From de93649846293ba5daed6110440e9490b211ee34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Pedro=20Toledo?= Date: Mon, 26 Jan 2026 20:00:22 -0300 Subject: [PATCH] feat: implement Zero-Touch deployment (internal git sync + dynamic config symlinks) --- docker-compose.yml | 2 ++ scripts/pre-flight.sh | 53 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 093c516..1dbfb1a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -52,6 +52,7 @@ services: - nginx_logs:/var/log/nginx - certbot_data_conf:/etc/letsencrypt - certbot_data_www:/var/www/certbot + - repo_data:/opt/repo extra_hosts: - "host.docker.internal:host-gateway" - "server-254:10.10.253.254" @@ -92,3 +93,4 @@ volumes: ssl_data: certbot_data_conf: certbot_data_www: + repo_data: diff --git a/scripts/pre-flight.sh b/scripts/pre-flight.sh index 6cdb6f8..4643f17 100644 --- a/scripts/pre-flight.sh +++ b/scripts/pre-flight.sh @@ -35,9 +35,62 @@ echo "[Pre-Flight] Running SSL renewal check..." /scripts/renew_ssl.sh # Setup Daily Cron for Renewal (run at 01:00) +# ============================================================================== +# GIT SYNC & DYNAMIC CONFIG SETUP +# ============================================================================== +REPO_DIR="/opt/repo" +GIT_USER="gitea-deploy" +GIT_PASS="o3%21VV3H6qBg%5Erucv2UvF6mdK%24NWyNj%403" +GIT_REPO="git.itguys.com.br/joao.goncalves/NgixProxy_Pathfinder.git" +GIT_URL="https://${GIT_USER}:${GIT_PASS}@${GIT_REPO}" + +echo "[Pre-Flight] Checking repository at $REPO_DIR..." + +if [ ! -d "$REPO_DIR/.git" ]; then + echo "[Pre-Flight] Repository not found. Cloning..." + # Ensure dir exists + mkdir -p "$REPO_DIR" + # Clone + git clone "$GIT_URL" "$REPO_DIR" +else + echo "[Pre-Flight] Repository exists. Pulling latest..." + cd "$REPO_DIR" + git config --global --add safe.directory "$REPO_DIR" + git pull +fi + +# SYMLINK SETUP +# We want Nginx to use the configs from the repo (dynamic) instead of the baked-in ones (static). +echo "[Pre-Flight] Setting up symlinks..." + +# 1. conf.d (Sites) +if [ -d "$REPO_DIR/conf.d" ]; then + echo "[Pre-Flight] Linking conf.d..." + rm -rf /etc/nginx/conf.d + ln -s "$REPO_DIR/conf.d" /etc/nginx/conf.d +fi + +# 2. snippets (Optional, but good for consistency) +if [ -d "$REPO_DIR/snippets" ]; then + echo "[Pre-Flight] Linking snippets..." + rm -rf /etc/nginx/snippets + ln -s "$REPO_DIR/snippets" /etc/nginx/snippets +fi + +# 3. ModSecurity Rules (Optional) +if [ -d "$REPO_DIR/modsec_rules" ]; then + echo "[Pre-Flight] Linking modsec_rules..." + rm -rf /etc/nginx/custom_rules + ln -s "$REPO_DIR/modsec_rules" /etc/nginx/custom_rules +fi + + # Setup Daily Cron for Renewal (run at 01:00) echo "0 1 * * * /scripts/renew_ssl.sh >> /var/log/nginx/ssl_renew.log 2>&1" >> /etc/crontabs/root +# Setup Git Sync Cron (Run every 5 minutes) +echo "*/5 * * * * /scripts/git_sync.sh >> /var/log/nginx/git_sync.log 2>&1" >> /etc/crontabs/root + # Start Crond in background crond -b -l 8