grenade/moments
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: conventional paths, oolon fqdn, public cert

Browse Source
This commit is contained in:
rob thijssen
2026-05-04 07:54:23 +03:00
parent abce3803ca
commit c81512fa3e
5 changed files with 31 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
script/certify.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
tld=rob.tn
fqdn=${tld}
sudo certbot certonly \
-m ops@${tld} \
--agree-tos \
--no-eff-email \
--noninteractive \
--cert-name ${fqdn} \
--expand \
--allow-subset-of-names \
--key-type ecdsa \
--dns-cloudflare \
--dns-cloudflare-credentials /root/.cloudflare/${tld} \
--dns-cloudflare-propagation-seconds 60 \
-d ${fqdn}

10
script/deploy.sh
View File

@@ -277,7 +277,7 @@ deploy_web() {
log "web -> $host"
if (( dry_run )); then
printf '\033[2m[dry-run]\033[0m rsync ui/dist/ to %s:/var/www/moments/ + nginx config, run nginx -t/reload on %s\n' \
printf '\033[2m[dry-run]\033[0m rsync ui/dist/ to %s:/var/www/rob.tn/ + nginx config, run nginx -t/reload on %s\n' \
"$host" "$host" >&2
return 0
fi
@@ -286,15 +286,15 @@ deploy_web() {
stage="$(mktemp -d)"
trap "rm -rf '$stage'" RETURN
install -d "$stage/var/www/moments" "$stage/etc/nginx/conf.d"
install -d "$stage/var/www/rob.tn" "$stage/etc/nginx/conf.d"
rsync -a "${repo_root}/ui/dist/" "$stage/var/www/moments/"
rsync -a "${repo_root}/ui/dist/" "$stage/var/www/rob.tn/"
install -m 0644 "${repo_root}/asset/nginx/rob.tn.conf" "$stage/etc/nginx/conf.d/rob.tn.conf"
if (( dry_run )); then
printf '\033[2m[dry-run]\033[0m rsync staged -> %s:/\n' "$host" >&2
else
rsync -aHAX --delete --rsync-path="sudo rsync" "$stage/var/www/moments/" "${host}:/var/www/moments/"
rsync -aHAX --delete --rsync-path="sudo rsync" "$stage/var/www/rob.tn/" "${host}:/var/www/rob.tn/"
rsync -aHAX --rsync-path="sudo rsync" "$stage/etc/nginx/conf.d/rob.tn.conf" "${host}:/etc/nginx/conf.d/rob.tn.conf"
fi
@@ -311,7 +311,7 @@ if ! semanage port -l | awk '{print $1, $3}' | grep -qE "^http_port_t .*42424";
semanage port -m -t http_port_t -p tcp 42424
fi
restorecon -Rv /var/www/moments /etc/nginx/conf.d/rob.tn.conf
restorecon -Rv /var/www/rob.tn /etc/nginx/conf.d/rob.tn.conf
if ! nginx -t; then
echo "nginx config check failed" >&2