From 485bbb9cbd83f71999386e4a25d4736ba5c7ed07 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Mon, 18 Dec 2023 15:16:27 +0000
Subject: [PATCH] Let acmetool manage port 80

This avoids circular dependency with nginx.
nginx needs a certificate to start
and getting a certificate requires someone
listening on port 80.
---
 cmdeploy/src/cmdeploy/acmetool/__init__.py    | 19 ++++++++++++++++++-
 .../acmetool/acmetool-redirector.service      | 11 +++++++++++
 cmdeploy/src/cmdeploy/nginx/nginx.conf.j2     |  8 --------
 3 files changed, 29 insertions(+), 9 deletions(-)
 create mode 100644 cmdeploy/src/cmdeploy/acmetool/acmetool-redirector.service

diff --git a/cmdeploy/src/cmdeploy/acmetool/__init__.py b/cmdeploy/src/cmdeploy/acmetool/__init__.py
index 3f40b9bf..ce2b585f 100644
--- a/cmdeploy/src/cmdeploy/acmetool/__init__.py
+++ b/cmdeploy/src/cmdeploy/acmetool/__init__.py
@@ -1,6 +1,6 @@
 import importlib.resources
 
-from pyinfra.operations import apt, files, server
+from pyinfra.operations import apt, files, systemd, server
 
 
 def deploy_acmetool(nginx_hook=False, email="", domains=[]):
@@ -46,6 +46,23 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
         mode="644",
     )
 
+    service_file = files.put(
+        src=importlib.resources.files(__package__).joinpath(
+            "acmetool-redirector.service"
+        ),
+        dest="/etc/systemd/system/acmetool-redirector.service",
+        user="root",
+        group="root",
+        mode="644",
+    )
+    systemd.service(
+        name="Setup acmetool-redirector service",
+        service="acmetool-redirector.service",
+        running=True,
+        enabled=True,
+        restarted=service_file.changed,
+    )
+
     server.shell(
         name=f"Request certificate for: { ', '.join(domains) }",
         commands=[f"acmetool want { ' '.join(domains)}"],
diff --git a/cmdeploy/src/cmdeploy/acmetool/acmetool-redirector.service b/cmdeploy/src/cmdeploy/acmetool/acmetool-redirector.service
new file mode 100644
index 00000000..2e434b9b
--- /dev/null
+++ b/cmdeploy/src/cmdeploy/acmetool/acmetool-redirector.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=acmetool HTTP redirector
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/acmetool redirector --service.uid=daemon
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
diff --git a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
index 91cfd1db..21eeef66 100644
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -48,12 +48,4 @@ http {
         # add cgi-bin support
         include /usr/share/doc/fcgiwrap/examples/nginx.conf;
 	}
-    server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
-        server_name _;
-
-        return 301 https://$host$request_uri;
-    }
 }
-