
|
)
|
2024-03-11 16:48:17 +00:00
|
|
|
if default_config_link.changed:
|
|
|
|
|
systemd.service(
|
|
|
|
|
name="reload nginx",
|
|
|
|
|
service="nginx.service",
|
|
|
|
|
reloaded=True,
|
|
|
|
|
)
|
2023-07-07 07:08:25 +00:00
|
|
|
|
2024-01-25 16:52:18 +00:00
|
|
|
if acmetool:
|
|
|
|
|
deploy_acmetool(nginx_hook=True, domains=[domain])
|
2023-07-07 07:08:25 +00:00
|
|
|
|
|
|
|
|
if enabled:
|
2024-03-11 15:59:17 +00:00
|
|
|
if config_path:
|
|
|
|
|
config = files.put(
|
|
|
|
|
src=config_path,
|
|
|
|
|
dest=f"/etc/nginx/sites-available/{domain}",
|
|
|
|
|
user="root",
|
|
|
|
|
group="root",
|
|
|
|
|
mode="644",
|
|
|
|
|
)
|
|
|
|
|
elif proxy_port:
|
|
|
|
|
config = files.template(
|
|
|
|
|
src=importlib.resources.files(__package__) / "proxy_pass.nginx_config.j2",
|
|
|
|
|
dest=f"/etc/nginx/sites-available/{domain}",
|
|
|
|
|
user="root",
|
|
|
|
|
group="root",
|
|
|
|
|
mode="644",
|
|
|
|
|
domain=domain,
|
|
|
|
|
proxy_port=proxy_port,
|
|
|
|
|
)
|
2023-07-07 07:08:25 +00:00
|
|
|
config_link = files.link(
|
|
|
|
|
path=f"/etc/nginx/sites-enabled/{domain}",
|
|
|
|
|
target=f"/etc/nginx/sites-available/{domain}",
|
|
|
|
|
user="root",
|
|
|
|
|
group="root",
|
|
|
|
|
present=enabled,
|
|
|
|
|
)
|
2023-07-07 07:28:37 +00:00
|
|
|
if config.changed or config_link.changed:
|
|
|
|
|
need_restart = True
|
2023-07-07 07:08:25 +00:00
|
|
|
|
|
|
|
|
systemd.service(
|
|
|
|
|
name="NGINX should be enabled and running",
|
|
|
|
|
service="nginx.service",
|
|
|
|
|
running=True,
|
|
|
|
|
enabled=True,
|
|
|
|
|
restarted=need_restart,
|
|
|
|
|
)
|
|
|
|
|
|
