forked from ss/sovereign-stack
Minor updates to control.
This commit is contained in:
parent
3f94dbb62a
commit
806794c308
@ -31,11 +31,11 @@ fi
|
|||||||
# if [ "$VPS_HOSTING_TARGET" != lxd ]; then
|
# if [ "$VPS_HOSTING_TARGET" != lxd ]; then
|
||||||
|
|
||||||
|
|
||||||
# really we should change this if clause to some thing like
|
# really we should change this if clause to some thing like
|
||||||
# "if the perimeter firewall allows port 80/443, then go ahead."
|
# "if the perimeter firewall allows port 80/443, then go ahead."
|
||||||
if [ "$RUN_CERT_RENEWAL" = true ]; then
|
if [ "$RUN_CERT_RENEWAL" = true ]; then
|
||||||
./generate_certs.sh
|
./generate_certs.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$RUN_BACKUP" = true ]; then
|
if [ "$RUN_BACKUP" = true ]; then
|
||||||
./backup_www.sh
|
./backup_www.sh
|
||||||
|
@ -2,12 +2,6 @@
|
|||||||
|
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
# check to ensure the admin has specified a MACVLAN interface
|
|
||||||
if [ -z "$MACVLAN_INTERFACE" ]; then
|
|
||||||
echo "ERROR: MACVLAN_INTERFACE not defined in project."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# The base VM image.
|
# The base VM image.
|
||||||
BASE_LXC_IMAGE="ubuntu/22.04/cloud"
|
BASE_LXC_IMAGE="ubuntu/22.04/cloud"
|
||||||
|
|
||||||
@ -24,7 +18,7 @@ export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
|||||||
envsubst < ./lxc_profile.yml > "$SITE_PATH/cloud-init-$APP_TO_DEPLOY.yml"
|
envsubst < ./lxc_profile.yml > "$SITE_PATH/cloud-init-$APP_TO_DEPLOY.yml"
|
||||||
|
|
||||||
# configure the profile with our generated cloud-init.yml file.
|
# configure the profile with our generated cloud-init.yml file.
|
||||||
lxc profile edit "$LXD_VM_NAME" < "$SITE_PATH/cloud-init-$APP_TO_DEPLOY.yml"
|
cat "$SITE_PATH/cloud-init-$APP_TO_DEPLOY.yml" | lxc profile edit "$LXD_VM_NAME"
|
||||||
|
|
||||||
function wait_for_lxc_ip {
|
function wait_for_lxc_ip {
|
||||||
|
|
||||||
|
@ -41,7 +41,6 @@ if [ "$APP_TO_DEPLOY" = www ] || [ "$APP_TO_DEPLOY" = certonly ]; then
|
|||||||
docker-machine create --driver amazonec2 \
|
docker-machine create --driver amazonec2 \
|
||||||
--amazonec2-open-port 80 \
|
--amazonec2-open-port 80 \
|
||||||
--amazonec2-open-port 443 \
|
--amazonec2-open-port 443 \
|
||||||
--amazonec2-open-port 8448 \
|
|
||||||
--amazonec2-access-key "$AWS_ACCESS_KEY" \
|
--amazonec2-access-key "$AWS_ACCESS_KEY" \
|
||||||
--amazonec2-secret-key "$AWS_SECRET_ACCESS_KEY" \
|
--amazonec2-secret-key "$AWS_SECRET_ACCESS_KEY" \
|
||||||
--amazonec2-region "$AWS_REGION" \
|
--amazonec2-region "$AWS_REGION" \
|
||||||
@ -70,7 +69,7 @@ elif [ "$APP_TO_DEPLOY" = btcpay ]; then
|
|||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
docker-machine scp "$SITE_PATH/authorized_keys" "$FQDN:$REMOTE_HOME/authorized_keys"
|
docker-machine scp "$LXD_REMOTE_PATH/authorized_keys" "$FQDN:$REMOTE_HOME/authorized_keys"
|
||||||
docker-machine ssh "$FQDN" "cat $REMOTE_HOME/authorized_keys >> $REMOTE_HOME/.ssh/authorized_keys"
|
docker-machine ssh "$FQDN" "cat $REMOTE_HOME/authorized_keys >> $REMOTE_HOME/.ssh/authorized_keys"
|
||||||
|
|
||||||
# we have to ensure ubuntu is able to do sudo less docker commands.
|
# we have to ensure ubuntu is able to do sudo less docker commands.
|
||||||
|
@ -41,12 +41,14 @@ export BTCPAY_ENABLE_SSH=true
|
|||||||
|
|
||||||
cd btcpayserver-docker
|
cd btcpayserver-docker
|
||||||
|
|
||||||
# run fast_sync if it's not been done before.
|
if [ "${BTC_CHAIN}" != regtest ]; then
|
||||||
if [ ! -f /home/ubuntu/fast_sync_completed ]; then
|
# run fast_sync if it's not been done before.
|
||||||
|
if [ ! -f /home/ubuntu/fast_sync_completed ]; then
|
||||||
cd ./contrib/FastSync
|
cd ./contrib/FastSync
|
||||||
./load-utxo-set.sh
|
./load-utxo-set.sh
|
||||||
touch /home/ubuntu/fast_sync_completed
|
touch /home/ubuntu/fast_sync_completed
|
||||||
cd -
|
cd -
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# provision the btcpay server
|
# provision the btcpay server
|
||||||
|
@ -33,7 +33,6 @@ cat >>"$DOCKER_YAML_PATH" <<EOL
|
|||||||
- ${REMOTE_HOME}/ghost_site:/var/lib/ghost/content
|
- ${REMOTE_HOME}/ghost_site:/var/lib/ghost/content
|
||||||
environment:
|
environment:
|
||||||
- url=https://${FQDN}
|
- url=https://${FQDN}
|
||||||
- mail__from="${MAIL_FROM}"
|
|
||||||
- mail__options__service=SMTP
|
- mail__options__service=SMTP
|
||||||
- mail__transport=SMTP
|
- mail__transport=SMTP
|
||||||
- mail__options__host=${SMTP_SERVER}
|
- mail__options__host=${SMTP_SERVER}
|
||||||
@ -189,7 +188,6 @@ cat >>"$DOCKER_YAML_PATH" <<EOL
|
|||||||
- ${REMOTE_HOME}/tor_ghost:/var/lib/ghost/content
|
- ${REMOTE_HOME}/tor_ghost:/var/lib/ghost/content
|
||||||
environment:
|
environment:
|
||||||
- url=https://${ONION_ADDRESS}
|
- url=https://${ONION_ADDRESS}
|
||||||
- mail__from=${MAIL_FROM}
|
|
||||||
- mail__options__service=SMTP
|
- mail__options__service=SMTP
|
||||||
- mail__transport=SMTP
|
- mail__transport=SMTP
|
||||||
- mail__options__host=${SMTP_SERVER}
|
- mail__options__host=${SMTP_SERVER}
|
||||||
@ -217,20 +215,6 @@ cat >>"$DOCKER_YAML_PATH" <<EOL
|
|||||||
ports:
|
ports:
|
||||||
- 0.0.0.0:443:443
|
- 0.0.0.0:443:443
|
||||||
- 0.0.0.0:80:80
|
- 0.0.0.0:80:80
|
||||||
- 0.0.0.0:8448:8448
|
|
||||||
networks:
|
|
||||||
- ghost-net
|
|
||||||
EOL
|
|
||||||
|
|
||||||
|
|
||||||
# NGINX required
|
|
||||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
|
||||||
nginx:
|
|
||||||
image: ${NGINX_IMAGE}
|
|
||||||
ports:
|
|
||||||
- 0.0.0.0:443:443
|
|
||||||
- 0.0.0.0:80:80
|
|
||||||
- 0.0.0.0:8448:8448
|
|
||||||
networks:
|
networks:
|
||||||
- ghost-net
|
- ghost-net
|
||||||
EOL
|
EOL
|
||||||
@ -262,7 +246,7 @@ fi
|
|||||||
# the rest of the nginx config
|
# the rest of the nginx config
|
||||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/letsencrypt:/etc/letsencrypt:ro
|
- ${REMOTE_HOME}/letsencrypt:/etc/letsencrypt:ro
|
||||||
configs:
|
configs:
|
||||||
- source: nginx-config
|
- source: nginx-config
|
||||||
target: /etc/nginx/nginx.conf
|
target: /etc/nginx/nginx.conf
|
||||||
|
Loading…
Reference in New Issue
Block a user