New architecture

src/templates/mod.rs

@@ -0,0 +1,3 @@
+pub mod nginx;
+pub mod php;
+pub mod systemd;

src/templates/nginx/mod.rs

@@ -0,0 +1,13 @@
+mod server;
+pub use server::*;
+
+use std::path::Path;
+pub fn acme_challenges_snippet<P: AsRef<Path>>(path: P) -> String {
+  format!(
+    "location ^~ /.well-known/acme-challenge/ {{
+  alias {}/;
+  try_files $uri =404;
+}}",
+    path.as_ref().to_str().unwrap()
+  )
+}

src/templates/nginx/server.rs

@@ -0,0 +1,202 @@
+use std::fmt::Display;
+use std::path::Path;
+
+pub fn default_server<P: AsRef<Path>>(challenges_snippet_path: P) -> String {
+  format!(
+    "server {{
+      listen                  80 default_server;
+      listen                  [::]:80 default_server;
+      include                 \"{}\";
+  }}",
+    challenges_snippet_path.as_ref().to_str().unwrap()
+  )
+}
+
+pub fn server_config<D: Display, C: AsRef<Path>, K: AsRef<Path>, T: Display, S: AsRef<Path>>(
+  domain: D,
+  cert_path: C,
+  key_path: K,
+  content: T,
+  challenges_snippet_path: S,
+) -> String {
+  format!(
+    "server {{
+    listen                  443 ssl http2;
+    listen                  [::]:443 ssl http2;
+    server_name             {};
+    include                 \"{}\";
+
+    ssl_certificate         {};
+    ssl_certificate_key     {};
+    add_header              Strict-Transport-Security \"max-age=31536000\";
+
+    {}
+}}
+
+# Redirect all HTTP links to the matching HTTPS page
+server {{
+    listen                  80;
+    listen                  [::]:80;
+    server_name             {0};
+    include                 \"{1}\";
+
+    location / {{
+      return 301 https://$host$request_uri;
+    }}
+}}
+",
+    domain,
+    challenges_snippet_path.as_ref().to_str().unwrap(),
+    cert_path.as_ref().to_str().unwrap(),
+    key_path.as_ref().to_str().unwrap(),
+    content
+  )
+}
+
+pub fn php_snippet<SOCKET: AsRef<Path>, STATIC: AsRef<Path>>(
+  index: &'static str,
+  socket_path: SOCKET,
+  static_path: STATIC,
+) -> String {
+  format!(
+    "root                {};
+    index               {};
+    location ~ [^/]\\.php(/|$) {{
+      fastcgi_pass      unix:{};
+      include           \"snippets/fastcgi-php.conf\";
+    }}",
+    static_path.as_ref().to_str().unwrap(),
+    index,
+    socket_path.as_ref().to_str().unwrap()
+  )
+}
+
+pub fn redir_snippet(target: &str) -> String {
+  format!(
+    "location / {{
+      return 301 $scheme://{}$request_uri;
+    }}",
+    target
+  )
+}
+
+pub trait SocketSpec {
+  fn to_nginx(&self) -> String;
+}
+
+impl<T: AsRef<Path>> SocketSpec for T {
+  fn to_nginx(&self) -> String {
+    format!("unix:{}:", self.as_ref().to_str().unwrap())
+  }
+}
+
+pub struct LocalTcpSocket(usize);
+
+impl LocalTcpSocket {
+  pub const fn new(x: usize) -> Self {
+    Self(x)
+  }
+}
+
+impl SocketSpec for LocalTcpSocket {
+  fn to_nginx(&self) -> String {
+    format!("localhost:{}", self.0)
+  }
+}
+
+pub fn proxy_snippet<S: SocketSpec, STATIC: AsRef<Path>>(
+  socket_path: &S,
+  static_path: STATIC,
+) -> String {
+  format!(
+    "root                    {};
+    location / {{
+      try_files             $uri @proxy;
+    }}
+
+    location @proxy {{
+      include               fastcgi_params;
+      proxy_pass            http://{};
+      proxy_redirect        off;
+    }}",
+    static_path.as_ref().to_str().unwrap(),
+    socket_path.to_nginx()
+  )
+}
+
+pub fn static_snippet<S: AsRef<Path>>(static_path: S) -> String {
+  format!(
+    "root                    {};
+      try_files $uri $uri/ $uri.html =404;
+    ",
+    static_path.as_ref().to_str().unwrap()
+  )
+}
+
+pub fn dokuwiki_snippet() -> String {
+  "
+  location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; }
+
+  location / { try_files $uri $uri/ @dokuwiki; }
+
+  location @dokuwiki {
+      # rewrites \"doku.php/\" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
+      rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+      rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+      rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+      rewrite ^/(.*) /doku.php?id=$1&$args last;
+  }".into()
+}
+
+pub fn nextcloud_snippet() -> String {
+  "
+  client_max_body_size 500M;
+
+  # Disable gzip to avoid the removal of the ETag header
+  gzip off;
+
+  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+  error_page 403 /core/templates/403.php;
+  error_page 404 /core/templates/404.php;
+
+  location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+  }
+
+  location ~ ^/(?:\\.htaccess|data|config|db_structure\\.xml|README) {
+    deny all;
+  }
+
+  location / {
+    # The following 2 rules are only needed with webfinger
+    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+
+    rewrite ^(/core/doc/[^\\/]+/)$ $1/index.html;
+
+    try_files $uri $uri/ /index.php;
+  }
+
+  # Adding the cache control header for js and css files
+  # Make sure it is BELOW the location ~ \\.php(?:$|/) { block
+  location ~* \\.(?:css|js)$ {
+    add_header Cache-Control \"public, max-age=7200\";
+    # Optional: Don't log access to assets
+    access_log off;
+  }
+
+  # Optional: Don't log access to other assets
+  location ~* \\.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
+    access_log off;
+  }
+  "
+  .into()
+}

src/templates/php.rs

@@ -0,0 +1,24 @@
+use std::path::Path;
+
+pub fn fpm_pool_config<U: AsRef<str>, S: AsRef<Path>>(
+  user_name: U,
+  socket_path: S,
+  max_children: usize,
+) -> String {
+  format!(
+    "[{0}]
+
+user = {0}
+group = www-data
+listen = {1}
+listen.owner = www-data
+pm = ondemand
+pm.max_children = {2}
+catch_workers_output = yes
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+",
+    user_name.as_ref(),
+    socket_path.as_ref().to_str().unwrap(),
+    max_children,
+  )
+}

src/templates/systemd.rs

@@ -0,0 +1,45 @@
+use std::path::Path;
+
+pub fn socket_service(
+  socket_path: impl AsRef<Path>,
+  exec: &str,
+  dir: impl AsRef<Path>,
+  additional: &str,
+) -> String {
+  format!(
+    "[Service]
+ExecStartPre=/bin/rm -f {}
+ExecStart={}
+WorkingDirectory={}
+Restart=always
+{}
+
+[Install]
+WantedBy=default.target
+  ",
+    socket_path.as_ref().to_str().unwrap(),
+    exec,
+    dir.as_ref().to_str().unwrap(),
+    additional
+  )
+}
+
+pub fn nodejs_service<N: AsRef<Path>, S: AsRef<Path>>(
+  nodejs_path: N,
+  socket_path: S,
+  dir: impl AsRef<Path>,
+) -> String {
+  socket_service(
+    &socket_path,
+    &format!("/usr/bin/nodejs {}", nodejs_path.as_ref().to_str().unwrap()),
+    dir,
+    &format!(
+      "Environment=NODE_ENV=production
+Environment=PORT={0}
+ExecStartPost=/bin/sh -c 'sleep 1 && chmod 666 {0}'
+#RuntimeDirectory=service
+#RuntimeDirectoryMode=766",
+      socket_path.as_ref().to_str().unwrap()
+    ),
+  )
+}