diff --git a/README.md b/README.md index 2670ba4..ed78041 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,13 @@ # Documentation -All documentation for this project can be found at the [sovereign-stack.org](https://www.sovereign-stack.org). \ No newline at end of file +The Sovereign Stack scripts in this repository are meant to be cloned to and executed from your management machine. + +You can update Sovereign Stack scripts on your management machine by running `git pull --all`. Generally, you want to use ONLY signed git tags for your deployments. Use `git checkout v0.1.0` for example to switch to a specific version of Sovereign Stack. The scripts ensure check to ensure that the code you're running on your management machine is GREATER THAN OR EQUAL TO each of your active deployments (TODO). + +Once your managent machine is using a specific version of code, you will want to run the various scripts. But before you can do that, you need to bring a bare-metal Ubuntu 22.04 cluster host under management. Generally speaking you will run `ss-cluster` to bring a new bare-metal host under management of your management machine. This can be run AFTER you have verified SSH access to the bare-metal hosts. The device SHOULD also have a DHCP Reservation and DNS records in place. + +After you have taken a machine under management, you can run `ss-deploy` it. All Sovereign Stack scripts execute against your current lxc remote. (Run `lxc remote list` to see your remotes). This will deploy Sovereign Stack software to your active remote in accordance with the various cluster, project, and site defintions. These files are stubbed out for the user automatically and documetnation guides the user through the process. + +It is the responsiblity of the management machine (i.e,. system owner) to run the scripts on a regular and ongoing basis to ensure active deployments stay up-to-date with the Sovereign Stack master branch. + +All other documentation for this project can be found at the [sovereign-stack.org](https://www.sovereign-stack.org). \ No newline at end of file diff --git a/cluster.sh b/cluster.sh index 7b1d8dd..b0a5795 100755 --- a/cluster.sh +++ b/cluster.sh @@ -167,7 +167,7 @@ ssh -t "ubuntu@$FQDN" " # install lxd as a snap if it's not installed. We only really use the LXC part of this package. if ! snap list | grep -q lxd; then - sudo -A snap install lxd + sudo snap install lxd --candidate sleep 4 fi " @@ -196,7 +196,7 @@ networks: dns.mode: "none" #managed: true description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-} - # lxdbrSS is an isolated bridge; no Internet access. + # lxdbrSS is an isolated inter-vm network segment with no outbount Internet access. cluster: server_name: ${CLUSTER_NAME} diff --git a/defaults.sh b/defaults.sh index 8020786..eb2f911 100755 --- a/defaults.sh +++ b/defaults.sh @@ -2,9 +2,8 @@ set -eu -export DEPLOY_WWW_SERVER=false export WWW_SERVER_MAC_ADDRESS= -export DEPLOY_BTCPPAY_SERVER=false + export DEPLOY_GHOST=true export DEPLOY_NOSTR_RELAY=true @@ -13,8 +12,8 @@ export DEPLOY_NEXTCLOUD=false export DEPLOY_GITEA=false export WWW_HOSTNAME="www" -export BTCPAY_HOSTNAME="btcpay" -export BTCPAY_HOSTNAME_IN_CERT="tip" +export BTCPAY_HOSTNAME="btcpayserver" +export BTCPAY_HOSTNAME_IN_CERT="btcpay" export NEXTCLOUD_HOSTNAME="nextcloud" export GITEA_HOSTNAME="git" export NOSTR_HOSTNAME="relay" @@ -58,8 +57,6 @@ BTCPAY_INSTANCE_TYPE="t2.medium" export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE" export BTCPAY_INSTANCE_TYPE="$BTCPAY_INSTANCE_TYPE" -# TODO REMOVE SMTP_PASSWORD ONCE VERIFIED NO LONGER NEEDED -#export SMTP_PASSWORD= export GHOST_MYSQL_PASSWORD= export GHOST_MYSQL_ROOT_PASSWORD= export NEXTCLOUD_MYSQL_PASSWORD= @@ -110,7 +107,7 @@ DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy" # run the docker stack. -export GHOST_IMAGE="ghost:5.18.0" +export GHOST_IMAGE="ghost:5.20.0" # TODO switch to mysql. May require intricate export work. THIS MUST BE COMPLETED BEFORE v1 RELEASE #https://forum.ghost.org/t/how-to-migrate-from-mariadb-10-to-mysql-8/29575 diff --git a/deploy.sh b/deploy.sh index 91e88ef..5be57e5 100755 --- a/deploy.sh +++ b/deploy.sh @@ -29,16 +29,15 @@ VPS_HOSTING_TARGET=lxd RUN_CERT_RENEWAL=false RESTORE_WWW=false BACKUP_CERTS=true -BACKUP_APPS=true +BACKUP_APPS=false BACKUP_BTCPAY=false RESTORE_BTCPAY=false MIGRATE_WWW=false MIGRATE_BTCPAY=false -USER_SKIP_WWW=false -USER_SKIP_BTCPAY=false +SKIP_WWW=false +SKIP_BTCPAY=false UPDATE_BTCPAY=false RECONFIGURE_BTCPAY_SERVER=false -DEPLOY_BTCPAY_SERVER=true CLUSTER_NAME="$(lxc remote get-default)" STOP_SERVICES=false @@ -82,11 +81,11 @@ for i in "$@"; do shift ;; --skip-www) - USER_SKIP_WWW=true + SKIP_WWW=true shift ;; --skip-btcpay) - USER_SKIP_BTCPAY=true + SKIP_BTCPAY=true shift ;; --backup-ghost) @@ -122,6 +121,7 @@ for i in "$@"; do esac done + # set up our default paths. source ./defaults.sh @@ -134,7 +134,7 @@ export STOP_SERVICES="$STOP_SERVICES" export BACKUP_CERTS="$BACKUP_CERTS" export BACKUP_APPS="$BACKUP_APPS" export RESTORE_BTCPAY="$RESTORE_BTCPAY" -export BACKUP_BTCPAY="$RESTORE_BTCPAY" +export BACKUP_BTCPAY="$BACKUP_BTCPAY" export MIGRATE_WWW="$MIGRATE_WWW" export MIGRATE_BTCPAY="$MIGRATE_BTCPAY" export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL" @@ -283,10 +283,13 @@ function instantiate_vms { DDNS_HOST= MIGRATE_VPS=false if [ "$VIRTUAL_MACHINE" = www ]; then - if [ "$DEPLOY_WWW_SERVER" = false ] || [ "$USER_SKIP_WWW" = true ]; then + echo "GOT HERE!!!" + if [ "$SKIP_WWW" = true ]; then continue fi + echo "AND HERE" + exit 1 VPS_HOSTNAME="$WWW_HOSTNAME" MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS" DDNS_HOST="$WWW_HOSTNAME" @@ -294,11 +297,7 @@ function instantiate_vms { if [ "$MIGRATE_WWW" = true ]; then MIGRATE_VPS=true fi - elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$USER_SKIP_BTCPAY" = true ]; then - if [ "$DEPLOY_BTCPAY_SERVER" = false ]; then - continue - fi - + elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then DDNS_HOST="$BTCPAY_HOSTNAME" VPS_HOSTNAME="$BTCPAY_HOSTNAME" MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS" @@ -470,9 +469,7 @@ function stub_project_definition { # see https://www.sovereign-stack.org/project-definition for more info. -export DEPLOY_WWW_SERVER=true export WWW_SERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED" -export DEPLOY_BTCPAY_SERVER=true export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED" # export BTC_CHAIN=mainnet export PRIMARY_DOMAIN="CHANGE_ME" diff --git a/deployment/btcpayserver/backup.sh b/deployment/btcpayserver/backup_btcpay.sh similarity index 84% rename from deployment/btcpayserver/backup.sh rename to deployment/btcpayserver/backup_btcpay.sh index b386007..7af6a97 100755 --- a/deployment/btcpayserver/backup.sh +++ b/deployment/btcpayserver/backup_btcpay.sh @@ -7,6 +7,10 @@ cd "$(dirname "$0")" # the script executed here from the BTCPAY repo will automatically take services down # and bring them back up. +echo "INFO!!!!!!!!!!! IN BTCPAY BACKUP SCRIPT." +sleep 4 + + ssh "$FQDN" "mkdir -p $REMOTE_HOME/backups; cd $REMOTE_HOME/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_HOME bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh" # TODO enable encrypted archives @@ -19,4 +23,11 @@ ssh "$FQDN" "cd $REMOTE_HOME/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_HOME BTCPAY_DO ssh "$FQDN" "sudo cp /var/lib/docker/volumes/backup_datadir/_data/backup.tar.gz $REMOTE_HOME/backups/btcpay.tar.gz" ssh "$FQDN" "sudo chown ubuntu:ubuntu $REMOTE_HOME/backups/btcpay.tar.gz" -scp "$FQDN:$REMOTE_HOME/backups/btcpay.tar.gz" "$LOCAL_BACKUP_PATH/$1.tar.gz" + + +LOCAL_BACKUP_PATH="$SITE_PATH/backups/btcpayserver/$BACKUP_TIMESTAMP" +mkdir -p "$LOCAL_BACKUP_PATH" +scp "$FQDN:$REMOTE_HOME/backups/btcpay.tar.gz" "$LOCAL_BACKUP_PATH/$UNIX_BACKUP_TIMESTAMP.tar.gz" + +sleep 5 +echo "EXITING SCRIPT" \ No newline at end of file diff --git a/deployment/btcpayserver/bashrc b/deployment/btcpayserver/bashrc deleted file mode 100644 index 15d0e39..0000000 --- a/deployment/btcpayserver/bashrc +++ /dev/null @@ -1,2 +0,0 @@ -# we append this text to the btcpay server /home/ubuntu/.bashrc so -# logged in users have more common access to the variou \ No newline at end of file diff --git a/deployment/btcpayserver/bashrc.txt b/deployment/btcpayserver/bashrc.txt new file mode 100644 index 0000000..afbb134 --- /dev/null +++ b/deployment/btcpayserver/bashrc.txt @@ -0,0 +1,6 @@ +# we append this text to the btcpay server /home/ubuntu/.bashrc so +# logged in users have more common access to the variou + +alias bitcoin-cli="bitcoin-cli.sh $@" +alias lightning-cli="bitcoin-lightning-cli.sh $@" + diff --git a/deployment/btcpayserver/go.sh b/deployment/btcpayserver/go.sh index 1f03664..7945cbf 100755 --- a/deployment/btcpayserver/go.sh +++ b/deployment/btcpayserver/go.sh @@ -46,7 +46,7 @@ fi # if the script gets this far, then we grab a regular backup. if [ "$BACKUP_BTCPAY" = true ]; then # we just grab a regular backup - ./backup.sh "$UNIX_BACKUP_TIMESTAMP" + ./backup_btcpay.sh fi if [ "$RUN_SERVICES" = true ]; then diff --git a/deployment/btcpayserver/stub_btcpay_setup.sh b/deployment/btcpayserver/stub_btcpay_setup.sh index 003c3eb..93e17f9 100755 --- a/deployment/btcpayserver/stub_btcpay_setup.sh +++ b/deployment/btcpayserver/stub_btcpay_setup.sh @@ -41,23 +41,8 @@ export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage-s;opt-add-btctransmuter; export BTCPAYGEN_REVERSEPROXY="nginx" export BTCPAY_ENABLE_SSH=false export BTCPAY_BASE_DIRECTORY=${REMOTE_HOME} - -EOL - -# can add opt-add-tor-relay; in BTCPAYGEN_ADDITIONAL_FRAGMENTS -if [ "$VPS_HOSTING_TARGET" = lxd ]; then -cat >> "$SITE_PATH/btcpay.sh" <> "$SITE_PATH/btcpay.sh" <> "$SITE_PATH/btcpay.sh" <>"$NGINX_CONF_PATH" <https redirect + cat >>"$NGINX_CONF_PATH" <>"$NGINX_CONF_PATH" <>"$NGINX_CONF_PATH" <>"$NGINX_CONF_PATH" <>"$NGINX_CONF_PATH" for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE" diff --git a/install.sh b/install.sh index 1da27cd..538d89b 100755 --- a/install.sh +++ b/install.sh @@ -33,7 +33,7 @@ fi # install lxd as a snap if it's not installed. We only really use the client part of this package # on the management machine. if ! snap list | grep -q lxd; then - sudo snap install lxd + sudo snap install lxd --candidate fi # TODO WORK ON GETTING RID OF THIS DEPENDENCY