|
8 | 8 | from io import StringIO |
9 | 9 | from pathlib import Path |
10 | 10 |
|
11 | | -from chatmaild.config import Config, read_config |
| 11 | +from chatmaild.config import read_config |
12 | 12 | from pyinfra import facts, host, logger |
13 | 13 | from pyinfra.api import FactBase |
14 | 14 | from pyinfra.facts.files import Sha256File |
|
26 | 26 | get_resource, |
27 | 27 | ) |
28 | 28 | from .dovecot.deployer import DovecotDeployer |
| 29 | +from .nginx.deployer import NginxDeployer |
29 | 30 | from .opendkim.deployer import OpendkimDeployer |
30 | 31 | from .postfix.deployer import PostfixDeployer |
31 | 32 | from .www import build_webpages, find_merge_conflict, get_paths |
@@ -208,116 +209,6 @@ def activate(self): |
208 | 209 | ) |
209 | 210 |
|
210 | 211 |
|
211 | | -def _configure_nginx(config: Config, debug: bool = False) -> bool: |
212 | | - """Configures nginx HTTP server.""" |
213 | | - need_restart = False |
214 | | - |
215 | | - main_config = files.template( |
216 | | - src=get_resource("nginx/nginx.conf.j2"), |
217 | | - dest="/etc/nginx/nginx.conf", |
218 | | - user="root", |
219 | | - group="root", |
220 | | - mode="644", |
221 | | - config={"domain_name": config.mail_domain}, |
222 | | - disable_ipv6=config.disable_ipv6, |
223 | | - ) |
224 | | - need_restart |= main_config.changed |
225 | | - |
226 | | - autoconfig = files.template( |
227 | | - src=get_resource("nginx/autoconfig.xml.j2"), |
228 | | - dest="/var/www/html/.well-known/autoconfig/mail/config-v1.1.xml", |
229 | | - user="root", |
230 | | - group="root", |
231 | | - mode="644", |
232 | | - config={"domain_name": config.mail_domain}, |
233 | | - ) |
234 | | - need_restart |= autoconfig.changed |
235 | | - |
236 | | - mta_sts_config = files.template( |
237 | | - src=get_resource("nginx/mta-sts.txt.j2"), |
238 | | - dest="/var/www/html/.well-known/mta-sts.txt", |
239 | | - user="root", |
240 | | - group="root", |
241 | | - mode="644", |
242 | | - config={"domain_name": config.mail_domain}, |
243 | | - ) |
244 | | - need_restart |= mta_sts_config.changed |
245 | | - |
246 | | - # install CGI newemail script |
247 | | - # |
248 | | - cgi_dir = "/usr/lib/cgi-bin" |
249 | | - files.directory( |
250 | | - name=f"Ensure {cgi_dir} exists", |
251 | | - path=cgi_dir, |
252 | | - user="root", |
253 | | - group="root", |
254 | | - ) |
255 | | - |
256 | | - files.put( |
257 | | - name="Upload cgi newemail.py script", |
258 | | - src=get_resource("newemail.py", pkg="chatmaild").open("rb"), |
259 | | - dest=f"{cgi_dir}/newemail.py", |
260 | | - user="root", |
261 | | - group="root", |
262 | | - mode="755", |
263 | | - ) |
264 | | - |
265 | | - return need_restart |
266 | | - |
267 | | - |
268 | | -class NginxDeployer(Deployer): |
269 | | - def __init__(self, config): |
270 | | - self.config = config |
271 | | - |
272 | | - def install(self): |
273 | | - # |
274 | | - # If we allow nginx to start up on install, it will grab port |
275 | | - # 80, which then will block acmetool from listening on the port. |
276 | | - # That in turn prevents getting certificates, which then causes |
277 | | - # an error when we try to start nginx on the custom config |
278 | | - # that leaves port 80 open but also requires certificates to |
279 | | - # be present. To avoid getting into that interlocking mess, |
280 | | - # we use policy-rc.d to prevent nginx from starting up when it |
281 | | - # is installed. |
282 | | - # |
283 | | - # This approach allows us to avoid performing any explicit |
284 | | - # systemd operations during the install stage (as opposed to |
285 | | - # allowing it to start and then forcing it to stop), which allows |
286 | | - # the install stage to run in non-systemd environments like a |
287 | | - # container image build. |
288 | | - # |
289 | | - # For documentation about policy-rc.d, see: |
290 | | - # https://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt |
291 | | - # |
292 | | - files.put( |
293 | | - src=get_resource("policy-rc.d"), |
294 | | - dest="/usr/sbin/policy-rc.d", |
295 | | - user="root", |
296 | | - group="root", |
297 | | - mode="755", |
298 | | - ) |
299 | | - |
300 | | - apt.packages( |
301 | | - name="Install nginx", |
302 | | - packages=["nginx", "libnginx-mod-stream"], |
303 | | - ) |
304 | | - |
305 | | - files.file("/usr/sbin/policy-rc.d", present=False) |
306 | | - |
307 | | - def configure(self): |
308 | | - self.need_restart = _configure_nginx(self.config) |
309 | | - |
310 | | - def activate(self): |
311 | | - systemd.service( |
312 | | - name="Start and enable nginx", |
313 | | - service="nginx.service", |
314 | | - running=True, |
315 | | - enabled=True, |
316 | | - restarted=self.need_restart, |
317 | | - ) |
318 | | - self.need_restart = False |
319 | | - |
320 | | - |
321 | 212 | class WebsiteDeployer(Deployer): |
322 | 213 | def __init__(self, config): |
323 | 214 | self.config = config |
|
0 commit comments