PROJ=taskx
mkdir -p resources/db
cd resources/db
sudo mysqldump lrv$PROJ | gzip > lrv$PROJ.sql.gz

PROJ=taskx
REPO=$PROJ.git
cd /srv/www
git config --global --add safe.directory /home/git/repo/$REPO
git clone /home/git/repo/$REPO
sudo chown -R www-data:www-data $PROJ
cd $PROJ
sudo -u www-data git checkout main
dbtool create-db-and-user lrv$PROJ lrv$PROJ TopSecret
DOMAIN=$PROJ.hamatoma.de
DB=lrv$PROJ
PW=TopSecret
dbtool create-webapp-configuration $DOMAIN $(pwd) $DB $DB $PW
gzip -d resources/db/lrv$PROJ.sql.gz | mysql -u root lrv$PROJ
mkdir -pv storage/logs storage/framework/{cache,sessions,views} storage/app/public
chown -R www-data:www-data storage

PROJ=oo4f
DOMAIN=$PROJ.hamatoma.de
cd /etc/nginx/sites-available
cat <<EOS >$DOMAIN
server{
  listen 80;
  server_name $DOMAIN;
  include snippets/letsencrypt.conf;
  root /srv/www/$DOMAIN;
  location / {
    return 301 https://\$server_name\$request_uri;  # enforce https
  }
}
server {
  listen 443 ssl http2;
  listen [::]:80;
  server_name $DOMAIN;
  root /srv/www/$DOMAIN/public;

  ssl_certificate     /etc/letsencrypt/live/latest/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/latest/privkey.pem;
  #ssl_certificate /etc/ssl/certs/$DOMAIN.pem;
  #ssl_certificate_key /etc/ssl/private/$DOMAIN.key;
  client_max_body_size 1G;
  access_log /var/log/nginx/a_$PROJ.log;
  error_log /var/log/nginx/e_$PROJ.log;

  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-Content-Type-Options "nosniff";

  index index.php;

  charset utf-8;

  location / {
    try_files \$uri \$uri/ /index.php?\$query_string;
  }

  location = /favicon.ico { access_log off; log_not_found off; }
  location = /robots.txt  { access_log off; log_not_found off; }

  error_page 404 /index.php;

  location ~ \.php\$ {
    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /\.(?!well-known).* {
    deny all;
  }
}
EOS
cd ../sites-enabled
ln -sv ../$DOMAIN .