From 335811b267f2ca88066214bb0cbc89ca06b99ca3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9C=D0=B8=D1=85=D0=B0=D0=B8=D0=BB=20=D0=9A=D0=B0=D0=BF?=
 =?UTF-8?q?=D0=B5=D0=BB=D1=8C=D0=BA=D0=BE?= <m.kapelko@iva-tech.ru>
Date: Sat, 6 Dec 2025 07:00:38 +0300
Subject: [PATCH] introduce steps

---
 cert.renew               |  2 +-
 cert.setup               |  2 +-
 cert/vpsRenew            | 11 +++++++++++
 nginx.setup              |  5 -----
 nginx/acme.cfg           | 10 ++++++++++
 nginx/cfg                |  1 +
 nginx/setup              |  9 +++++++++
 step/copyNginxACMEConfig |  5 +++++
 step/copyNginxProdConfig |  5 +++++
 step/ensureRootUser      |  9 +++++++++
 step/installNginx        |  5 +++++
 step/restartNginx        |  5 +++++
 12 files changed, 62 insertions(+), 7 deletions(-)
 create mode 100644 cert/vpsRenew
 create mode 100644 nginx/acme.cfg
 create mode 100644 nginx/setup
 create mode 100644 step/copyNginxACMEConfig
 create mode 100644 step/copyNginxProdConfig
 create mode 100644 step/ensureRootUser
 create mode 100644 step/installNginx
 create mode 100644 step/restartNginx

diff --git a/cert.renew b/cert.renew
index e5907d4..9e04058 100755
--- a/cert.renew
+++ b/cert.renew
@@ -1,3 +1,3 @@
-#!/bin/bash
+#!/bin/bash -e
 # https://habr.com/ru/articles/735712/
 certbot certonly --manual --preferred-challenges http -d "kornerr.ru"
diff --git a/cert.setup b/cert.setup
index a2323f6..eecff6e 100755
--- a/cert.setup
+++ b/cert.setup
@@ -1,3 +1,3 @@
-#!/bin/bash
+#!/bin/bash -e
 # https://habr.com/ru/articles/735712/
 brew install certbot
diff --git a/cert/vpsRenew b/cert/vpsRenew
new file mode 100644
index 0000000..30139eb
--- /dev/null
+++ b/cert/vpsRenew
@@ -0,0 +1,11 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+STEP=0
+source $T/ensureRootUser
+source $T/copyNginxACMEConfig
+source $T/restartNginx
+
+source $T/copyNginxProdConfig
+source $T/restartNginx
diff --git a/nginx.setup b/nginx.setup
index 4fc31be..e69de29 100755
--- a/nginx.setup
+++ b/nginx.setup
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-apt install nginx
-cp nginx/cfg /etc/nginx/sites-enabled/default
-systemctl restart nginx
diff --git a/nginx/acme.cfg b/nginx/acme.cfg
new file mode 100644
index 0000000..043ea19
--- /dev/null
+++ b/nginx/acme.cfg
@@ -0,0 +1,10 @@
+# Serve only through HTTP while updating the certificate
+server {
+  listen 80;
+  server_name kornerr.ru;
+  root /var/www/html;
+
+  location / {
+    try_files $uri $uri/ =404;
+  }
+}
diff --git a/nginx/cfg b/nginx/cfg
index c065037..c2e7549 100644
--- a/nginx/cfg
+++ b/nginx/cfg
@@ -5,6 +5,7 @@ server {
   return 301 https://$server_name$request_uri;
 }
 
+# Serve through HTTPS only
 server {
   listen 443 ssl;
   server_name kornerr.ru;
diff --git a/nginx/setup b/nginx/setup
new file mode 100644
index 0000000..b2d36bb
--- /dev/null
+++ b/nginx/setup
@@ -0,0 +1,9 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+STEP=0
+source $T/ensureRootUser
+source $T/installNginx
+source $T/copyNginxProdConfig
+source $T/restartNginx
diff --git a/step/copyNginxACMEConfig b/step/copyNginxACMEConfig
new file mode 100644
index 0000000..124a7d1
--- /dev/null
+++ b/step/copyNginxACMEConfig
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Копируем настройки Nginx для ACME"
+cp $SDIR/../nginx/acme.cfg /etc/nginx/sites-enabled/default
diff --git a/step/copyNginxProdConfig b/step/copyNginxProdConfig
new file mode 100644
index 0000000..01ef89f
--- /dev/null
+++ b/step/copyNginxProdConfig
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Копируем боевые настройки Nginx"
+cp $SDIR/../nginx/prod.cfg /etc/nginx/sites-enabled/default
diff --git a/step/ensureRootUser b/step/ensureRootUser
new file mode 100644
index 0000000..c63ca65
--- /dev/null
+++ b/step/ensureRootUser
@@ -0,0 +1,9 @@
+#!/bin/bash
+# https://askubuntu.com/a/15856
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Проверяем запуск из-под root"
+if [[ $EUID -ne 0 ]]; then
+   echo "ОШИБКА: Перезапустите как root"
+   exit 1
+fi
diff --git a/step/installNginx b/step/installNginx
new file mode 100644
index 0000000..5b39d75
--- /dev/null
+++ b/step/installNginx
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Устанавливаем Nginx"
+apt install nginx
diff --git a/step/restartNginx b/step/restartNginx
new file mode 100644
index 0000000..328fa9a
--- /dev/null
+++ b/step/restartNginx
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Перезапускаем Nginx"
+systemctl restart nginx