From e61e4e9a8b40fbde2e33a8ceb94bbc68899a1d87 Mon Sep 17 00:00:00 2001 From: Shane Date: Sun, 11 Jan 2026 01:03:28 +0000 Subject: [PATCH] working? --- Makefile | 31 ++++++------ etc/nginx/conf.d/git-http.conf | 1 - scripts/deploy.sh | 89 ++++++++++++++++++++++------------ 3 files changed, 74 insertions(+), 47 deletions(-) diff --git a/Makefile b/Makefile index 670c229..dd57648 100644 --- a/Makefile +++ b/Makefile @@ -67,34 +67,35 @@ certbot/nginx: ##H @Remote Run certbot on remote VPS @echo "Running certbot on $(VPS_HOST)..." ssh -t $(VPS) "sudo certbot --nginx" +# Direct Local Deployment (No Staging) .PHONY: diff/local -diff/local: _stage/local ##H @Local Show diff locally (supports SUDO_USER) +diff/local: ##H @Local Show diff against system config ifdef SUDO_USER @echo "Checking diff locally as $(SUDO_USER)..." - su -P $(SUDO_USER) -c "bash /tmp/nginx-staging/deploy.sh diff" + su -P $(SUDO_USER) -c "bash scripts/deploy.sh diff" else @echo "Checking diff locally..." - bash ~/.nginx-staging/deploy.sh diff + bash scripts/deploy.sh diff endif -.PHONY: deploy/local -deploy/local: _stage/local ##H @Local Deploy files locally (supports SUDO_USER) +.PHONY: test/local +test/local: ##H @Local Test current configuration ifdef SUDO_USER - @echo "Deploying locally as $(SUDO_USER)..." - su -P $(SUDO_USER) -c "bash /tmp/nginx-staging/deploy.sh" + @echo "Testing locally as $(SUDO_USER)..." + su -P $(SUDO_USER) -c "bash scripts/deploy.sh test" else - @echo "Deploying locally..." - bash $(HOME)/.nginx-staging/deploy.sh + @echo "Testing locally..." + bash scripts/deploy.sh test endif -.PHONY: test/local -test/local: _stage/local ##H @Local Test staged configuration locally (supports SUDO_USER) +.PHONY: deploy/local +deploy/local: ##H @Local Deploy current configuration to system ifdef SUDO_USER - @echo "Testing locally as $(SUDO_USER)..." - su -P $(SUDO_USER) -c "bash /tmp/nginx-staging/deploy.sh test" + @echo "Deploying locally as $(SUDO_USER)..." + su -P $(SUDO_USER) -c "bash scripts/deploy.sh" else - @echo "Testing locally..." - bash $(HOME)/.nginx-staging/deploy.sh test + @echo "Deploying locally..." + bash scripts/deploy.sh endif .PHONY: certbot/local diff --git a/etc/nginx/conf.d/git-http.conf b/etc/nginx/conf.d/git-http.conf index 56344bb..91120d7 100644 --- a/etc/nginx/conf.d/git-http.conf +++ b/etc/nginx/conf.d/git-http.conf @@ -1,5 +1,4 @@ server { - listen 80; server_name git.nutra.tk; # Gitweb UI at root diff --git a/scripts/deploy.sh b/scripts/deploy.sh index f68d09e..761275c 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -1,40 +1,63 @@ #!/bin/bash set -e -# Staging directory expected to be populated by the caller (Makefile) -# We default to the directory containing this script. -STAGING_DIR=$(dirname "$(realpath "$0")") -CONF_DIR=/etc/nginx/conf.d +# Default to the parent directory of this script (Repo Root) +REPO_ROOT=$(dirname "$(dirname "$(realpath "$0")")") +NGINX_CONF_SRC="$REPO_ROOT/etc/nginx/conf.d" +GITWEB_CONF_SRC="$REPO_ROOT/etc/gitweb.conf" +DEST_CONF_DIR="/etc/nginx/conf.d" -echo "Detected changes (diff):" -# Diff existing vs staging. "|| true" prevents exit on diff found. -diff -u -r --color=always "$CONF_DIR/" "$STAGING_DIR/" || true -echo "" +# Helper to check if file is text (decrypted) +is_text_file() { + grep -qI . "$1" +} + +echo "Source: $REPO_ROOT" if [ "$1" = "diff" ]; then - # echo "Diff check complete." - # rm -rf "$STAGING_DIR" + echo "Detected changes (diff):" + # We can't use simple diff -r because we need to exclude secrets.conf if encrypted + # So we loop through source files + for FILE in "$NGINX_CONF_SRC"/*.conf; do + BASENAME=$(basename "$FILE") + if [ "$BASENAME" = "secrets.conf" ] && ! is_text_file "$FILE"; then + echo "Skipping encrypted secrets.conf diff..." + continue + fi + diff -u --color=always "$DEST_CONF_DIR/$BASENAME" "$FILE" || true + done exit 0 fi if [ "$1" = "test" ]; then - echo "Running pre-flight validation on staged config..." - TMP_NGINX_CONF=$(mktemp) + echo "Running pre-flight validation..." + TMP_WORK_DIR=$(mktemp -d) + TMP_NGINX_CONF="$TMP_WORK_DIR/nginx.conf" + TMP_CONF_D="$TMP_WORK_DIR/conf.d" + mkdir -p "$TMP_CONF_D" + + # Copy config files to temp dir for testing, respecting secrets + for FILE in "$NGINX_CONF_SRC"/*.conf; do + BASENAME=$(basename "$FILE") + if [ "$BASENAME" = "secrets.conf" ] && ! is_text_file "$FILE"; then + echo "Skipping encrypted secrets.conf for test..." + continue + fi + cp "$FILE" "$TMP_CONF_D/" + done - # Create a temporary nginx.conf that points to STAGING_DIR instead of /etc/nginx/conf.d - # We assume the standard include is "/etc/nginx/conf.d/*.conf" - # We strictly replace that string with our staging path. - sed "s|/etc/nginx/conf.d/\*\.conf|$STAGING_DIR/*.conf|g" /etc/nginx/nginx.conf >"$TMP_NGINX_CONF" + # Generate test nginx.conf + # We strictly replace the include path + sed "s|/etc/nginx/conf.d/\*\.conf|$TMP_CONF_D/*.conf|g" /etc/nginx/nginx.conf >"$TMP_NGINX_CONF" if sudo nginx -t -c "$TMP_NGINX_CONF"; then echo "✓ Pre-flight validation passed." - # Run debug dump by default for test target sudo nginx -T -c "$TMP_NGINX_CONF" - rm "$TMP_NGINX_CONF" + rm -rf "$TMP_WORK_DIR" exit 0 else echo "✗ Pre-flight validation FAILED." - rm "$TMP_NGINX_CONF" + rm -rf "$TMP_WORK_DIR" exit 1 fi fi @@ -43,15 +66,20 @@ fi BACKUP_DIR=~/nginx_backup_$(date +%s) echo "Creating backup at $BACKUP_DIR..." mkdir -p "$BACKUP_DIR" - -# Backup existing configs if they exist -if sudo ls "$CONF_DIR"/*.conf >/dev/null 2>&1; then - sudo cp "$CONF_DIR"/*.conf "$BACKUP_DIR/" +if sudo ls "$DEST_CONF_DIR"/*.conf >/dev/null 2>&1; then + sudo cp "$DEST_CONF_DIR"/*.conf "$BACKUP_DIR/" fi +[ -f /etc/gitweb.conf ] && sudo cp /etc/gitweb.conf "$BACKUP_DIR/gitweb.conf" echo "Installing new configurations..." -sudo mv "$STAGING_DIR"/*.conf "$CONF_DIR/" -sudo rm -rf "$STAGING_DIR" +for FILE in "$NGINX_CONF_SRC"/*.conf; do + BASENAME=$(basename "$FILE") + if [ "$BASENAME" = "secrets.conf" ] && ! is_text_file "$FILE"; then + echo "Skipping encrypted secrets.conf..." + continue + fi + sudo cp "$FILE" "$DEST_CONF_DIR/" +done echo "Verifying configuration..." if [ -n "$DEBUG" ]; then @@ -64,18 +92,17 @@ if sudo nginx -t; then echo "Configuration is valid. Reloading Nginx..." sudo nginx -s reload - # Deploy gitweb.conf if it exists in staging - if [ -f "$STAGING_DIR/gitweb.conf.perl" ]; then + # Deploy gitweb.conf if it exists + if [ -f "$GITWEB_CONF_SRC" ]; then echo "Deploying gitweb.conf..." - # Backup existing - [ -f /etc/gitweb.conf ] && sudo cp /etc/gitweb.conf $BACKUP_DIR/gitweb.conf - sudo cp "$STAGING_DIR/gitweb.conf.perl" /etc/gitweb.conf + sudo cp "$GITWEB_CONF_SRC" /etc/gitweb.conf fi echo "✓ Deployment successful." else echo "✗ Configuration failed validation! Rolling back..." - sudo cp "$BACKUP_DIR"/*.conf "$CONF_DIR/" + sudo cp "$BACKUP_DIR"/*.conf "$DEST_CONF_DIR/" + [ -f "$BACKUP_DIR/gitweb.conf" ] && sudo cp "$BACKUP_DIR/gitweb.conf" /etc/gitweb.conf echo "Rollback complete. Verifying rollback..." sudo nginx -t exit 1 -- 2.52.0