From: Christian Heller Date: Sun, 17 Apr 2016 20:55:03 +0000 (+0200) Subject: Set up nodrama bot and letsencrypt infrastructure. X-Git-Url: https://plomlompom.com/repos/conditions?a=commitdiff_plain;h=85f1e1508089bbaa01b9a5240f802dd2ac817544;p=config Set up nodrama bot and letsencrypt infrastructure. --- diff --git a/bin/broiler_in.sh b/bin/broiler_in.sh new file mode 100755 index 0000000..5b16ddd --- /dev/null +++ b/bin/broiler_in.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n broiler_in "#nodrama.de" diff --git a/bin/install_certs.sh b/bin/install_certs.sh new file mode 100755 index 0000000..ea04482 --- /dev/null +++ b/bin/install_certs.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +set -e +set -x + +~/letsencrypt-auto certonly --webroot -w /var/www/html -d dump.plomlompom.com diff --git a/bin/plomlombot.sh b/bin/plomlombot.sh index 3ee9073..01d0a7b 100755 --- a/bin/plomlombot.sh +++ b/bin/plomlombot.sh @@ -1,3 +1,3 @@ #!/bin/sh cd ~/plomlombot-irc -./run.sh "#zrolaps" +./run.sh -r 604800 "#zrolaps" diff --git a/bin/renew_certs.sh b/bin/renew_certs.sh new file mode 100755 index 0000000..a1a2b96 --- /dev/null +++ b/bin/renew_certs.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +~/letsencrypt/letsencrypt-auto renew --webroot -w /var/www/html/ diff --git a/jessie_postinstall.sh b/jessie_postinstall.sh index 821b4b3..e4ea6c7 100755 --- a/jessie_postinstall.sh +++ b/jessie_postinstall.sh @@ -219,8 +219,8 @@ if [ "$1" = "server" ]; then elif [ "$2" = "public" ]; then - # Set up htwtxt environment. - apt-get -y install screen nginx + # Set up htwtxt and environment. + apt-get -y install screen apt-get -y -t jessie-backports install golang su - plom -c 'git clone https://github.com/plomlompom/htwtxt $GOPATH/src/htwtxt' su - plom -c 'go get htwtxt' @@ -230,7 +230,13 @@ if [ "$1" = "server" ]; then cp config/systemfiles/htwtxt_restart_reminder.service \ /etc/systemd/system/htwtxt_restart_reminder.service systemctl enable /etc/systemd/system/htwtxt_restart_reminder.service + + # Set up nginx and letsencrypt. + apt-get -y install nginx cp config/systemfiles/nginx.conf /etc/nginx/nginx.conf + cd ~ + git clone https://github.com/letsencrypt/letsencrypt + echo '0 18 * * 0 ~/config/bin/renew_certs.sh' | crontab - # Set up plomlombot. apt-get -y install python3 python3-venv python3-pip @@ -239,8 +245,13 @@ if [ "$1" = "server" ]; then cp config/systemfiles/plomlombot.service \ /etc/systemd/system/plomlombot.service systemctl enable /etc/systemd/system/plomlombot.service - mkdir /var/www/irclogs_zrolaps/ + + # Set up plomlombot logging infrastructure. + mkdir -p /var/www/html/irclogs/ + ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/3c0248e76a1de3a6ee5bf3421f7379b0/logs/ /var/www/html/irclogs/zrolaps/ touch /var/www/password_irclogs_zrolaps + ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/657eea42f86866f2954d39f92a6c71ff/logs/ /var/www/html/irclogs/nodrama.de/ + touch /var/www/password_irclogs_nodrama_de fi elif [ "$1" = "thinkpad" ]; then @@ -299,4 +310,4 @@ passwd plom rm jessie_postinstall.sh # Finalize everything with a reboot. -reboot +echo 'You may reboot now with the "reboot" command unless there's more to do.' diff --git a/systemfiles/nginx.conf b/systemfiles/nginx.conf index 98626de..ac07114 100644 --- a/systemfiles/nginx.conf +++ b/systemfiles/nginx.conf @@ -25,11 +25,24 @@ http { # IRC logs server server { + listen 443 ssl; + server_name dump.plomlompom.com; + ssl_certificate /etc/letsencrypt/live/dump.plomlompom.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dump.plomlompom.com/privkey.pem; location / { - auth_basic "IRC logs"; + root /var/www/html/; + } + location /irclogs/zrolaps/ { + auth_basic "#zrolaps logs"; auth_basic_user_file /var/www/password_irclogs_zrolaps; autoindex on; - root /var/www/irclogs_zrolaps/; + root /var/www/html/irclogs/zrolaps/; + } + location /irclogs/zrolaps/ { + auth_basic "#nodrama.de logs"; + auth_basic_user_file /var/www/password_irclogs_nodrama_de; + autoindex on; + root /var/www/html/irclogs/nodrama.de/; } } diff --git a/systemfiles/plomlombot.service b/systemfiles/plomlombot.service index 5f4b0eb..8c464a2 100644 --- a/systemfiles/plomlombot.service +++ b/systemfiles/plomlombot.service @@ -6,7 +6,7 @@ Description=plomlombot screen [Service] Type=forking User=plom -ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/plomlombot.sh' +ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/plomlombot.sh && screen -d -m ~/config/bin/broiler_in.sh' [Install] WantedBy=multi-user.target