capistrano-nuxt2 0.2.17

data/lib/capistrano/tasks/certbot.rake

@@ -0,0 +1,256 @@
+namespace :load do
+  task :defaults do
+    set :certbot_roles,         -> { :web }
+    set :certbot_path,          -> { "~" }
+    set :certbot_domains,       -> { fetch(:nginx_major_domain,false) ? [fetch(:nginx_major_domain)] + Array(fetch(:nginx_domains)) : Array(fetch(:nginx_domains)) }
+    set :certbot_www_domains,   -> { false }
+    set :certbot_webroot,       -> { "#{shared_path}" }
+    set :certbot_job_log,       -> { "#{shared_path}/log/lets_encrypt_cron.log" }
+    set :certbot_job_type,      -> { 'systemd' }  # systemd / cron
+    set :certbot_email,         -> { "" }
+    # set :certbot_dh_path,       -> { fetch(:nginx_diffie_hellman_path, "/etc/ssl/certs/dhparam.pem")}
+    # set :certbot_dh_size,       -> { 4096 }
+  end
+end
+
+namespace :certbot do
+
+
+  # Helper method to get the email address
+  def fetch_certbot_email
+    certbot_email = fetch(:certbot_email, "").strip
+    if certbot_email.empty?
+      puts "⚠️  No email address is set for Let's Encrypt!"
+      puts "➡️  A valid email is required to receive expiration notifications."
+      puts "➡️  Please enter a valid email address:"
+      ask(:certbot_email, "Enter email for Let's Encrypt:")
+      set(:certbot_email, fetch(:certbot_email)) # Store response
+    end
+    fetch(:certbot_email)
+  end
+
+  # Helper method to determine if `--expand` should be used
+  def fetch_certbot_expand_option
+    certbot_domains = Array(fetch(:certbot_domains))
+    use_www_domains = fetch(:certbot_www_domains, false)
+    
+    should_expand = false
+    if use_www_domains || certbot_domains.length > 1
+      puts "🔍  It looks like you already have certificates or are adding new domains."
+      puts "➡️  If you want to expand an existing certificate with new domains, select 'yes'."
+      ask(:certbot_expand, "Use `--expand`? (yes/no):")
+      should_expand = fetch(:certbot_expand).downcase.strip == "yes"
+    end
+    should_expand ? "--expand" : ""
+  end
+
+  # Helper method to generate domain arguments
+  def fetch_certbot_domain_args
+    certbot_domains = Array(fetch(:certbot_domains))
+    use_www_domains = fetch(:certbot_www_domains, false)
+    
+    certbot_domains.map do |d|
+      base_domain = d.gsub(/^\*?\./, "")
+      domain_entry = "-d #{base_domain}"
+      domain_entry += "-d www.#{base_domain}" if use_www_domains
+      domain_entry
+    end.join(" ")
+  end
+
+
+  ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## 
+  
+  desc "Install certbot LetsEncrypt"
+  task :install do
+    on roles fetch(:certbot_roles) do
+      within fetch(:certbot_path) do
+        execute :sudo, "apt update"
+        execute :sudo, "apt install -y certbot"
+      end
+    end
+  end
+  
+  
+  desc "Generate LetsEncrypt certificate"
+  task :generate do
+    on roles fetch(:certbot_roles) do
+      certbot_email = fetch_certbot_email
+      expand_option = fetch_certbot_expand_option
+      domain_args = fetch_certbot_domain_args
+      
+      execute :sudo, "certbot --non-interactive --agree-tos --allow-subset-of-names --email #{certbot_email} certonly --webroot -w #{fetch(:certbot_webroot)} #{domain_args} #{expand_option}"
+    end
+  end
+
+
+  desc "Delete LetsEncrypt certificate"
+  task :delete do
+    on roles fetch(:certbot_roles) do
+      # 1️⃣ Email check with explanation
+      puts "⚠️  This will delete the certificates for the domain: #{Array(fetch(:certbot_domains))[0]}"
+      ask(:certbot_delete_cert, "Are you sure? (yes|no):")
+      if fetch(:certbot_delete_cert).to_s.downcase == "yes"
+        # Execute Certbot delete
+        puts "🔍  Deleting certificate... #{Array(fetch(:certbot_domains))[0]}"
+        execute :sudo, "certbot --non-interactive delete --cert-name #{ Array(fetch(:certbot_domains))[0] }"
+      else
+        puts "🔍  Skipping certificate deletion..."
+      end
+    end
+  end
+  
+  
+  
+  desc "Upload and setup LetsEncrypt Auto-renew-job"
+  task :setup_auto_renew do
+    on roles fetch(:certbot_roles) do
+      if fetch(:certbot_job_type, 'systemd') == 'cron'
+        # just once a week
+        execute :sudo, "echo '0 0 * * 0 root certbot renew --no-self-upgrade --allow-subset-of-names --post-hook \"systemctl restart nginx\"  >> #{ fetch(:certbot_job_log) } 2>&1' | cat > #{ fetch(:certbot_path) }/lets_encrypt_cronjob"
+        execute :sudo, "mv -f #{ fetch(:certbot_path) }/lets_encrypt_cronjob /etc/cron.d/lets_encrypt"
+        execute :sudo, "chown -f root:root /etc/cron.d/lets_encrypt"
+        execute :sudo, "chmod -f 0644 /etc/cron.d/lets_encrypt"
+      else
+        ## enable systemd timer (every 12 hours)
+        execute :sudo, "systemctl enable certbot.timer"
+        execute :sudo, "systemctl start certbot.timer"
+        ## restart nginx if renewed
+        execute :sudo, "mkdir -p /etc/systemd/system/certbot.service.d"
+        execute :sudo, "echo -e '[Service]\nExecStartPost=/bin/systemctl restart nginx' | sudo tee /etc/systemd/system/certbot.service.d/override.conf"
+        execute :sudo, "systemctl daemon-reload"
+      end
+    end
+  end
+  
+  desc "Show logs for LetsEncrypt Auto-renew-job"
+  task :auto_renew_logs do
+    on roles fetch(:certbot_roles) do
+      if fetch(:certbot_job_type, 'systemd') == 'cron'
+        execute :sudo, "tail -n 50 #{fetch(:certbot_job_log)}"
+      else
+        execute :sudo, "journalctl -u certbot.timer --no-pager --since '7 days ago'"
+        execute :sudo, "journalctl -u certbot.service --no-pager --since '7 days ago'"
+      end
+    end
+  end
+  
+  desc "Remove LetsEncrypt Auto-renew-job"
+  task :remove_auto_renew do
+    on roles fetch(:certbot_roles) do
+      if fetch(:certbot_job_type, 'systemd') == 'cron'
+        execute :sudo, "rm -f /etc/cron.d/lets_encrypt"
+      else
+        execute :sudo, "systemctl stop certbot.timer"
+        execute :sudo, "systemctl disable certbot.timer"
+        execute :sudo, "rm -rf /etc/systemd/system/certbot.service.d"
+        execute :sudo, "systemctl daemon-reload"
+      end
+    end
+  end
+  
+  
+  desc "Dry-Run Renew LetsEncrypt"
+  task :dry_renew do
+    on roles fetch(:certbot_roles) do
+      # execute :sudo, "#{ fetch(:certbot_path) }/certbot-auto renew --dry-run"
+      output = capture(:sudo, "certbot renew --dry-run")
+      puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
+      output.each_line do |line|
+          puts line
+      end
+      puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
+    end
+  end
+
+
+  desc "Renew LetsEncrypt certificates"
+  task :renew do
+    on roles fetch(:certbot_roles) do
+      # execute :sudo, "#{ fetch(:certbot_path) }/certbot-auto renew --dry-run"
+      output = capture(:sudo, "certbot renew")
+      puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
+      output.each_line do |line|
+          puts line
+      end
+      puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
+    end
+  end
+  
+
+  # => ECDH (X25519) is automatically used → No need to generate DH params.
+  ## desc "Generate Strong Diffie-Hellman Group"
+  ## task :generate_dhparam do
+  ##   on roles fetch(:certbot_roles) do
+  ##     dh_path = fetch(:certbot_dh_path).to_s.split("/")
+  ##     dh_path.pop
+  ##     execute :sudo, "mkdir -p #{dh_path.join("/")}"
+  ##     # Set key size (default to 4096 if not specified)
+  ##     dh_key_size = fetch(:certbot_dh_size, 4096)
+  ##     # Check if DH params already exist
+  ##     if test("[ -f #{fetch(:certbot_dh_path)} ]")
+  ##       puts "✅ DH parameters already exist at #{fetch(:certbot_dh_path)}, skipping generation."
+  ##     else
+  ##       puts "🔐 Generating #{dh_key_size}-bit Diffie-Hellman parameters..."
+  ##       execute :sudo, "openssl dhparam -out #{fetch(:certbot_dh_path)} #{dh_key_size}"
+  ##     end
+  ##   end
+  ## end
+
+
+  desc "Check if TLS 1.3 is correctly enabled on the server"
+  task :check_tls do
+    on roles fetch(:certbot_roles) do
+      domain = fetch(:nginx_major_domain, fetch(:nginx_domains).first)
+
+      puts "🔍 Checking TLS 1.3 for #{domain}..."
+      result = capture("curl -v --tlsv1.3 --tls-max 1.3 https://#{domain} 2>&1")
+
+      if result.include?("SSL connection using TLSv1.3")
+        puts "✅ TLS 1.3 is enabled and working for #{domain}!"
+      else
+        puts "❌ WARNING: TLS 1.3 may not be working! Check your Nginx SSL settings."
+      end
+    end
+  end
+
+
+  desc 'Get the DNS challenge txt-entry'
+  task :dns_challenge_get do
+    on roles fetch(:certbot_roles) do
+      within release_path do
+
+        certbot_email = fetch_certbot_email
+        expand_option = fetch_certbot_expand_option
+        domain_args = fetch_certbot_domain_args
+        user = fetch(:user, "deploy") # Adjust to your user
+
+        puts "cmd: sudo certbot certonly --manual --preferred-challenges=dns --agree-tos --dry-run --email #{certbot_email} #{domain_args} #{expand_option}"
+
+        puts "🔄 Starting interactive Certbot session..."
+        system("ssh -t #{user}@#{host.hostname} 'sudo certbot certonly --manual --preferred-challenges=dns --agree-tos --dry-run --email #{certbot_email} #{domain_args} #{expand_option}'")
+      end
+    end
+  end
+
+  desc 'Run Certbot to validate the DNS challenge'
+  task :dns_challenge_validate do
+    on roles fetch(:certbot_roles) do
+      within release_path do
+        certbot_email = fetch_certbot_email
+        expand_option = fetch_certbot_expand_option
+        domain_args = fetch_certbot_domain_args
+        user = fetch(:user, "deploy") # Adjust to your user
+
+        puts "cmd: sudo certbot certonly --manual --preferred-challenges=dns --agree-tos --email #{certbot_email} #{domain_args} #{expand_option}"
+
+        puts "🔄 Starting interactive Certbot session..."
+        system("ssh -t #{user}@#{host.hostname} 'sudo certbot certonly --manual --preferred-challenges=dns --agree-tos --email #{certbot_email} #{domain_args} #{expand_option}'")
+      end
+    end
+  end
+
+  
+end
+
+
+

data/lib/capistrano/tasks/nginx.rake

@@ -0,0 +1,209 @@
+require 'capistrano/nuxt2/base_helpers'
+require 'capistrano/nuxt2/nginx_helpers'
+include Capistrano::Nuxt2::BaseHelpers
+include Capistrano::Nuxt2::NginxHelpers
+
+namespace :load do
+  task :defaults do
+    set :nginx_domains,           -> { [] }
+    set :nginx_major_domain,      -> { false }
+    set :nginx_remove_www,        -> { true }
+    set :nginx_use_ssl,           -> { false }
+
+    # also allow http access, if ssl is enabled (full http block will be created, but only if this is set to true)
+    set :nginx_also_allow_http,   -> { false }
+    
+
+    set :nginx_roles,             -> { :web }
+    set :nginx_log_folder,        -> { "log" }
+    set :nginx_root_folder,       -> { "www" }    # Nuxt default: "dist"
+    set :nginx_template,          -> { :default }
+
+    # Define Nginx Site Name
+    set :nginx_site_name,         -> { "#{fetch(:application)}_#{fetch(:stage)}" }
+    set :nginx_app_fallback_site, -> { "404.html" } # Fallback: Nuxt.js default "404.html" page .. Vue default is "index.html"
+
+    # SSL Paths
+    set :nginx_ssl_cert,          -> { "/etc/letsencrypt/live/#{ cert_domain }/fullchain.pem" }
+    set :nginx_ssl_key,           -> { "/etc/letsencrypt/live/#{ cert_domain }/privkey.pem" }
+    set :nginx_ocsp_stapling,     -> { false } # let's encrypt does not support stapling since 2025
+
+    # SSL Paths for old domain certificates, if major domain is set
+    set :nginx_other_ssl_cert,    -> { "/etc/letsencrypt/live/#{ cert_domain }/fullchain.pem" }
+    set :nginx_other_ssl_key,     -> { "/etc/letsencrypt/live/#{ cert_domain }/privkey.pem" }
+
+    set :nginx_hooks,             -> { true }
+    set :allow_well_known,        -> { true }
+    
+    # SSL strict security settings
+    set :nginx_strict_security,   -> { fetch(:nginx_use_ssl, false) }
+
+    # SSL Cipher Suite
+    set :nginx_ssl_ciphers, -> { 
+      "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:" \
+      "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:" \
+      "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:" \
+      "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305"
+    }
+
+    append :linked_dirs, fetch(:nginx_root_folder), fetch(:nginx_log_folder)
+
+  end
+end
+
+namespace :nginx do
+
+  namespace :site do
+    desc "Upload Nginx site configuration"
+    task :upload do
+      on release_roles fetch(:nginx_roles) do
+        config_file = fetch(:nginx_template)
+        target_config = fetch(:nginx_site_name)
+
+        puts "📤 Uploading Nginx config: #{target_config}..."
+      
+        if config_file == :default
+          template2go("nginx.conf", "/tmp/#{target_config}")
+        else
+          template2go(config_file, "/tmp/#{target_config}")
+        end
+
+        execute :sudo, :mv, "/tmp/#{target_config}", "/etc/nginx/sites-available/#{target_config}"
+      end
+    end
+
+    desc "Enable Nginx site (creates symlink)"
+    task :enable do
+      on release_roles fetch(:nginx_roles) do
+        enabled_path = "/etc/nginx/sites-enabled/#{fetch(:nginx_site_name)}"
+        available_path = "/etc/nginx/sites-available/#{fetch(:nginx_site_name)}"
+
+        unless test "[ -h #{enabled_path} ]"
+          puts "🔗 Enabling Nginx site..."
+          execute :sudo, :ln, "-s", available_path, enabled_path
+          invoke "nginx:service:reload"
+        else
+          puts "✅ Nginx site is already enabled!"
+        end
+      end
+    end
+
+    desc "Disable Nginx site (removes symlink)"
+    task :disable do
+      on release_roles fetch(:nginx_roles) do
+        enabled_path = "/etc/nginx/sites-enabled/#{fetch(:nginx_site_name)}"
+        
+        if test "[ -h #{enabled_path} ]"
+          puts "🚫 Disabling Nginx site..."
+          execute :sudo, :rm, "-f", enabled_path
+          invoke "nginx:service:reload"
+        else
+          puts "⚠️  Nginx site is not enabled!"
+        end
+      end
+    end
+
+    desc "Remove Nginx site configuration"
+    task :remove do
+      on release_roles fetch(:nginx_roles) do
+        available_path = "/etc/nginx/sites-available/#{fetch(:nginx_site_name)}"
+        
+        if test "[ -f #{available_path} ]"
+          puts "🗑 Removing Nginx site configuration..."
+          execute :sudo, :rm, "-f", available_path
+        else
+          puts "⚠️  Nginx site configuration does not exist!"
+        end
+      end
+    end
+
+
+    ## Initiate Task, no desc .. so not in cap -T list
+    task :prepare do
+      on roles fetch(:nginx_roles) do
+        puts "⚙️  Ensuring Nginx directories exist..."
+        execute :sudo, "mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled"
+        invoke "nginx:site:upload"
+        puts "✅ Nginx setup completed! Enable it when ready with `cap nginx:site:enable`"
+      end
+    end
+
+  end
+
+  namespace :service do
+
+    %w[start stop restart reload].each do |command|
+      desc "#{command.capitalize} nginx service"
+      task command do
+        on release_roles fetch(:nginx_roles) do
+          puts "🔄 Running: systemctl #{command} nginx..."
+          execute :sudo, "systemctl #{command} nginx"
+        end
+      end
+    end
+
+    desc "Check nginx configuration"
+    task :check_config do
+      on release_roles fetch(:nginx_roles) do
+        puts "🧐 Checking nginx configuration..."
+        execute :sudo, "nginx -t"
+      end
+    end
+
+    desc "Check nginx status"
+    task :check_status do
+      on release_roles fetch(:nginx_roles) do
+        puts "🔍 Checking nginx status..."
+        execute :sudo, "systemctl status nginx --no-pager"
+      end
+    end
+
+  end
+  
+
+  desc "Update Apps Nginx (Upload, Enable if needed, Restart)"
+  task :update do
+    on release_roles fetch(:nginx_roles) do
+      puts "🔄 Reconfiguring Nginx..."
+      invoke "nginx:site:upload"
+      
+      unless test "[ -h /etc/nginx/sites-enabled/#{fetch(:nginx_site_name)} ]"
+        invoke "nginx:site:enable"
+      else
+        puts "🔗 Site already enabled, skipping enable step!"
+      end
+      
+      invoke "nginx:service:restart"
+      puts "✅ Nginx reconfiguration complete!"
+    end
+  end
+
+
+  desc "Fix Nginx folder rights .. if permission problem occurs"
+  task :fix_folder_rights do
+    on release_roles fetch(:nginx_roles) do
+      execute :sudo, "chmod o+x /home/#{fetch(:user)}"
+      execute :sudo, "chmod o+x #{fetch(:deploy_to)}"
+      execute :sudo, "chmod o+x #{current_path}"
+      execute :sudo, "chmod o+x #{shared_path}"
+    end
+  end
+  
+end
+
+
+
+### Add nginx setup to the main setup task
+task :setup do
+  invoke 'nginx:site:prepare'
+end
+
+
+
+namespace :deploy do
+  after 'deploy:finishing', :restart_nginx_app do
+    if fetch(:nginx_hooks)
+      invoke "nginx:update"
+    end
+  end
+end

data/lib/capistrano/tasks/nuxt.rake

@@ -0,0 +1,159 @@
+require 'capistrano/nuxt2/base_helpers'
+include Capistrano::Nuxt2::BaseHelpers
+
+namespace :load do
+  task :defaults do
+
+    set :nuxt_stat_file,          -> { "_builded_app" }
+    set :nuxt_logs_file,          -> { "_builded_logs" }
+    set :nuxt_done_file,          -> { "_builded_frontend" }
+
+    set :nuxt_use_nvm,            -> { false }
+    set :nuxt_nvm_path,           -> { "~/.nvm" }
+    set :nuxt_nvm_version,        -> { "18.19.0" }
+    set :nuxt_nvm_script,         -> { "$HOME/.nvm/nvm.sh" }
+
+    set :nuxt_app_roles,          -> { :app }
+
+    ## Maybe nonsense .. builds `APP_NAME_STG_DEPLOY_MODE`
+    set :nuxt_stage_env_var,      -> { build_deploy_env_var }
+
+
+    append :linked_files, fetch(:nuxt_stat_file), fetch(:nuxt_logs_file), fetch(:nuxt_done_file)
+    append :linked_dirs, 'node_modules'  # , '.nuxt', 'dist'
+
+  end
+end
+
+
+namespace :nuxt do
+
+  desc "output env var and stage"
+  task :output_env do
+    on roles(fetch(:nuxt_app_roles)) do
+      puts "🔧 Nuxt.js stage: #{fetch(:stage)}"
+      puts "🔧 Nuxt.js deploy mode: #{fetch(:nuxt_stage_env_var)}"
+    end
+  end
+
+  desc "Install dependencies"
+  task :install_dependencies do
+    on roles(fetch(:nuxt_app_roles)) do
+      within release_path do
+        execute :echo, "'installing|deploy' > #{shared_path}/#{fetch(:nuxt_stat_file)}"
+        execute :rm, "-rf node_modules/*"
+        execute :rm, "-rf #{shared_path}/node_modules/*"
+        if fetch(:nuxt_use_nvm, false)
+          env_vars = fetch(:default_env).map { |k, v| "#{k}=#{v}" }.join(" ")
+          nvm_prefix = "source #{fetch(:nuxt_nvm_script)} && nvm use #{fetch(:nuxt_nvm_version)}"
+          execute %(bash -lc '#{nvm_prefix} && cd #{release_path} && env #{env_vars} npm install')
+        else
+          execute :npm, "install"
+        end
+      end
+    end
+  end
+
+
+  desc "Build Nuxt.js app"
+  task :build do
+    on roles(fetch(:nuxt_app_roles)) do
+      within release_path do
+        execute :echo, "'building|deploy' > #{shared_path}/#{fetch(:nuxt_stat_file)}"
+        if fetch(:nuxt_use_nvm, false)
+          env_vars = fetch(:default_env).map { |k, v| "#{k}=#{v}" }.join(" ")
+          nvm_prefix = "source #{fetch(:nuxt_nvm_script)} && nvm use #{fetch(:nuxt_nvm_version)}"
+          execute %(bash -lc '#{nvm_prefix} && cd #{release_path} && env #{env_vars} ./node_modules/.bin/nuxt build')
+        else
+          execute :npm, "run build"
+        end
+      end
+    end
+  end
+
+
+  desc "Export static files (if needed)"
+  task :export do
+    on roles(fetch(:nuxt_app_roles)) do
+      within release_path do
+        execute :echo, "'generating|deploy' > #{shared_path}/#{fetch(:nuxt_stat_file)}"
+        execute :echo, "'Deploy - Render - LOGS :: #{ Time.now.strftime("%d.%m.%Y - %H:%M") } ::' > #{shared_path}/#{fetch(:nuxt_logs_file)}"
+        if fetch(:nuxt_use_nvm, false)
+          env_vars = fetch(:default_env).map { |k, v| "#{k}=#{v}" }.join(" ")
+          nvm_prefix = "source #{fetch(:nuxt_nvm_script)} && nvm use #{fetch(:nuxt_nvm_version)}"
+
+          execute %(bash -lc '#{nvm_prefix} && cd #{release_path} && env #{env_vars}  ./node_modules/.bin/nuxt generate')
+        else
+          execute :npm, "run generate 2>&1 | tee -a #{shared_path}/#{fetch(:nuxt_logs_file)}"
+        end
+      end
+    end
+  end
+
+  desc "Sync the dist folder to the shared folder"
+  task :sync_dist do
+    on roles(fetch(:nuxt_app_roles)) do
+      execute :echo, "'syncing|deploy' > #{shared_path}/#{fetch(:nuxt_stat_file)}"
+      execute :rsync, "-a --delete #{release_path}/dist/ #{shared_path}/www/"
+      execute :echo, "'success|deploy' > #{shared_path}/#{fetch(:nuxt_stat_file)}"
+      execute :touch, "#{shared_path}/#{fetch(:nuxt_done_file)}"
+    end
+  end
+
+
+  desc "Fix permissions (just in case)"
+  task :fix_permissions do
+    on roles(fetch(:nuxt_app_roles)) do
+      execute :sudo, :chown, "-R #{fetch(:user)}:#{fetch(:user)} #{release_path}"
+    end
+  end
+
+
+  desc "Setup defaults for Nuxt.js app"
+  task :setup_app do
+    on roles(fetch(:nuxt_app_roles)) do
+      ensure_shared_www_path
+      ensure_shared_log_path
+      execute :touch, "#{shared_path}/#{fetch(:nuxt_stat_file)}"
+      execute :touch, "#{shared_path}/#{fetch(:nuxt_logs_file)}"
+      execute :touch, "#{shared_path}/#{fetch(:nuxt_done_file)}"
+    end
+  end
+
+
+  desc "Regenerate Nuxt.js app"
+  task :rebuild_app do
+    invoke "nuxt:install_dependencies"
+    invoke "nuxt:build"
+    invoke "nuxt:export"
+    invoke "nuxt:sync_dist"
+  end
+
+  desc "Regenerate Nuxt.js app"
+  task :regenerate_app do
+    invoke "nuxt:export"
+    invoke "nuxt:sync_dist"
+  end
+
+  desc "Install required node version with nvm"
+  task :install_nvm_node do
+    on roles(fetch(:nuxt_app_roles)) do
+      if fetch(:nuxt_use_nvm, false)
+        execute %(bash -lc 'source #{fetch(:nuxt_nvm_script)} && nvm install #{fetch(:nuxt_nvm_version)}')
+      end
+    end
+  end
+
+end
+
+namespace :deploy do
+  after 'deploy:published', :rebuild_nuxt_app do
+    invoke "nuxt:rebuild_app"
+  end
+end
+
+
+desc 'Server setup tasks'
+task :setup do
+  invoke 'nuxt:setup_app'
+end