forked from ss/sovereign-stack
Various software updates and control updates.
Signed-off-by: Derek Smith <derek@farscapian.com>
This commit is contained in:
parent
4c4a2304ac
commit
1e338fb603
17
defaults.sh
17
defaults.sh
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
export DEPLOY_WWW_SERVER=true
|
export DEPLOY_WWW_SERVER=false
|
||||||
export DEPLOY_BTCPPAY_SERVER=false
|
export DEPLOY_BTCPPAY_SERVER=false
|
||||||
export DEPLOY_UMBREL_VPS=false
|
export DEPLOY_UMBREL_VPS=false
|
||||||
|
|
||||||
@ -44,8 +44,8 @@ export SMTP_PORT="587"
|
|||||||
export AWS_REGION="us-east-1"
|
export AWS_REGION="us-east-1"
|
||||||
|
|
||||||
# AMI NAME:
|
# AMI NAME:
|
||||||
# ubuntu-minimal/images/hvm-ssd/ubuntu-hirsute-21.04-amd64-minimal-20211130-907a40d2-dca2-4750-b073-b3254c031ab6
|
# ubuntu-minimal/images/hvm-ssd/ubuntu-impish-21.10-amd64-minimal-20220308-f7c42f71-5c9c-40c0-b808-ada8557fe9a2
|
||||||
export AWS_AMI_ID="ami-080435381cbbb5b9b"
|
export AWS_AMI_ID="ami-0ab880898e027d4c1"
|
||||||
WWW_INSTANCE_TYPE="t2.micro"
|
WWW_INSTANCE_TYPE="t2.micro"
|
||||||
BTCPAY_INSTANCE_TYPE="t2.medium"
|
BTCPAY_INSTANCE_TYPE="t2.medium"
|
||||||
|
|
||||||
@ -120,7 +120,6 @@ fi
|
|||||||
|
|
||||||
export SITE_PATH="$SITE_PATH"
|
export SITE_PATH="$SITE_PATH"
|
||||||
export BTC_CHAIN="$BTC_CHAIN"
|
export BTC_CHAIN="$BTC_CHAIN"
|
||||||
export DEPLOY_BTCPAY_SERVER=false
|
|
||||||
|
|
||||||
# if we're running aws/public, we enable nginx caching since it's a public site.
|
# if we're running aws/public, we enable nginx caching since it's a public site.
|
||||||
if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||||
@ -132,12 +131,12 @@ DEFAULT_DB_IMAGE="mariadb:10.6.5"
|
|||||||
export ENABLE_NGINX_CACHING="$ENABLE_NGINX_CACHING"
|
export ENABLE_NGINX_CACHING="$ENABLE_NGINX_CACHING"
|
||||||
|
|
||||||
# run the docker stack.
|
# run the docker stack.
|
||||||
export GHOST_IMAGE="ghost:4.32.0"
|
export GHOST_IMAGE="ghost:4.44.0"
|
||||||
export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
||||||
export NGINX_IMAGE="nginx:1.21.4"
|
export NGINX_IMAGE="nginx:1.21.6"
|
||||||
export NEXTCLOUD_IMAGE="nextcloud:23.0.0"
|
export NEXTCLOUD_IMAGE="nextcloud:23.0.2"
|
||||||
export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
||||||
export MATRIX_IMAGE="matrixdotorg/synapse:v1.49.0"
|
export MATRIX_IMAGE="matrixdotorg/synapse:v1.52.0"
|
||||||
export MATRIX_DB_IMAGE="postgres:13.4"
|
export MATRIX_DB_IMAGE="postgres:13.6"
|
||||||
export GITEA_IMAGE="gitea/gitea:latest"
|
export GITEA_IMAGE="gitea/gitea:latest"
|
||||||
export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
||||||
|
25
deploy.sh
25
deploy.sh
@ -3,7 +3,7 @@
|
|||||||
set -exuo nounset
|
set -exuo nounset
|
||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
USER_DELETE_MACHINE=false
|
MIGRATE_VPS=false
|
||||||
DOMAIN_NAME=
|
DOMAIN_NAME=
|
||||||
VPS_HOSTING_TARGET=lxd
|
VPS_HOSTING_TARGET=lxd
|
||||||
RUN_CERT_RENEWAL=true
|
RUN_CERT_RENEWAL=true
|
||||||
@ -15,7 +15,10 @@ MIGRATE_BTCPAY_SERVER=false
|
|||||||
RECONFIGURE_BTCPAY_SERVER=false
|
RECONFIGURE_BTCPAY_SERVER=false
|
||||||
BTCPAY_ADDITIONAL_HOSTNAMES=
|
BTCPAY_ADDITIONAL_HOSTNAMES=
|
||||||
LXD_DISK_TO_USE=
|
LXD_DISK_TO_USE=
|
||||||
DEV_BTCPAY_MAC_ADDRESS=
|
DEPLOY_BTCPAY_SERVER=false
|
||||||
|
REDEPLOY_STACK=false
|
||||||
|
MACVLAN_INTERFACE=
|
||||||
|
|
||||||
|
|
||||||
for i in "$@"; do
|
for i in "$@"; do
|
||||||
case $i in
|
case $i in
|
||||||
@ -39,8 +42,8 @@ for i in "$@"; do
|
|||||||
USER_NO_BACKUP=true
|
USER_NO_BACKUP=true
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--delete)
|
--migrate)
|
||||||
USER_DELETE_MACHINE=true
|
MIGRATE_VPS=true
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--storage-backend=*)
|
--storage-backend=*)
|
||||||
@ -79,6 +82,7 @@ export BTC_CHAIN="$BTC_CHAIN"
|
|||||||
export UPDATE_BTCPAY="$UPDATE_BTCPAY"
|
export UPDATE_BTCPAY="$UPDATE_BTCPAY"
|
||||||
export MIGRATE_BTCPAY_SERVER="$MIGRATE_BTCPAY_SERVER"
|
export MIGRATE_BTCPAY_SERVER="$MIGRATE_BTCPAY_SERVER"
|
||||||
export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
|
export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
|
||||||
|
export MACVLAN_INTERFACE="$MACVLAN_INTERFACE"
|
||||||
|
|
||||||
# # first of all, if there are uncommited changes, we quit. You better stash your work yo!
|
# # first of all, if there are uncommited changes, we quit. You better stash your work yo!
|
||||||
# if git update-index --refresh| grep -q "needs update"; then
|
# if git update-index --refresh| grep -q "needs update"; then
|
||||||
@ -108,7 +112,8 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
|
|||||||
|
|
||||||
# skip if the server config is set to not deploy.
|
# skip if the server config is set to not deploy.
|
||||||
if [ "$APP_TO_DEPLOY" = www ]; then
|
if [ "$APP_TO_DEPLOY" = www ]; then
|
||||||
FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
|
VPS_HOSTNAME="$WWW_HOSTNAME"
|
||||||
|
MAC_ADDRESS_TO_PROVISION="$WWW_MAC_ADDRESS"
|
||||||
if [ "$DEPLOY_WWW_SERVER" = false ]; then
|
if [ "$DEPLOY_WWW_SERVER" = false ]; then
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
@ -123,6 +128,9 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
export MAC_ADDRESS_TO_PROVISION="$MAC_ADDRESS_TO_PROVISION"
|
||||||
|
export VPS_HOSTNAME="$VPS_HOSTNAME"
|
||||||
|
export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
|
||||||
|
|
||||||
# generate the docker yaml and nginx configs.
|
# generate the docker yaml and nginx configs.
|
||||||
./stub_docker_yml.sh
|
./stub_docker_yml.sh
|
||||||
@ -143,7 +151,9 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
|
|||||||
|
|
||||||
if [ "$MACHINE_EXISTS" = true ]; then
|
if [ "$MACHINE_EXISTS" = true ]; then
|
||||||
# we delete the machine if the user has directed us to
|
# we delete the machine if the user has directed us to
|
||||||
if [ "$USER_DELETE_MACHINE" = true ]; then
|
if [ "$MIGRATE_VPS" = true ]; then
|
||||||
|
|
||||||
|
|
||||||
# run the domain_init based on user input.
|
# run the domain_init based on user input.
|
||||||
if [ "$USER_NO_BACKUP" = true ]; then
|
if [ "$USER_NO_BACKUP" = true ]; then
|
||||||
echo "Machine exists. We don't need to back it up because the user has directed --no-backup."
|
echo "Machine exists. We don't need to back it up because the user has directed --no-backup."
|
||||||
@ -160,6 +170,7 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
|
|||||||
fi
|
fi
|
||||||
elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
lxc delete --force "$LXD_VM_NAME"
|
lxc delete --force "$LXD_VM_NAME"
|
||||||
|
USER_RUN_RESTORE=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Then we run the script again to re-instantiate a new VPS, restoring all user data
|
# Then we run the script again to re-instantiate a new VPS, restoring all user data
|
||||||
@ -178,7 +189,7 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
|
|||||||
RUN_RESTORE="$USER_RUN_RESTORE" RUN_BACKUP="$RUN_BACKUP" RUN_SERVICES=true ./domain_init.sh
|
RUN_RESTORE="$USER_RUN_RESTORE" RUN_BACKUP="$RUN_BACKUP" RUN_SERVICES=true ./domain_init.sh
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [ "$USER_DELETE_MACHINE" = true ]; then
|
if [ "$MIGRATE_VPS" = true ]; then
|
||||||
echo "INFO: User has indicated to delete the machine, but it doesn't exist. Going to create it anyway."
|
echo "INFO: User has indicated to delete the machine, but it doesn't exist. Going to create it anyway."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -exuo nounset
|
set -eux
|
||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
# let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa
|
# let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa
|
||||||
@ -44,20 +44,20 @@ elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
|||||||
ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN"
|
ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN"
|
||||||
|
|
||||||
#check to ensure the MACVLAN interface has been set by the user
|
#check to ensure the MACVLAN interface has been set by the user
|
||||||
if [ -z "$DEV_MACVLAN_INTERFACE" ]; then
|
if [ -z "$MACVLAN_INTERFACE" ]; then
|
||||||
echo "ERROR: DEV_MACVLAN_INTERFACE has not been defined. Use '--macvlan-interface=eno1' for example."
|
echo "ERROR: MACVLAN_INTERFACE has not been defined. Use '--macvlan-interface=eno1' for example."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# let's first check to ensure there's a cert.tar.gz. We need a valid cert for testing.
|
# let's first check to ensure there's a cert.tar.gz. We need a valid cert for testing.
|
||||||
if [ ! -f "$SITE_PATH/certs.tar.gz" ]; then
|
if [ ! -f "$SITE_PATH/certs.tar.gz" ]; then
|
||||||
echo "ERROR: We need a valid cert for testing. Please use the '--app=certonly' first."
|
echo "ERROR: We need a valid cert for testing."
|
||||||
exit
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if the machine doesn't exist, we create it.
|
# if the machine doesn't exist, we create it.
|
||||||
if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
|
if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
|
||||||
RUN_BACKUP=false
|
export RUN_BACKUP=false
|
||||||
|
|
||||||
# create a base image if needed and instantiate a VM.
|
# create a base image if needed and instantiate a VM.
|
||||||
./provision_lxc.sh
|
./provision_lxc.sh
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -exuo nounset
|
set -exu
|
||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
if [ "$RUN_BACKUP" = true ]; then
|
if [ "$RUN_BACKUP" = true ]; then
|
||||||
|
# shellcheck disable=SC2029
|
||||||
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh"
|
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -17,6 +18,7 @@ if [ "$UPDATE_BTCPAY" = true ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# run the update.
|
# run the update.
|
||||||
|
# shellcheck disable=SC2029
|
||||||
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-update.sh"
|
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-update.sh"
|
||||||
|
|
||||||
else
|
else
|
||||||
@ -28,6 +30,7 @@ fi
|
|||||||
|
|
||||||
# run a restoration if specified.
|
# run a restoration if specified.
|
||||||
if [ "$RUN_RESTORE" = true ]; then
|
if [ "$RUN_RESTORE" = true ]; then
|
||||||
|
# shellcheck disable=SC2029
|
||||||
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh"
|
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh"
|
||||||
./restore_btcpay.sh
|
./restore_btcpay.sh
|
||||||
fi
|
fi
|
||||||
@ -38,9 +41,10 @@ if [ "$RECONFIGURE_BTCPAY_SERVER" = true ]; then
|
|||||||
./run_btcpay_setup.sh
|
./run_btcpay_setup.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$MIGRATE_BTCPAY_SERVER" = false ]; then
|
if [ "$MIGRATE_VPS" = false ]; then
|
||||||
# The default is to resume services, though admin may want to keep services off (eg., for a migration)
|
# The default is to resume services, though admin may want to keep services off (eg., for a migration)
|
||||||
# we bring the services back up by default.
|
# we bring the services back up by default.
|
||||||
|
# shellcheck disable=SC2029
|
||||||
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-up.sh"
|
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-up.sh"
|
||||||
|
|
||||||
# we wait for lightning to comone line too.
|
# we wait for lightning to comone line too.
|
||||||
|
@ -40,9 +40,9 @@ else
|
|||||||
# restore the certs. If they don't exist in a backup we restore from SITE_PATH
|
# restore the certs. If they don't exist in a backup we restore from SITE_PATH
|
||||||
if [ -f "$SITE_PATH/certs.tar.gz" ]; then
|
if [ -f "$SITE_PATH/certs.tar.gz" ]; then
|
||||||
scp "$SITE_PATH/certs.tar.gz" "ubuntu@$FQDN:$REMOTE_HOME/certs.tar.gz"
|
scp "$SITE_PATH/certs.tar.gz" "ubuntu@$FQDN:$REMOTE_HOME/certs.tar.gz"
|
||||||
ssh "$FQDN" sudo tar -xvf "$REMOTE_HOME/certs.tar.gz" -C /etc
|
ssh "$FQDN" "sudo tar -xvf $REMOTE_HOME/certs.tar.gz -C /etc"
|
||||||
else
|
else
|
||||||
echo "ERROR: Certificates do not exist locally. You need to obtain some, perhaps by running with '--app=certonly'."
|
echo "ERROR: Certificates do not exist locally."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
|
|
||||||
sudo apt-get install -y wait-for-it dnsutils tor rsync sshfs
|
sudo apt-get install -y wait-for-it dnsutils rsync sshfs
|
||||||
|
|
||||||
if [ ! -f $(which lxd) ]; then
|
if [ ! -f $(which lxd) ]; then
|
||||||
sudo snap install lxd
|
sudo snap install lxd
|
||||||
|
@ -143,6 +143,6 @@ devices:
|
|||||||
type: disk
|
type: disk
|
||||||
enp5s0:
|
enp5s0:
|
||||||
nictype: macvlan
|
nictype: macvlan
|
||||||
parent: ${DEV_MACVLAN_INTERFACE}
|
parent: ${MACVLAN_INTERFACE}
|
||||||
type: nic
|
type: nic
|
||||||
name: ${LXD_VM_NAME}
|
name: ${LXD_VM_NAME}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -euo nounset
|
set -eux
|
||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
|
||||||
|
@ -17,4 +17,3 @@ scp -r "$LOCAL_BACKUP_PATH/" "$FQDN:$REMOTE_HOME/backups/$APP_TO_DEPLOY"
|
|||||||
|
|
||||||
# now we run duplicity to restore the archive.
|
# now we run duplicity to restore the archive.
|
||||||
ssh "$FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/" "$REMOTE_HOME/"
|
ssh "$FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/" "$REMOTE_HOME/"
|
||||||
#ssh "$FQDN" sudo tar -xvf "$REMOTE_HOME/certs.tar.gz" -C /etc
|
|
||||||
|
@ -59,6 +59,10 @@ DOCKER_YAML_PATH="$SITE_PATH/appstack.yml"
|
|||||||
export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
|
export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
|
||||||
|
|
||||||
# TODO add file existence check
|
# TODO add file existence check
|
||||||
|
if [ ! -f "$SITE_PATH/site_definition" ]; then
|
||||||
|
echo "ERROR: site_definition does not exist."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
# shellcheck disable=SC1090
|
# shellcheck disable=SC1090
|
||||||
source "$SITE_PATH/site_definition"
|
source "$SITE_PATH/site_definition"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user