farscapian/sovereign-stack
1
0
Fork 0
forked from ss/sovereign-stack
Code Pull Requests Releases Activity

Added 'projects' for deployment namespaces.

Browse Source
This commit is contained in:
Derek Smith 2022-08-24 10:09:09 -04:00
parent a1d3ff6465
commit c95265817f
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
6 changed files with 108 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cluster.sh
View File

@ -38,12 +38,8 @@ if [ "$COMMAND" = create ]; then
# Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1' # Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1'
# Then $HOME/ss-clusters/cluster1 will be your cluster working path. # Then $HOME/ss-clusters/cluster1 will be your cluster working path.
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)" export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED- see www.sovereign-stack.org/reservations/"
# This is REQUIRED. A list of all sites in ~/ss-sites/ that will be deployed. export PROJECT_NAME="[public|private1|private2]"
# e.g., 'domain1.tld,domain2.tld,domain3.tld' Add all your domains that will
# run within this SS deployment.
export SITE_LIST="domain1.tld"
# only relevant # only relevant
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000" export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
@ -148,7 +144,7 @@ EOL
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}" IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)" IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
# if the LXD_CLUSTER_PASSWORD wasnt set, we can generate a random one using gpg. # error out if the cluster password is unset.
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition." echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
exit 1 exit 1
@ -189,7 +185,7 @@ fi
fi fi
# stub out the lxd init file for the remote SSH endpoint. # stub out the lxd init file for the remote SSH endpoint.
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/$CLUSTER_NAME-lxd_profile.yml" CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml"
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
config: config:
core.https_address: ${MGMT_PLANE_IP}:8443 core.https_address: ${MGMT_PLANE_IP}:8443
@ -200,10 +196,12 @@ networks:
- name: lxdbrSS - name: lxdbrSS
type: bridge type: bridge
config: config:
ipv4.address: 10.139.144.1/24
ipv4.nat: "false" ipv4.nat: "false"
ipv4.dhcp: "false"
ipv6.address: "none" ipv6.address: "none"
dns.mode: "dynamic" dns.mode: "none"
managed: true #managed: true
description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-} description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-}
# lxdbrSS is an isolated bridge; no Internet access. # lxdbrSS is an isolated bridge; no Internet access.

1
defaults.sh
View File

@ -122,6 +122,7 @@ export WWW_MAC_ADDRESS=
export BTCPAY_MAC_ADDRESS= export BTCPAY_MAC_ADDRESS=
export CLUSTERS_DIR="$HOME/ss-clusters" export CLUSTERS_DIR="$HOME/ss-clusters"
export PROJECTS_DIR="$HOME/ss-projects"
export SITES_PATH="$HOME/ss-sites" export SITES_PATH="$HOME/ss-sites"

101
deploy.sh
View File

@ -491,16 +491,6 @@ export NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
export GITEA_MYSQL_PASSWORD="$(new_pass)" export GITEA_MYSQL_PASSWORD="$(new_pass)"
export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)" export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
## BTCPAY SERVER; if true, then a BTCPay server is deployed.
export DEPLOY_BTCPAY_SERVER=false
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
# CHAIN to DEPLOY; valid are 'regtest', 'testnet', and 'mainnet'
export BTC_CHAIN=regtest
# set to false to disable nginx caching; helps when making website updates.
# export ENABLE_NGINX_CACHING=true
EOL EOL
chmod 0744 "$SITE_DEFINITION_PATH" chmod 0744 "$SITE_DEFINITION_PATH"
@ -512,18 +502,101 @@ EOL
} }
function stub_project_definition {
# check to see if the enf file exists. exist if not.
PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
# stub out a site_definition with new passwords.
cat >"$PROJECT_DEFINITION_PATH" <<EOL
#!/bin/bash
# for more info about this file and how to use it, see
# www.sovereign-stack.org/project-defintion
# Createa a DHCP reservation for the baseline image.
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
# Create a DHCP reservation for the www/reverse proxy VM.
export DEPLOY_WWW_SERVER=true
export WWW_SERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
# Create a DHCP reservation for the btcpay server VM.
export DEPLOY_BTCPAY_SERVER=false
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
# valid are 'regtest', 'testnet', and 'mainnet'
export BTC_CHAIN=regtest
# set to true to enable nginx caching; helps when making website updates.
# export ENABLE_NGINX_CACHING=true
# A list of all sites in ~/ss-sites/ that will be deployed under the project.
# e.g., 'domain1.tld,domain2.tld,domain3.tld'.
export SITE_LIST="domain1.tld"
EOL
chmod 0744 "$PROJECT_DEFINITION_PATH"
echo "INFO: we stubbed a new project_defition for you at '$PROJECT_DEFINITION_PATH'. Go update it yo!"
echo "INFO: Learn more at https://www.sovereign-stack.org/project-defition/"
exit 1
fi
# source project defition.
source "$PROJECT_DEFINITION_PATH"
}
# let's iterate over the user-supplied domain list and provision each domain. # let's iterate over the user-supplied domain list and provision each domain.
if [ "$VPS_HOSTING_TARGET" = lxd ]; then if [ "$VPS_HOSTING_TARGET" = lxd ]; then
# iterate through our site list as provided by operator from cluster_definition
for i in ${SITE_LIST//,/ }; do
export DOMAIN_NAME="$i"
export SITE_PATH=""
CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
PROJECT_PATH="$PROJECTS_DIR/$CURRENT_PROJECT"
mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
export PROJECT_PATH="$PROJECT_PATH"
# create a symlink from ./clusterpath/projects/project
if [ ! -d "$CLUSTER_PATH/projects/$CURRENT_PROJECT" ]; then
ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$CURRENT_PROJECT"
fi
# check if we need to provision a new lxc project.
if [ "$PROJECT_NAME" != "$CURRENT_PROJECT" ]; then
if ! lxc project list | grep -q "$PROJECT_NAME"; then
echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
lxc project create "$PROJECT_NAME"
fi
echo "INFO: switch to lxd project '$PROJECT_NAME'."
lxc project switch "$PROJECT_NAME"
fi
stub_project_definition
# iterate through our site list as provided by operator from cluster_definition
iteration=0
for DOMAIN_NAME in ${SITE_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
# the vms are named accordignt to the first domain listed.
if [ $iteration = 0 ]; then
# bring the vms up
instantiate_vms
fi
# stub out the site_defition if it's doesn't exist.
stub_site_definition stub_site_definition
# run the logic for a domain deployment. # run the logic for a domain deployment.
run_domain run_domain
iteration=$((iteration+1))
done done
elif [ "$VPS_HOSTING_TARGET" = aws ]; then elif [ "$VPS_HOSTING_TARGET" = aws ]; then

4
deployment/stub_lxc_profile.sh
View File

@ -11,8 +11,8 @@ ssh-add "$SSH_HOME/id_rsa"
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY" export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
export FILENAME="$LXD_HOSTNAME.yml" export FILENAME="$LXD_HOSTNAME.yml"
mkdir -p "$CLUSTER_PATH/cloud-init" mkdir -p "$PROJECT_PATH/cloud-init"
YAML_PATH="$CLUSTER_PATH/cloud-init/$FILENAME" YAML_PATH="$PROJECT_PATH/cloud-init/$FILENAME"
# If we are deploying the www, we attach the vm to the underlay via macvlan. # If we are deploying the www, we attach the vm to the underlay via macvlan.
cat > "$YAML_PATH" <<EOF cat > "$YAML_PATH" <<EOF

13
deployment/www/stub_nginxconf.sh
View File

@ -11,9 +11,8 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
fi fi
fi fi
# here's the NGINX config. We support ghost and nextcloud. # here's the NGINX config. We support ghost and nextcloud.
NGINX_CONF_PATH="$SITE_PATH/nginx.conf" NGINX_CONF_PATH="$PROJECT_PATH/nginx.conf"
echo "" > "$NGINX_CONF_PATH" echo "" > "$NGINX_CONF_PATH"
cat >>"$NGINX_CONF_PATH" <<EOL cat >>"$NGINX_CONF_PATH" <<EOL
events { events {
@ -41,11 +40,11 @@ http {
'' close; '' close;
} }
# this server block returns a 403 for all non-explicit host requests. # return 403 for all non-explicit hostnames
#server { server {
# listen 80 default_server; listen 80 default_server;
# return 403; return 403;
#} }
EOL EOL

5
install.sh
View File

@ -64,6 +64,11 @@ if ! < "$HOME/.bashrc" grep -q "ss-cluster"; then
ADDED_COMMAND=true ADDED_COMMAND=true
fi fi
if ! < "$HOME/.bashrc" grep -q "ss-projects"; then
echo "alias ss-projects='/home/$USER/sovereign-stack/projects.sh \$@'" >> "$HOME/.bashrc"
ADDED_COMMAND=true
fi
if [ "$ADDED_COMMAND" = true ]; then if [ "$ADDED_COMMAND" = true ]; then
echo "WARNING! You need to run 'source ~/.bashrc' before continuing." echo "WARNING! You need to run 'source ~/.bashrc' before continuing."
fi fi