Add dumpsite setup.

diff --git a/buster/apt-mark/dumpsite b/buster/apt-mark/dumpsite
new file mode 100644 (file)
index 0000000..6cab441
--- /dev/null
+++ b/buster/apt-mark/dumpsite
@@ -0,0 +1 @@
+pwgen

diff --git a/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx b/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx
new file mode 100644 (file)
index 0000000..bb723d2
--- /dev/null
+++ b/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx
@@ -0,0 +1,18 @@
+server {
+    listen 443 ssl;
+    server_name REPLACE_fqdn_ECALPER;
+    ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+    root /var/www-dump/;
+    index index.html index.htm index.nginx-debian.html;
+
+    location /dump/ {
+        autoindex on;
+    }
+
+    location /geheim/ {
+        auth_basic "geheim geheim";
+        auth_basic_user_file /var/www-dump/password_geheim;
+        autoindex on;
+    }
+}

diff --git a/buster/setup_scripts/setup_dumpsite.sh b/buster/setup_scripts/setup_dumpsite.sh
new file mode 100755 (executable)
index 0000000..7d0a464
--- /dev/null
+++ b/buster/setup_scripts/setup_dumpsite.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+set -e
+set -x
+w
+if [ "$#" -ne 2 ]; then
+    echo 'Need domain name and mail.'
+    false
+fi
+domain="$1"
+mail="$2"
+
+# Install configs, set up firewall.
+config_tree_prefix="${HOME}/config/buster"
+./install_for_target.sh web dumpsite
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Set up dump dirs.
+mkdir /var/www-dump
+chown plom:plom /var/www-dump
+dump_dir=dump
+geheim_dir=geheim
+su -lc "mkdir ${dump_dir} ${geheim_dir}"
+su -lc "ln -s ${dump_dir} /var/www-dump/${dump_dir}" plom
+su -lc "ln -s ${geheim_dir} /var/www-dump/${geheim_dir}" plom
+password_geheim=$(pwgen -1)
+echo "foo:${password_geheim}" > /var/www-dump/password_geheim
+
+# Prepare NGINX.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx
+ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx
+
+service nginx restart

diff --git a/buster/setup_scripts/setup_website.sh b/buster/setup_scripts/setup_website.sh
index a79468a52abee687fa13326f45285e8c8cca2aa8..5c8d00ce30cf7f2843ae27970cb376591f43a67e 100755 (executable)
--- a/buster/setup_scripts/setup_website.sh
+++ b/buster/setup_scripts/setup_website.sh
@@ -1,7 +1,5 @@
 #!/bin/sh
 set -e
 #!/bin/sh
 set -e

-set -x
-# Heavily inspired by <https://docs-develop.pleroma.social/backend/installation/debian_based_en/>

 
 if [ "$#" -ne 4 ]; then
     echo 'Need domain name and mail and old server IP and key ID as argument.'
 
 if [ "$#" -ne 4 ]; then
     echo 'Need domain name and mail and old server IP and key ID as argument.'


@@ -35,7 +33,7 @@ sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf
 sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx
 ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx
 
 sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx
 ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx
 

-# Set up website.
+# Set up website. TODO: use non-/var/www dir for better separation to dump site

 rm -rf /var/www
 mkdir /var/www
 chown plom:plom /var/www
 rm -rf /var/www
 mkdir /var/www
 chown plom:plom /var/www