X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fsv%2Fnginx%2Fremote.sh;fp=etc%2Fsv%2Fnginx%2Fremote.sh;h=e11e42307deacdd50ddf3316d0b7bbd3f6986b49;hb=eefc410c23df14d9e47bfc1eedcfb500d557c5a8;hp=0000000000000000000000000000000000000000;hpb=f1ea1df6ff4652bb89b232cb5fd5762c6fea4dcf;p=lhc%2Fateliers.git

diff --git a/etc/sv/nginx/remote.sh b/etc/sv/nginx/remote.sh
new file mode 100644
index 0000000..e11e423
--- /dev/null
+++ b/etc/sv/nginx/remote.sh
@@ -0,0 +1,25 @@
+for site in $(find "$tool"/etc/nginx/site.d \
+ -mindepth 1 -maxdepth 1 -type d \
+ -false ${@:+$(printf -- '-or -name %s\n' "$@")} \
+ -printf '%f\n')
+ do
+	if test -f "$tool"/etc/nginx/site.d/"$site"/x509_host
+	 then
+		rule _x509_site_key_decrypt \
+		 "$(cat "$tool"/etc/nginx/site.d/"$site"/x509_host)" |
+		rule ssh -l root ' \
+			sudo install -d -m 770 -o root -g root \
+			 /etc/nginx \
+			 /etc/nginx/x509.d \
+			 /etc/nginx/x509.d/'"'$site'"'; \
+			sudo install -m 644 -o root -g root /dev/stdin \
+			 /etc/nginx/x509.d/'"'$site'"'/.gitignore <<-EOF
+				key.pem
+				EOF
+			sudo install -m 400 -o root -g root /dev/stdin \
+			 /etc/nginx/x509.d/'"'$site'"'/key.pem
+		 '
+	 fi
+	test ! -r "$tool"/etc/nginx/site.d/"$site"/remote.sh ||
+	.         "$tool"/etc/nginx/site.d/"$site"/remote.sh
+ done