feat: implement Zero-Touch deployment (internal git sync + dynamic config symlinks)

2026-01-26 20:00:22 -03:00 · 2026-01-26 20:00:22 -03:00 · de93649846
parent 1435401e44
commit de93649846
2 changed files with 55 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -52,6 +52,7 @@ services:
      - nginx_logs:/var/log/nginx
      - certbot_data_conf:/etc/letsencrypt
      - certbot_data_www:/var/www/certbot
+      - repo_data:/opt/repo
    extra_hosts:
      - "host.docker.internal:host-gateway"
      - "server-254:10.10.253.254"
@ -92,3 +93,4 @@ volumes:
  ssl_data:
  certbot_data_conf:
  certbot_data_www:
+  repo_data:
--- a/scripts/pre-flight.sh
+++ b/scripts/pre-flight.sh
@ -35,9 +35,62 @@ echo "[Pre-Flight] Running SSL renewal check..."
 /scripts/renew_ssl.sh

 # Setup Daily Cron for Renewal (run at 01:00)
+# ==============================================================================
+# GIT SYNC & DYNAMIC CONFIG SETUP
+# ==============================================================================
+REPO_DIR="/opt/repo"
+GIT_USER="gitea-deploy"
+GIT_PASS="o3%21VV3H6qBg%5Erucv2UvF6mdK%24NWyNj%403"
+GIT_REPO="git.itguys.com.br/joao.goncalves/NgixProxy_Pathfinder.git"
+GIT_URL="https://${GIT_USER}:${GIT_PASS}@${GIT_REPO}"
+
+echo "[Pre-Flight] Checking repository at $REPO_DIR..."
+
+if [ ! -d "$REPO_DIR/.git" ]; then
+    echo "[Pre-Flight] Repository not found. Cloning..."
+    # Ensure dir exists
+    mkdir -p "$REPO_DIR"
+    # Clone
+    git clone "$GIT_URL" "$REPO_DIR"
+else
+    echo "[Pre-Flight] Repository exists. Pulling latest..."
+    cd "$REPO_DIR"
+    git config --global --add safe.directory "$REPO_DIR"
+    git pull
+fi
+
+# SYMLINK SETUP
+# We want Nginx to use the configs from the repo (dynamic) instead of the baked-in ones (static).
+echo "[Pre-Flight] Setting up symlinks..."
+
+# 1. conf.d (Sites)
+if [ -d "$REPO_DIR/conf.d" ]; then
+    echo "[Pre-Flight] Linking conf.d..."
+    rm -rf /etc/nginx/conf.d
+    ln -s "$REPO_DIR/conf.d" /etc/nginx/conf.d
+fi
+
+# 2. snippets (Optional, but good for consistency)
+if [ -d "$REPO_DIR/snippets" ]; then
+    echo "[Pre-Flight] Linking snippets..."
+    rm -rf /etc/nginx/snippets
+    ln -s "$REPO_DIR/snippets" /etc/nginx/snippets
+fi
+
+# 3. ModSecurity Rules (Optional)
+if [ -d "$REPO_DIR/modsec_rules" ]; then
+    echo "[Pre-Flight] Linking modsec_rules..."
+    rm -rf /etc/nginx/custom_rules
+    ln -s "$REPO_DIR/modsec_rules" /etc/nginx/custom_rules
+fi
+
+
 # Setup Daily Cron for Renewal (run at 01:00)
 echo "0 1 * * * /scripts/renew_ssl.sh >> /var/log/nginx/ssl_renew.log 2>&1" >> /etc/crontabs/root

+# Setup Git Sync Cron (Run every 5 minutes)
+echo "*/5 * * * * /scripts/git_sync.sh >> /var/log/nginx/git_sync.log 2>&1" >> /etc/crontabs/root
+
 # Start Crond in background
 crond -b -l 8