config, deploy: shione: nginx: enable https support

config/shione/nginx/debian/control

@@ -9,7 +9,7 @@ Standards-Version: 4.1.0
 Package: nginx-config
 Architecture: all
 Multi-Arch: foreign
-Depends: ${misc:Depends}, nginx
+Depends: ${misc:Depends}, nginx, certbot, python3-certbot-nginx
 Provides: ${diverted-files}
 Conflicts: ${diverted-files}
 Description: Shione nginx configuration.

config/shione/nginx/files/etc/nginx/sites-available/shione.net

@@ -24,8 +24,8 @@ server {
 
         # SSL configuration
         #
-        # listen 443 ssl default_server;
-        # listen [::]:443 ssl default_server;
+        listen 443 ssl default_server;
+        listen [::]:443 ssl default_server;
         #
         # Note: You should disable gzip for SSL traffic.
         # See: https://bugs.debian.org/773332
@@ -37,6 +37,11 @@ server {
         # Don't use them in a production server!
         #
         # include snippets/snakeoil.conf;
+        # managed by Certbot.
+        ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem;
+        # managed by Certbot.
+        ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem;
+        include /etc/letsencrypt/options-ssl-nginx.conf;
 
         root /var/www/html/www.shione.net;
 

config/shione/nginx/files/etc/nginx/sites-enabled/homepage.conf

@@ -1 +0,0 @@
-../sites-available/homepage.conf

config/shione/nginx/files/etc/nginx/sites-enabled/shione.net

@@ -0,0 +1 @@
+../sites-available/shione.net

deploy/shione/nginx/create_nginx_user.sh

@@ -3,3 +3,7 @@
 set -eu
 
 adduser --system --no-create-home --verbose --debug nginx
+
+apt install nginx certbot python3-certbot-nginx
+
+certbot --nginx -d shione.net -d www.shione.net