1 files changed, 72 insertions, 0 deletions
diff --git a/tool/modules/nginx.py b/tool/modules/nginx.py
new file mode 100755
index 0000000..6cb918c
--- /dev/null
+++ b/tool/modules/nginx.py
@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+
+from .template import Template
+from .path import nginx_template_dir
+import json
+import jsonschema
+import os
+import os.path
+import shutil
+
+with open(os.path.join(nginx_template_dir, 'server.json')) as f:
+    server = json.load(f)
+
+with open(os.path.join(nginx_template_dir, 'server.schema.json')) as f:
+    schema = json.load(f)
+
+jsonschema.validate(server, schema)
+
+root_template = Template(os.path.join(
+    nginx_template_dir, 'root.conf.template'))
+static_file_template = Template(os.path.join(
+    nginx_template_dir, 'static-file.conf.template'))
+reverse_proxy_template = Template(os.path.join(
+    nginx_template_dir, 'reverse-proxy.conf.template'))
+
+
+def nginx_config_gen(domain: str, dest: str) -> None:
+    if not os.path.isdir(dest):
+        raise ValueError('dest must be a directory')
+    # copy ssl.conf and https-redirect.conf which need no variable substitution
+    for filename in ['ssl.conf', 'https-redirect.conf']:
+        src = os.path.join(nginx_template_dir, filename)
+        dst = os.path.join(dest, filename)
+        shutil.copyfile(src, dst)
+    config = {"CRUPEST_DOMAIN": domain}
+    # generate root.conf
+    with open(os.path.join(dest, f'{domain}.conf'), 'w') as f:
+        f.write(root_template.generate(config))
+    # generate nginx config for each site
+    sites: list = server["sites"]
+    for site in sites:
+        if site["type"] not in ['static-file', 'reverse-proxy']:
+            continue
+        subdomain = site["subdomain"]
+        local_config = config.copy()
+        local_config['CRUPEST_NGINX_SUBDOMAIN'] = subdomain
+        match site["type"]:
+            case 'static-file':
+                template = static_file_template
+                local_config['CRUPEST_NGINX_ROOT'] = site["root"]
+            case 'reverse-proxy':
+                template = reverse_proxy_template
+                local_config['CRUPEST_NGINX_UPSTREAM_NAME'] = site["upstream"]["name"]
+                local_config['CRUPEST_NGINX_UPSTREAM_SERVER'] = site["upstream"]["server"]
+        with open(os.path.join(dest, f'{subdomain}.{domain}.conf'), 'w') as f:
+            f.write(template.generate(local_config))
+
+
+def list_domains(domain: str) -> list[str]:
+    return [domain, *server.sites.map(lambda s: f"{s.subdomain}.{domain}")]
+
+
+def certbot_command_gen(domain: str, action, test=False) -> str:
+    domains = list_domains(domain)
+    match action:
+        case 'create':
+            # create with standalone mode
+            return f'docker run -it --name certbot -v "./data/certbot/certs:/etc/letsencrypt" -v "./data/certbot/data:/var/lib/letsencrypt" certbot/certbot certonly --standalone -d {" -d ".join(domains)}{ " --test-cert" if test else "" }'
+        case 'renew':
+            # renew with webroot mode
+            return f'docker run -it --name certbot -v "./data/certbot/certs:/etc/letsencrypt" -v "./data/certbot/data:/var/lib/letsencrypt" -v "./data/certbot/webroot:/var/www/certbot" certbot/certbot renew --webroot -w /var/www/certbot'
+    raise ValueError('Invalid action')