feat: enforce alphabetical server block ordering

Adds test 13 to test.sh to verify that server blocks within each sites-available file are sorted alphabetically by server_name (LC_ALL=C; regex and wildcard entries excluded). Fixes aria.conf and mommy.conf to conform: hyphenated names sort before the bare domain in C locale ('-' < '.'), so trans-bot now precedes trans, and mommy-slack now precedes mommy.
2026-03-03 16:16:18 -08:00
parent 493d758df8
commit 7085845234
3 changed files with 53 additions and 24 deletions
@@ -34,6 +34,17 @@ server {
  }
 }
 server {
  listen 443 ssl;
  server_name trans-bot.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem;
  location / {
    return 301 https://aria.nhcarrigan.com;
  }
 }
 server {
  listen 443 ssl;
  server_name trans.nhcarrigan.com;
@@ -45,14 +56,3 @@ server {
    proxy_pass http://0.0.0.0:5000;
  }
 }
 server {
  listen 443 ssl;
  server_name trans-bot.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem;
  location / {
    return 301 https://aria.nhcarrigan.com;
  }
 }
@@ -11,19 +11,6 @@ server {
  }
 }
 server {
  listen 443 ssl;
  server_name mommy.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/mommy.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mommy.nhcarrigan.com/privkey.pem;
  location / {
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:8008;
    proxy_redirect off;
  }
 }
 server {
  listen 443 ssl;
  server_name mommy-slack.nhcarrigan.com;
@@ -36,3 +23,16 @@ server {
    proxy_redirect off;
  }
 }
 server {
  listen 443 ssl;
  server_name mommy.nhcarrigan.com;
  ssl_certificate /etc/letsencrypt/live/mommy.nhcarrigan.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mommy.nhcarrigan.com/privkey.pem;
  location / {
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:8008;
    proxy_redirect off;
  }
 }
@@ -221,6 +221,35 @@ else
 fi
 echo ""
 # ──────────────────────────────────────────────────────────────────
 # 13. Server blocks within each sites-available file are sorted
 #     alphabetically by server_name (LC_ALL=C; regex/wildcard excluded)
 # ──────────────────────────────────────────────────────────────────
 echo "--- Alphabetical server_name order check ---"
 sort_errors=0
 for conf in "$NGINX_DIR/sites-available/"*.conf; do
  [ "$(basename "$conf")" = "default" ] && continue
  mapfile -t actual < <(grep -P '^\s*server_name\s' "$conf" \
    | grep -v '^\s*#' \
    | sed 's/.*server_name\s*//' \
    | sed 's/\s*;//' \
    | awk '{print $1}' \
    | grep -vP '^~|^\*\.|^_$')
  mapfile -t expected < <(printf '%s\n' "${actual[@]}" | LC_ALL=C sort)
  for ((i = 0; i < ${#actual[@]}; i++)); do
    if [ "${actual[$i]}" != "${expected[$i]}" ]; then
      fail "$(basename "$conf"): not sorted — found '${actual[$i]}', expected '${expected[$i]}'"
      sort_errors=1
      break
    fi
  done
 done
 [ "$sort_errors" -eq 0 ] && pass "All sites-available files have alphabetically sorted server blocks"
 echo ""
 # ──────────────────────────────────────────────────────────────────
 # Summary
 # ──────────────────────────────────────────────────────────────────