From a99359d01f285cfdc7f6f77c8410788c307d6470 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=A5=D0=B8=D1=80=D0=B5=D1=86=D0=BA=D0=B8=D0=B9=20=D0=9C?=
 =?UTF-8?q?=D0=B8=D1=85=D0=B0=D0=B8=D0=BB?= <mh@calculate.ru>
Date: Wed, 9 Dec 2020 12:59:12 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?=
 =?UTF-8?q?=D0=BD=D1=8B=20=D1=88=D0=B0=D0=B1=D0=BB=D0=BE=D0=BD=D1=8B=20www?=
 =?UTF-8?q?-servers/nginx?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 merge/README.txt                                 |  1 +
 merge/www-servers/.calculate_directory           |  1 +
 merge/www-servers/nginx/.calculate_directory     |  1 +
 merge/www-servers/nginx/nginx.append.conf        |  5 +++++
 merge/www-servers/nginx/nginx.conf               |  8 ++++++++
 .../www-servers/nginx/sites-enabled/_noname.conf | 16 ++++++++++++++++
 merge/www-servers/nginx/ssl/generate_noname_cert |  4 ++++
 7 files changed, 36 insertions(+)
 create mode 100644 merge/www-servers/.calculate_directory
 create mode 100644 merge/www-servers/nginx/.calculate_directory
 create mode 100644 merge/www-servers/nginx/nginx.append.conf
 create mode 100644 merge/www-servers/nginx/nginx.conf
 create mode 100644 merge/www-servers/nginx/sites-enabled/_noname.conf
 create mode 100644 merge/www-servers/nginx/ssl/generate_noname_cert

diff --git a/merge/README.txt b/merge/README.txt
index 75f59c2..eca55ff 100644
--- a/merge/README.txt
+++ b/merge/README.txt
@@ -51,6 +51,7 @@ merge/sys-apps/portage/syncmodule/calculate содержит код, котор
 Нужно проверить обрабатываются ли format='regex' с пустым содержимым
 Обрабатывается ли корректно параметр name=''
 Проверить сравнение с версией в dracut 048
+Перенести шаблон nginx.conf в live, так как там используется main.hr.cpu.num
 
 ---Учесть при внедрении---
 Удалены шаблоны для plymouth 0.9.4, учесть возможность того, что останутся устаревшие версии
diff --git a/merge/www-servers/.calculate_directory b/merge/www-servers/.calculate_directory
new file mode 100644
index 0000000..fe9987a
--- /dev/null
+++ b/merge/www-servers/.calculate_directory
@@ -0,0 +1 @@
+{% calculate append='skip' %}
diff --git a/merge/www-servers/nginx/.calculate_directory b/merge/www-servers/nginx/.calculate_directory
new file mode 100644
index 0000000..3fc75bb
--- /dev/null
+++ b/merge/www-servers/nginx/.calculate_directory
@@ -0,0 +1 @@
+{% calculate path='/etc', package='www-servers/nginx' %}
diff --git a/merge/www-servers/nginx/nginx.append.conf b/merge/www-servers/nginx/nginx.append.conf
new file mode 100644
index 0000000..8219db9
--- /dev/null
+++ b/merge/www-servers/nginx/nginx.append.conf
@@ -0,0 +1,5 @@
+{% calculate format='regex', name='nginx.conf', not grep('/etc/nginx/nginx.conf','include.*sites-enabled') %}
+<reg>(\s+)(.*)
+\}$</reg>
+<text>\1\2\1include /etc/nginx/sites-enabled/*.conf;
+}</text>
diff --git a/merge/www-servers/nginx/nginx.conf b/merge/www-servers/nginx/nginx.conf
new file mode 100644
index 0000000..99897ff
--- /dev/null
+++ b/merge/www-servers/nginx/nginx.conf
@@ -0,0 +1,8 @@
+{% calculate format='regex' %}
+<reg>worker_processes \d+;</reg>
+<text>worker_processes {{ main.hr.cpu.num }};</text>
+<reg>(sendfile on;)
+(\s+)(tcp_nopush on;)</reg>
+<text>\1
+\2server_tokens off;
+\2\3</text>
diff --git a/merge/www-servers/nginx/sites-enabled/_noname.conf b/merge/www-servers/nginx/sites-enabled/_noname.conf
new file mode 100644
index 0000000..1658a34
--- /dev/null
+++ b/merge/www-servers/nginx/sites-enabled/_noname.conf
@@ -0,0 +1,16 @@
+#server {
+#    listen  80 default_server;
+#    server_name _;
+#    access_log /var/log/nginx/noname_80.access_log main;
+#    return      444;
+#}
+#server {
+#    listen 443 ssl default_server;
+#    ssl_ciphers aNULL;
+#    ssl_certificate /etc/nginx/ssl/nginx.crt;
+#    ssl_certificate_key /etc/nginx/ssl/nginx.key;
+#    ssl_session_tickets off;
+#    server_name _;
+#    access_log /var/log/nginx/noname_443.access_log main;
+#    return      444;
+#}
diff --git a/merge/www-servers/nginx/ssl/generate_noname_cert b/merge/www-servers/nginx/ssl/generate_noname_cert
new file mode 100644
index 0000000..ff39cc1
--- /dev/null
+++ b/merge/www-servers/nginx/ssl/generate_noname_cert
@@ -0,0 +1,4 @@
+{% calculate exec='/bin/bash', not exists('/etc/nginx/ssl/nginx.key') or not exists('/etc/nginx/ssl/nginx.crt') %}
+openssl req -x509 -subj "/CN=_" -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt &>/dev/null
+
+true