--- /dev/null
+# system integration
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+# is expected even if empty
+events {
+}
+
+http {
+ # define content-type headers
+ include /etc/nginx/mime.types;
+ charset utf-8;
+
+ # Some standard optimizations, i.e. Debian default. Explained in
+ # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
+ # Not that I understand it all …
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+
+ # logging deactivated due to GDPR
+ #access_log /var/log/nginx/access.log;
+ #error_log /var/log/nginx/error.log;
+ access_log off;
+ error_log off;
+
+ # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+
+ # Redirect all HTTP requests to HTTPS.
+ server {
+ listen 80;
+ return 301 https://$host$request_uri;
+ }
+}
--- /dev/null
+#!/bin/sh
+set -e
+
+if [ "$#" -ne 4 ]; then
+ echo 'Need domain name and mail and old server and repos source ("local" or "remote"?).'
+ false
+fi
+if [ ! "$4" = "local" ] && [ ! "$4" = "remote" ]; then
+ echo "Need legal repo source name."
+ false
+fi
+domain="$1"
+mail="$2"
+old_server="$3"
+repos_source="$4"
+
+read -p"Only continue if hostname is not domain of url_catcher's target mail address, else abort!" ignore
+
+# Install configs, set up firewall.
+echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
+echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections
+config_tree_prefix="${HOME}/config/bullseye"
+./install_for_target.sh web dumpsite
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Set up connection to old dump server.
+cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/
+chown plom:plom /home/plom/prepare_to_meet_server.sh
+su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+read -p'Hit Enter when you are done.' ignore
+rm /home/plom/prepare_to_meet_server.sh
+
+# Set up dump dirs.
+mkdir /var/www-dump
+chown plom:plom /var/www-dump
+dump_dir=dump
+geheim_dir=geheim
+su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom
+su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom
+cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/${dump_dir}" plom
+su -lc "./mirror_dir.sh ${old_server} /home/plom/${geheim_dir}" plom
+su -lc "scp plom@${old_server}:/var/www-dump/password_geheim ~" plom
+mv /home/plom/password_geheim /var/www-dump/password_geheim
+rm /home/plom/mirror_dir.sh
+
+# Set up redo.
+wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz
+tar -moxzf redo-sh.tar.gz -C /usr/local
+
+# Set up zettel.
+su -lc "git clone --mirror ${old_server}:zettel.git" plom
+cp "${config_tree_prefix}/other_files/zettel_hook_post-receive" /home/plom/zettel.git/hooks/post-receive
+su -lc "git clone ~/zettel.git && cd zettel && redo" plom
+su -lc "ln -s /home/plom/zettel /var/www-dump/zettel" plom
+# NOTE: Locally, to update content, clone zettel.git, not zettel.
+
+# Set up redo blog.
+su -lc "git clone --mirror ${old_server}:blog.git" plom
+cp "${config_tree_prefix}/other_files/blog_hook_post-receive" /home/plom/blog.git/hooks/post-receive
+su -lc "git clone ~/blog.git" plom
+# TODO: set up like plomlombot repo (with post-recieve hook)?
+if [ "$repos_source" = "local"]; then
+ su -lc "git clone /var/repos/redo-blog" plom
+else
+ su -lc "git clone https://plomlompom.com/repos/clone/redo-blog" plom
+fi
+su -lc "cd redo-blog && ./add_dir.sh ~/blog" plom
+su -lc "cd blog && redo" plom
+su -lc "ln -s /home/plom/blog/public /var/www-dump/blog" plom
+# NOTE: Locally, to update content, clone blog.git, not blog.
+
+# Set up url catcher.
+# TODO: set up like plomlombot repo (with post-recieve hook)?
+if [ "$repos_source" = "local"]; then
+ su -lc "git clone /var/repos/url-catcher" plom
+else
+ su -lc "git clone https://plomlompom.com/repos/clone/url-catcher" plom
+fi
+su -lc "cd url-catcher && ln -s ../blog/captchas/linkable/ captchas" plom
+cp "${config_tree_prefix}/other_files/url-catcher_customizations.json" /home/plom/url-catcher/customizations.json
+systemctl enable url_catcher.service
+service url_catcher start
+cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/ips" plom
+su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/lists" plom
+rm /home/plom/mirror_dir.sh
+
+# Set up index.html
+cp "${config_tree_prefix}/other_files/dumpsite_index.html" /var/www-dump/index.html
+
+# Prepare NGINX.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx
+ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx
+
+service nginx restart