diff options
| -rw-r--r-- | templates/docker-compose.yaml.template | 3 | ||||
| -rw-r--r-- | templates/nginx/common/http-listen | 2 | ||||
| -rw-r--r-- | templates/nginx/common/https-listen | 3 | ||||
| -rw-r--r-- | templates/nginx/conf.d/2fa.conf.template (renamed from templates/nginx/2fa.conf.template) | 6 | ||||
| -rw-r--r-- | templates/nginx/conf.d/code.conf.template (renamed from templates/nginx/code.conf.template) | 6 | ||||
| -rw-r--r-- | templates/nginx/conf.d/forbid_unknown_domain.conf (renamed from templates/nginx/forbid_unknown_domain.conf) | 5 | ||||
| -rw-r--r-- | templates/nginx/conf.d/git.conf.template (renamed from templates/nginx/git.conf.template) | 6 | ||||
| -rw-r--r-- | templates/nginx/conf.d/mail.conf.template (renamed from templates/nginx/mail.conf.template) | 6 | ||||
| -rw-r--r-- | templates/nginx/conf.d/root.conf.template (renamed from templates/nginx/root.conf.template) | 6 | ||||
| -rw-r--r-- | templates/nginx/conf.d/ssl.conf.template (renamed from templates/nginx/ssl.conf.template) | 0 | ||||
| -rw-r--r-- | templates/nginx/conf.d/timeline.conf.template (renamed from templates/nginx/timeline.conf.template) | 3 | ||||
| -rw-r--r-- | templates/nginx/conf.d/websocket.conf (renamed from templates/nginx/websocket.conf) | 0 | ||||
| -rw-r--r-- | tools/cru-py/cru/service/_template.py | 4 | ||||
| -rw-r--r-- | tools/cru-py/cru/template.py | 5 |
14 files changed, 30 insertions, 25 deletions
diff --git a/templates/docker-compose.yaml.template b/templates/docker-compose.yaml.template index 4ca1f1c..f2188e1 100644 --- a/templates/docker-compose.yaml.template +++ b/templates/docker-compose.yaml.template @@ -27,7 +27,8 @@ services: - "443:443" - "443:443/udp" volumes: - - "./generated/nginx:/etc/nginx/conf.d:ro" + - "./generated/nginx/conf.d:/etc/nginx/conf.d:ro" + - "./generated/nginx/common:/etc/nginx/common:ro" - "./data/certbot/certs:/etc/letsencrypt:ro" - "./data/certbot/webroot:/srv/acme:ro" - "blog-public:/srv/www/blog:ro" diff --git a/templates/nginx/common/http-listen b/templates/nginx/common/http-listen new file mode 100644 index 0000000..76cb18d --- /dev/null +++ b/templates/nginx/common/http-listen @@ -0,0 +1,2 @@ +listen 80; +listen [::]:80; diff --git a/templates/nginx/common/https-listen b/templates/nginx/common/https-listen new file mode 100644 index 0000000..db2f68e --- /dev/null +++ b/templates/nginx/common/https-listen @@ -0,0 +1,3 @@ +listen 443 ssl; +listen [::]:443 ssl; +http2 on; diff --git a/templates/nginx/2fa.conf.template b/templates/nginx/conf.d/2fa.conf.template index aad66c1..278e4a1 100644 --- a/templates/nginx/2fa.conf.template +++ b/templates/nginx/conf.d/2fa.conf.template @@ -1,7 +1,6 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; server_name 2fa.${CRUPEST_DOMAIN}; + include common/https-listen; location / { include common/proxy-common; @@ -10,9 +9,8 @@ server { } server { - listen 80; - listen [::]:80; server_name 2fa.${CRUPEST_DOMAIN}; + include common/http-listen; include common/https-redirect; include common/acme-challenge; diff --git a/templates/nginx/code.conf.template b/templates/nginx/conf.d/code.conf.template index a67500d..205c7ba 100644 --- a/templates/nginx/code.conf.template +++ b/templates/nginx/conf.d/code.conf.template @@ -1,7 +1,6 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; server_name code.${CRUPEST_DOMAIN}; + include common/https-listen; location / { include common/proxy-common; @@ -13,9 +12,8 @@ server { server { - listen 80; - listen [::]:80; server_name code.${CRUPEST_DOMAIN}; + include common/http-listen; include common/https-redirect; include common/acme-challenge; diff --git a/templates/nginx/forbid_unknown_domain.conf b/templates/nginx/conf.d/forbid_unknown_domain.conf index ae96393..515942b 100644 --- a/templates/nginx/forbid_unknown_domain.conf +++ b/templates/nginx/conf.d/forbid_unknown_domain.conf @@ -1,8 +1,9 @@ server { listen 80 default_server; listen [::]:80 default_server; - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + http2 on; return 444; } diff --git a/templates/nginx/git.conf.template b/templates/nginx/conf.d/git.conf.template index ea2a627..3a2948c 100644 --- a/templates/nginx/git.conf.template +++ b/templates/nginx/conf.d/git.conf.template @@ -1,7 +1,6 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; server_name git.${CRUPEST_DOMAIN}; + include common/https-listen; location / { include common/proxy-common; @@ -13,9 +12,8 @@ server { server { - listen 80; - listen [::]:80; server_name git.${CRUPEST_DOMAIN}; + include common/http-listen; include common/https-redirect; include common/acme-challenge; diff --git a/templates/nginx/mail.conf.template b/templates/nginx/conf.d/mail.conf.template index ba2e44e..40adf28 100644 --- a/templates/nginx/mail.conf.template +++ b/templates/nginx/conf.d/mail.conf.template @@ -1,7 +1,6 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; server_name mail.${CRUPEST_DOMAIN}; + include common/https-listen; location / { include common/proxy-common; @@ -18,9 +17,8 @@ server { server { - listen 80; - listen [::]:80; server_name mail.${CRUPEST_DOMAIN}; + include common/http-listen; include common/https-redirect; include common/acme-challenge; diff --git a/templates/nginx/root.conf.template b/templates/nginx/conf.d/root.conf.template index 3f20cf1..a0b08f8 100644 --- a/templates/nginx/root.conf.template +++ b/templates/nginx/conf.d/root.conf.template @@ -1,7 +1,6 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; server_name ${CRUPEST_DOMAIN}; + include common/https-listen; location / { root /srv/www; @@ -19,9 +18,8 @@ server { } server { - listen 80; - listen [::]:80; server_name ${CRUPEST_DOMAIN}; + include common/http-listen; include common/https-redirect; include common/acme-challenge; diff --git a/templates/nginx/ssl.conf.template b/templates/nginx/conf.d/ssl.conf.template index 54205f1..54205f1 100644 --- a/templates/nginx/ssl.conf.template +++ b/templates/nginx/conf.d/ssl.conf.template diff --git a/templates/nginx/timeline.conf.template b/templates/nginx/conf.d/timeline.conf.template index db908e8..a467594 100644 --- a/templates/nginx/timeline.conf.template +++ b/templates/nginx/conf.d/timeline.conf.template @@ -1,7 +1,6 @@ server { - listen 80; - listen [::]:80; server_name timeline.${CRUPEST_DOMAIN}; + include common/http-listen; include common/acme-challenge; } diff --git a/templates/nginx/websocket.conf b/templates/nginx/conf.d/websocket.conf index 32af4c3..32af4c3 100644 --- a/templates/nginx/websocket.conf +++ b/templates/nginx/conf.d/websocket.conf diff --git a/tools/cru-py/cru/service/_template.py b/tools/cru-py/cru/service/_template.py index ca2135f..b6affd1 100644 --- a/tools/cru-py/cru/service/_template.py +++ b/tools/cru-py/cru/service/_template.py @@ -1,4 +1,5 @@ from argparse import Namespace +import shutil from cru import CruIterator from cru.template import TemplateTree @@ -47,6 +48,8 @@ class TemplateManager(AppCommandFeatureProvider): def _generate_files(self, dry_run: bool) -> None: config_manager = self.app.get_feature(ConfigManager) + if not dry_run: + shutil.rmtree(self.generated_dir.full_path) self.template_tree.generate_to( self.generated_dir.full_path_str, config_manager.get_str_dict(), dry_run ) @@ -78,3 +81,4 @@ class TemplateManager(AppCommandFeatureProvider): self._generate_files(dry_run) if dry_run: print("Dry run successfully.") + print(f"Will delete dir {self.generated_dir.full_path_str}.") diff --git a/tools/cru-py/cru/template.py b/tools/cru-py/cru/template.py index 74a5c9a..9f0b560 100644 --- a/tools/cru-py/cru/template.py +++ b/tools/cru-py/cru/template.py @@ -142,6 +142,11 @@ class TemplateTree: ) -> None: for file, template in self.templates: des = CruPath(destination) / file + if self.template_file_suffix is not None and des.name.endswith( + self.template_file_suffix + ): + des = des.parent / (des.name[: -len(self.template_file_suffix)]) + text = template.generate(variables) if not dry_run: des.parent.mkdir(parents=True, exist_ok=True) |