First attempt at static website setup.

diff --git a/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx b/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx
new file mode 100644 (file)
index 0000000..a1e57d0
--- /dev/null
+++ b/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx
@@ -0,0 +1,8 @@
+server {
+    listen 443 ssl;
+    server_name REPLACE_fqdn_ECALPER;
+    ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+    root /var/www/html/;
+    index index.html index.htm index.nginx-debian.html;
+}

diff --git a/buster/setup_scripts/setup_web_static.sh b/buster/setup_scripts/setup_web_static.sh
new file mode 100644 (file)
index 0000000..b841507
--- /dev/null
+++ b/buster/setup_scripts/setup_web_static.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+set -e
+set -x
+# Heavily inspired by <https://docs-develop.pleroma.social/backend/installation/debian_based_en/>
+
+if [ "$#" -ne 1 ]; then
+    echo 'Need domain name as argument.'
+    false
+fi
+domain="$1"
+
+# Install configs, set up firewall.
+config_tree_prefix="${HOME}/config/buster"
+./install_for_target.sh web
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Prepare NGINX config for Pleroma.
+sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/static.nginx
+ln -s /etc/nginx/sites-available/static.nginx /etc/nginx/sites-enabled/static.nginx
+
+service nginx restart