sovereign-stack/deployment/provision_vps.sh

#!/bin/bash

set -eux
cd "$(dirname "$0")"

if [ ! -f "$HOME/.aws/credentials" ]; then

    # TODO write a credential file baseline
    echo "ERROR: Please update your '$HOME/.aws/credentials' file before continuing."
    mkdir -p "$HOME/.aws"
    touch "$HOME/.aws/credentials"

    # stub out a site_definition with new passwords.
    cat >"$HOME/.aws/credentials" <<EOL
#!/bin/bash

# enter your AWS Access Key and Secret Access Key here.
export AWS_ACCESS_KEY=
export AWS_SECRET_ACCESS_KEY=

EOL

    exit 1
fi

source "$HOME/.aws/credentials"

if [ -z "$AWS_ACCESS_KEY" ]; then
    echo "ERROR: AWS_ACCESS_KEY is not set."
    exit 1
fi

if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
    echo "ERROR: AWS_SECRET_ACCESS_KEY is not set."
    exit 1
fi

# Note, we assume the script has already made sure the machine doesn't exist.
if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = certonly ]; then
    # creates a public VM in AWS and provisions the bcm website.
    docker-machine create --driver amazonec2 \
        --amazonec2-open-port 80 \
        --amazonec2-open-port 443 \
        --amazonec2-access-key "$AWS_ACCESS_KEY" \
        --amazonec2-secret-key "$AWS_SECRET_ACCESS_KEY" \
        --amazonec2-region "$AWS_REGION" \
        --amazonec2-ami "$AWS_AMI_ID" \
        --amazonec2-root-size "$ROOT_DISK_SIZE_GB" \
        --amazonec2-instance-type "$WWW_INSTANCE_TYPE" \
        --engine-label commit="$LATEST_GIT_COMMIT" \
        "$FQDN"
        
elif [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
    # creates a public VM in AWS and provisions the bcm website.
    docker-machine create --driver amazonec2 \
        --amazonec2-open-port 80 \
        --amazonec2-open-port 443 \
        --amazonec2-open-port 9735 \
        --amazonec2-access-key "$AWS_ACCESS_KEY" \
        --amazonec2-secret-key "$AWS_SECRET_ACCESS_KEY" \
        --amazonec2-region "$AWS_REGION" \
        --amazonec2-ami "$AWS_AMI_ID" \
        --amazonec2-root-size "$ROOT_DISK_SIZE_GB" \
        --amazonec2-instance-type "$BTCPAY_INSTANCE_TYPE" \
        --engine-label commit="$LATEST_GIT_COMMIT" \
        "$FQDN"

fi

docker-machine scp "$CLUSTER_PATH/authorized_keys" "$FQDN:$REMOTE_HOME/authorized_keys"
docker-machine ssh "$FQDN" "cat $REMOTE_HOME/authorized_keys >> $REMOTE_HOME/.ssh/authorized_keys"

# we have to ensure ubuntu is able to do sudo less docker commands.
docker-machine ssh "$FQDN" sudo usermod -aG docker ubuntu

# we restart so dockerd starts with fresh group membership.
docker-machine ssh "$FQDN" sudo systemctl restart docker

# TODO INSTALL DOCKER COMPOSE

# let's wire up the DNS so subsequent ssh commands resolve to the VPS.
./run_ddns.sh

# remove the SSH hostname from known_hosts as we'll
# todo why do we need this again?
ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN"
Moved files. Signed-off-by: Derek Smith <derek@farscapian.com> 2022-05-20 15:06:41 +00:00			`#!/bin/bash`

			`set -eux`
			`cd "$(dirname "$0")"`

			`if [ ! -f "$HOME/.aws/credentials" ]; then`

			`# TODO write a credential file baseline`
			`echo "ERROR: Please update your '$HOME/.aws/credentials' file before continuing."`
			`mkdir -p "$HOME/.aws"`
			`touch "$HOME/.aws/credentials"`

			`# stub out a site_definition with new passwords.`
			`cat >"$HOME/.aws/credentials" <<EOL`
			`#!/bin/bash`

			`# enter your AWS Access Key and Secret Access Key here.`
			`export AWS_ACCESS_KEY=`
			`export AWS_SECRET_ACCESS_KEY=`

			`EOL`

			`exit 1`
			`fi`

			`source "$HOME/.aws/credentials"`

			`if [ -z "$AWS_ACCESS_KEY" ]; then`
			`echo "ERROR: AWS_ACCESS_KEY is not set."`
			`exit 1`
			`fi`

			`if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then`
			`echo "ERROR: AWS_SECRET_ACCESS_KEY is not set."`
			`exit 1`
			`fi`

			`# Note, we assume the script has already made sure the machine doesn't exist.`
Huge updates. 2022-07-27 16:38:33 +00:00			`if [ "$VIRTUAL_MACHINE" = www ] \|\| [ "$VIRTUAL_MACHINE" = certonly ]; then`
Moved files. Signed-off-by: Derek Smith <derek@farscapian.com> 2022-05-20 15:06:41 +00:00			`# creates a public VM in AWS and provisions the bcm website.`
			`docker-machine create --driver amazonec2 \`
			`--amazonec2-open-port 80 \`
			`--amazonec2-open-port 443 \`
			`--amazonec2-access-key "$AWS_ACCESS_KEY" \`
			`--amazonec2-secret-key "$AWS_SECRET_ACCESS_KEY" \`
			`--amazonec2-region "$AWS_REGION" \`
			`--amazonec2-ami "$AWS_AMI_ID" \`
			`--amazonec2-root-size "$ROOT_DISK_SIZE_GB" \`
			`--amazonec2-instance-type "$WWW_INSTANCE_TYPE" \`
			`--engine-label commit="$LATEST_GIT_COMMIT" \`
			`"$FQDN"`

Huge updates. 2022-07-27 16:38:33 +00:00			`elif [ "$VIRTUAL_MACHINE" = btcpayserver ]; then`
Moved files. Signed-off-by: Derek Smith <derek@farscapian.com> 2022-05-20 15:06:41 +00:00			`# creates a public VM in AWS and provisions the bcm website.`
			`docker-machine create --driver amazonec2 \`
			`--amazonec2-open-port 80 \`
			`--amazonec2-open-port 443 \`
			`--amazonec2-open-port 9735 \`
			`--amazonec2-access-key "$AWS_ACCESS_KEY" \`
			`--amazonec2-secret-key "$AWS_SECRET_ACCESS_KEY" \`
			`--amazonec2-region "$AWS_REGION" \`
			`--amazonec2-ami "$AWS_AMI_ID" \`
			`--amazonec2-root-size "$ROOT_DISK_SIZE_GB" \`
			`--amazonec2-instance-type "$BTCPAY_INSTANCE_TYPE" \`
			`--engine-label commit="$LATEST_GIT_COMMIT" \`
			`"$FQDN"`

			`fi`

Huge updates. 2022-07-27 16:38:33 +00:00			`docker-machine scp "$CLUSTER_PATH/authorized_keys" "$FQDN:$REMOTE_HOME/authorized_keys"`
Moved files. Signed-off-by: Derek Smith <derek@farscapian.com> 2022-05-20 15:06:41 +00:00			`docker-machine ssh "$FQDN" "cat $REMOTE_HOME/authorized_keys >> $REMOTE_HOME/.ssh/authorized_keys"`

			`# we have to ensure ubuntu is able to do sudo less docker commands.`
			`docker-machine ssh "$FQDN" sudo usermod -aG docker ubuntu`

			`# we restart so dockerd starts with fresh group membership.`
			`docker-machine ssh "$FQDN" sudo systemctl restart docker`

			`# TODO INSTALL DOCKER COMPOSE`

			`# let's wire up the DNS so subsequent ssh commands resolve to the VPS.`
			`./run_ddns.sh`

			`# remove the SSH hostname from known_hosts as we'll`
			`# todo why do we need this again?`
			`ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN"`