You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
89 lines
3.0 KiB
89 lines
3.0 KiB
use command_runner::{CommandRunner, SetuidCommandRunner};
|
|
use symbols::{Action, Symbol, SymbolRunner};
|
|
use symbols::acme::{AcmeCert, AcmeCertChain};
|
|
use symbols::file::File;
|
|
use symbols::hook::Hook;
|
|
use symbols::list::ListAction;
|
|
use symbols::nginx::server::NginxServer;
|
|
use symbols::systemd::reload::ReloadService;
|
|
use symbols::tls::SelfSignedTlsCert;
|
|
|
|
pub struct SymbolFactory<'a, C: 'a + CommandRunner, R: 'a + SymbolRunner>{
|
|
command_runner: &'a C,
|
|
acme_command_runner: SetuidCommandRunner<'a, C>,
|
|
symbol_runner: &'a R
|
|
}
|
|
|
|
impl<'b, C: 'b + CommandRunner, R: 'b + SymbolRunner> SymbolFactory<'b, C, R> {
|
|
pub fn new(command_runner: &'b C, symbol_runner: &'b R) -> Self {
|
|
let acme_user = "acme"; // FIXME: CONFIG
|
|
|
|
let acme_command_runner = SetuidCommandRunner::new(acme_user, command_runner);
|
|
SymbolFactory { command_runner: command_runner, acme_command_runner: acme_command_runner, symbol_runner: symbol_runner }
|
|
}
|
|
|
|
pub fn get_nginx_acme_server<'a, 'c: 'a, S: 'a + Symbol>(&'c self, host: &'static str, nginx_server_symbol: S) -> Box<Action + 'a> {
|
|
Box::new(ListAction::new(vec![
|
|
Box::new(SelfSignedTlsCert::new(
|
|
host.into(),
|
|
self.command_runner
|
|
)).into_action(self.symbol_runner),
|
|
Box::new(Hook::new(
|
|
nginx_server_symbol,
|
|
ReloadService::new("nginx", self.command_runner)
|
|
)).into_action(self.symbol_runner),
|
|
Box::new(AcmeCert::new(
|
|
host.into(),
|
|
&self.acme_command_runner
|
|
)).into_action(self.symbol_runner),
|
|
Box::new(Hook::new(
|
|
AcmeCertChain::new(
|
|
host.into(),
|
|
&self.acme_command_runner
|
|
),
|
|
ReloadService::new("nginx", self.command_runner)
|
|
)).into_action(self.symbol_runner)
|
|
]))
|
|
}
|
|
pub fn get_nginx_acme_challenge_config<'a>(&'a self) -> Box<Action + 'a> {
|
|
Box::new(File::new(
|
|
"/etc/nginx/snippets/acme-challenge.conf", "location ^~ /.well-known/acme-challenge/ {
|
|
alias /home/acme/challenges/;
|
|
try_files $uri =404;
|
|
}"
|
|
)).into_action(self.symbol_runner)
|
|
}
|
|
|
|
fn get_php_fpm_pool_socket_path<'a>(&'a self, user_name: &'static str) -> String {
|
|
format!("/run/php/{}.sock", user_name)
|
|
}
|
|
|
|
pub fn get_php_fpm_pool<'a>(&'a self, user_name: &'static str) -> Box<Action + 'a> {
|
|
let socket = self.get_php_fpm_pool_socket_path(user_name);
|
|
Box::new(Hook::new(
|
|
File::new(
|
|
format!("/etc/php/7.0/fpm/pool.d/{}.conf", user_name),
|
|
format!(
|
|
"[{0}]
|
|
|
|
user = {0}
|
|
group = www-data
|
|
listen = {1}
|
|
listen.owner = www-data
|
|
pm = ondemand
|
|
pm.max_children = 10"
|
|
, user_name, socket)),
|
|
ReloadService::new("php7.0-fpm", self.command_runner)
|
|
)).into_action(self.symbol_runner)
|
|
}
|
|
|
|
pub fn get_nginx_php_server<'a>(&'a self, host_name: &'static str, user_name: &'static str, root_dir: &'static str) -> NginxServer<'a, C, String> {
|
|
let socket = self.get_php_fpm_pool_socket_path(user_name);
|
|
NginxServer::new_php(
|
|
host_name,
|
|
socket.into(),
|
|
root_dir,
|
|
self.command_runner
|
|
)
|
|
}
|
|
}
|