From f289afbbef0dd29a4a9f85dfe8f9ba79f315749f Mon Sep 17 00:00:00 2001
From: Christian Hagenest <mail@hagenest.dev>
Date: Wed, 24 Apr 2024 12:44:16 +0200
Subject: [PATCH] Add webroot param to add_nginx_domain (#70)

* add webroot param to add_nginx_domain

* add slash to webroot param docstring

Co-authored-by: missytake <missytake@systemli.org>

* make webroot notrequire proxyport

Co-authored-by: missytake <missytake@systemli.org>

* fix nginx template for webroot param

Co-authored-by: missytake <missytake@systemli.org>

* remove unneeded lines from webroot nginx config

* rename webroot jinja template

---------

Co-authored-by: missytake <missytake@systemli.org>
---
 pyinfra_nginx/nginx.py                | 13 ++++++++++++-
 pyinfra_nginx/webroot.nginx_config.j2 | 13 +++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 pyinfra_nginx/webroot.nginx_config.j2

diff --git a/pyinfra_nginx/nginx.py b/pyinfra_nginx/nginx.py
index d94f6c0..42b4830 100644
--- a/pyinfra_nginx/nginx.py
+++ b/pyinfra_nginx/nginx.py
@@ -18,11 +18,12 @@ def deploy_nginx():
         packages = ["nginx-extras"],
     )
 
-def add_nginx_domain(domain: str, config_path: str = None, proxy_port: int = None, enabled=True, acmetool=True):
+def add_nginx_domain(domain: str, config_path: str = None, webroot: str = None, proxy_port: int = None, enabled=True, acmetool=True):
     """Let a domain be handled by nginx, create a Let's Encrypt certificate for it, and deploy the config.
 
     :param domain: the domain of the website
     :param config_path: the local path to the nginx config file
+    :param webroot: path to a webroot directory, e.g. /var/www/staging/. Generates its own config from template.
     :param proxy_port: proxy_pass all HTTP traffic to some internal port
     :param enabled: whether the site should be enabled at /etc/nginx/sites-enabled
     :param acmetool: whether acmetool should fetch TLS certs for the domain
@@ -49,6 +50,16 @@ def add_nginx_domain(domain: str, config_path: str = None, proxy_port: int = Non
                 group="root",
                 mode="644",
             )
+        elif webroot:
+                config = files.template(
+                src=importlib.resources.files(__package__) / "webroot.nginx_config.j2",
+                dest=f"/etc/nginx/sites-available/{domain}",
+                user="root",
+                group="root",
+                mode="644",
+                webroot=webroot,
+                domain=domain,
+            )
         elif proxy_port:
             config = files.template(
                 src=importlib.resources.files(__package__) / "proxy_pass.nginx_config.j2",
diff --git a/pyinfra_nginx/webroot.nginx_config.j2 b/pyinfra_nginx/webroot.nginx_config.j2
new file mode 100644
index 0000000..83cb4fc
--- /dev/null
+++ b/pyinfra_nginx/webroot.nginx_config.j2
@@ -0,0 +1,13 @@
+server {
+    server_name {{ domain }};
+    root {{ webroot }};
+
+    location / {
+        try_files $uri $uri/ $uri.html =404;
+	}
+
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+    ssl_certificate /var/lib/acme/live/{{ domain }}/fullchain; # managed by acmetool
+    ssl_certificate_key /var/lib/acme/live/{{ domain }}/privkey; # managed by acmetool
+}