diff --git a/config/remote.yml.sample b/config/remote.yml.sample index 08315703e..0c7b54e24 100644 --- a/config/remote.yml.sample +++ b/config/remote.yml.sample @@ -1,5 +1,25 @@ +## +# /etc/rc.conf rc: hostname: + +## +# nginx +nginx: + root: + user: + worker: + process_count: + conn_count: + logs: + errors: + access: + ssl: + cert: + cert_key: + +## +# pf (firewall) pf: iface: pass: diff --git a/config/remote/usr.local.etc/nginx/enabled_sites/al-quran.reflectslight.io.conf.erb b/config/remote/usr.local.etc/nginx/enabled_sites/al-quran.reflectslight.io.conf.erb new file mode 100644 index 000000000..c5de6696e --- /dev/null +++ b/config/remote/usr.local.etc/nginx/enabled_sites/al-quran.reflectslight.io.conf.erb @@ -0,0 +1,19 @@ +server { + server_name <%= rc.hostname %>; + listen 80; + return 301 https://$host$request_uri; +} + +server { + gzip_static on; + server_name <%= rc.hostname %>; + listen 443 ssl; + ssl_certificate <%= nginx.ssl.cert %>; + ssl_certificate_key <%= nginx.ssl.cert_key %>; + error_log <%= nginx.logs.errors %> info; + access_log <%= nginx.logs.access %> combined; + add_header Strict-Transport-Security "max-age=31536000" always; + location / { + root <%= nginx.root %>; + } +} diff --git a/config/remote/usr.local.etc/nginx/mime.types b/config/remote/usr.local.etc/nginx/mime.types new file mode 100644 index 000000000..1c00d701a --- /dev/null +++ b/config/remote/usr.local.etc/nginx/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/config/remote/usr.local.etc/nginx/nginx.conf.erb b/config/remote/usr.local.etc/nginx/nginx.conf.erb new file mode 100644 index 000000000..dc5352a90 --- /dev/null +++ b/config/remote/usr.local.etc/nginx/nginx.conf.erb @@ -0,0 +1,13 @@ +worker_processes <%= nginx.worker.process_count %>; +user <%= nginx.user %>; + +events { + worker_connections <%= nginx.worker.conn_count %>; +} + +http { + server_tokens off; + include mime.types; + charset utf-8; + include /usr/local/etc/nginx/enabled_sites/*.conf; +} diff --git a/tasks/config.rake b/tasks/config.rake index 87f4b9a0d..fa12daed7 100644 --- a/tasks/config.rake +++ b/tasks/config.rake @@ -13,6 +13,11 @@ read_options = ->(env:) do end task "config:build", :env do |task, args| + Rake::Task["config:build:etc"].invoke(args[:env]) + Rake::Task["config:build:nginx"].invoke(args[:env]) +end + +task "config:build:etc", :env do |task, args| options = read_options.call(**args) context = ERBContext.with_locals(options) glob = File.join("config", args[:env], "etc", "*.conf.erb") @@ -25,3 +30,16 @@ task "config:build", :env do |task, args| system("cat #{dest} | less") if $stdin.gets.chomp == "y" end end + +task "config:build:nginx", :env do |task, args| + options = read_options.call(**args) + context = ERBContext.with_locals(options) + glob = File.join("config", args[:env], "usr.local.etc", "**", "*.conf.erb") + Dir.glob(glob).each do |file| + dest = File.join(File.dirname(file), File.basename(file, ".erb")) + File.binwrite dest, + ERB.new(File.binread(file), trim_mode: "-").result(context) + print "View #{dest} [y/n]:" + system("cat #{dest} | less") if $stdin.gets.chomp == "y" + end +end