From 85f1e1508089bbaa01b9a5240f802dd2ac817544 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Sun, 17 Apr 2016 22:55:03 +0200
Subject: [PATCH] Set up nodrama bot and letsencrypt infrastructure.

---
 bin/broiler_in.sh              |  3 +++
 bin/install_certs.sh           |  6 ++++++
 bin/plomlombot.sh              |  2 +-
 bin/renew_certs.sh             |  3 +++
 jessie_postinstall.sh          | 19 +++++++++++++++----
 systemfiles/nginx.conf         | 17 +++++++++++++++--
 systemfiles/plomlombot.service |  2 +-
 7 files changed, 44 insertions(+), 8 deletions(-)
 create mode 100755 bin/broiler_in.sh
 create mode 100755 bin/install_certs.sh
 create mode 100755 bin/renew_certs.sh

diff --git a/bin/broiler_in.sh b/bin/broiler_in.sh
new file mode 100755
index 0000000..5b16ddd
--- /dev/null
+++ b/bin/broiler_in.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd ~/plomlombot-irc
+./run.sh -r 604800 -n broiler_in "#nodrama.de"
diff --git a/bin/install_certs.sh b/bin/install_certs.sh
new file mode 100755
index 0000000..ea04482
--- /dev/null
+++ b/bin/install_certs.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+set -x
+
+~/letsencrypt-auto certonly --webroot -w /var/www/html -d dump.plomlompom.com 
diff --git a/bin/plomlombot.sh b/bin/plomlombot.sh
index 3ee9073..01d0a7b 100755
--- a/bin/plomlombot.sh
+++ b/bin/plomlombot.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 cd ~/plomlombot-irc
-./run.sh "#zrolaps"
+./run.sh -r 604800 "#zrolaps"
diff --git a/bin/renew_certs.sh b/bin/renew_certs.sh
new file mode 100755
index 0000000..a1a2b96
--- /dev/null
+++ b/bin/renew_certs.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+~/letsencrypt/letsencrypt-auto renew --webroot -w /var/www/html/
diff --git a/jessie_postinstall.sh b/jessie_postinstall.sh
index 821b4b3..e4ea6c7 100755
--- a/jessie_postinstall.sh
+++ b/jessie_postinstall.sh
@@ -219,8 +219,8 @@ if [ "$1" = "server" ]; then
 
     elif [ "$2" = "public" ]; then
 
-        # Set up htwtxt environment.
-        apt-get -y install screen nginx
+        # Set up htwtxt and environment.
+        apt-get -y install screen
         apt-get -y -t jessie-backports install golang
         su - plom -c 'git clone https://github.com/plomlompom/htwtxt $GOPATH/src/htwtxt'
         su - plom -c 'go get htwtxt'
@@ -230,7 +230,13 @@ if [ "$1" = "server" ]; then
         cp config/systemfiles/htwtxt_restart_reminder.service \
             /etc/systemd/system/htwtxt_restart_reminder.service
         systemctl enable /etc/systemd/system/htwtxt_restart_reminder.service
+
+        # Set up nginx and letsencrypt.
+        apt-get -y install nginx
         cp config/systemfiles/nginx.conf /etc/nginx/nginx.conf
+        cd ~
+        git clone https://github.com/letsencrypt/letsencrypt
+        echo '0 18 * * 0 ~/config/bin/renew_certs.sh' | crontab -
 
         # Set up plomlombot.
         apt-get -y install python3 python3-venv python3-pip
@@ -239,8 +245,13 @@ if [ "$1" = "server" ]; then
         cp config/systemfiles/plomlombot.service \
             /etc/systemd/system/plomlombot.service
         systemctl enable /etc/systemd/system/plomlombot.service
-        mkdir /var/www/irclogs_zrolaps/
+
+        # Set up plomlombot logging infrastructure.
+        mkdir -p /var/www/html/irclogs/
+        ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/3c0248e76a1de3a6ee5bf3421f7379b0/logs/ /var/www/html/irclogs/zrolaps/
         touch /var/www/password_irclogs_zrolaps
+        ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/657eea42f86866f2954d39f92a6c71ff/logs/ /var/www/html/irclogs/nodrama.de/
+        touch /var/www/password_irclogs_nodrama_de
     fi
 
 elif [ "$1" = "thinkpad" ]; then
@@ -299,4 +310,4 @@ passwd plom
 rm jessie_postinstall.sh
 
 # Finalize everything with a reboot.
-reboot
+echo 'You may reboot now with the "reboot" command unless there's more to do.'
diff --git a/systemfiles/nginx.conf b/systemfiles/nginx.conf
index 98626de..ac07114 100644
--- a/systemfiles/nginx.conf
+++ b/systemfiles/nginx.conf
@@ -25,11 +25,24 @@ http {
 
         # IRC logs server
         server {
+                listen 443 ssl;
+                server_name dump.plomlompom.com;
+                ssl_certificate /etc/letsencrypt/live/dump.plomlompom.com/fullchain.pem;
+                ssl_certificate_key /etc/letsencrypt/live/dump.plomlompom.com/privkey.pem;
                 location / {
-                        auth_basic "IRC logs";
+                        root /var/www/html/;
+                }
+                location /irclogs/zrolaps/ {
+                        auth_basic "#zrolaps logs";
                         auth_basic_user_file /var/www/password_irclogs_zrolaps;
                         autoindex on;
-                        root /var/www/irclogs_zrolaps/;
+                        root /var/www/html/irclogs/zrolaps/;
+                }
+                location /irclogs/zrolaps/ {
+                        auth_basic "#nodrama.de logs";
+                        auth_basic_user_file /var/www/password_irclogs_nodrama_de;
+                        autoindex on;
+                        root /var/www/html/irclogs/nodrama.de/;
                 }
         }
 
diff --git a/systemfiles/plomlombot.service b/systemfiles/plomlombot.service
index 5f4b0eb..8c464a2 100644
--- a/systemfiles/plomlombot.service
+++ b/systemfiles/plomlombot.service
@@ -6,7 +6,7 @@ Description=plomlombot screen
 [Service]
 Type=forking
 User=plom
-ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/plomlombot.sh'
+ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/plomlombot.sh && screen -d -m ~/config/bin/broiler_in.sh'
 
 [Install]
 WantedBy=multi-user.target
-- 
2.30.2