#!/hint/bash -euE
# Copyright (C) 2023-2024  Umorpha Systems
# SPDX-License-Identifier: AGPL-3.0-or-later

packages+=(nginx)

post_install+=(20:nginx:post_install) # must be before '30:certbot:post_install'
nginx:post_install() {
	local arg_mountpoint=$1

	install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/nginx.conf" <<-'EOF'
		# -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*-

		worker_processes  1;

		error_log /var/log/nginx/main-error.log error;

		events {
		    worker_connections  1024;
		}

		http {
		    error_log  /var/log/nginx/main-error.http.log  error;
		    access_log /var/log/nginx/main-access.http.log combined;

		    types_hash_max_size 4096;
		    include       mime.types;
		    default_type  application/octet-stream;

		    sendfile           on;
		    keepalive_timeout  65;

		    gzip  on;

		    root /var/empty;
		    access_log /var/log/nginx/main-access.http.$server_name.log combined;

		    include /etc/nginx/sites/*.conf;
		}
	EOF

	install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/snippets/listen.conf" <<-'EOF'
		# -*- mode: nginx -*-
		listen 80;
		listen [::]:80;
	EOF

	# The per-$server_name access log files are created by worker
	# process' `http` user, not the master process' `root` user,
	# so we need to give that user permission to create them.
	install -Dm644 /dev/stdin "$arg_mountpoint/etc/tmpfiles.d/nginx.conf" <<-'EOF'
		z /var/log/nginx 0775 - http
	EOF

	systemctl --root="$arg_mountpoint" enable nginx.service
}