--- /dev/null
+for site in $(find "$tool"/etc/nginx/site.d \
+ -mindepth 1 -maxdepth 1 -type d \
+ -false ${@:+$(printf -- '-or -name %s\n' "$@")} \
+ -printf '%f\n')
+ do
+ if test -f "$tool"/etc/nginx/site.d/"$site"/x509_host
+ then
+ rule _x509_site_key_decrypt \
+ "$(cat "$tool"/etc/nginx/site.d/"$site"/x509_host)" |
+ rule ssh -l root ' \
+ sudo install -d -m 770 -o root -g root \
+ /etc/nginx \
+ /etc/nginx/x509.d \
+ /etc/nginx/x509.d/'"'$site'"'; \
+ sudo install -m 644 -o root -g root /dev/stdin \
+ /etc/nginx/x509.d/'"'$site'"'/.gitignore <<-EOF
+ key.pem
+ EOF
+ sudo install -m 400 -o root -g root /dev/stdin \
+ /etc/nginx/x509.d/'"'$site'"'/key.pem
+ '
+ fi
+ test ! -r "$tool"/etc/nginx/site.d/"$site"/remote.sh ||
+ . "$tool"/etc/nginx/site.d/"$site"/remote.sh
+ done