2023-03-06 19:30:56 +00:00
#!/bin/bash
2023-04-07 14:20:15 +00:00
set -exu
2023-03-06 19:30:56 +00:00
cd " $( dirname " $0 " ) "
# redirect all docker commands to the remote host.
2023-03-22 20:34:06 +00:00
DOCKER_HOST = " ssh://ubuntu@ $WWW_FQDN "
2023-03-06 19:30:56 +00:00
export DOCKER_HOST = " $DOCKER_HOST "
2023-04-07 14:20:15 +00:00
2023-03-20 14:24:33 +00:00
# Create the nginx config file which covers all domainys.
2023-03-06 19:30:56 +00:00
bash -c ./stub/nginx_config.sh
2023-04-04 15:09:35 +00:00
BUILD_CLAMS = false
2023-03-06 19:30:56 +00:00
for DOMAIN_NAME in ${ DOMAIN_LIST //,/ } ; do
export DOMAIN_NAME = " $DOMAIN_NAME "
export SITE_PATH = " $SITES_PATH / $DOMAIN_NAME "
# source the site path so we know what features it has.
2023-04-07 14:20:15 +00:00
source ../project_defaults.sh
2023-03-13 18:43:23 +00:00
source " $SITE_PATH /site.conf "
2023-03-06 19:30:56 +00:00
source ../domain_env.sh
2023-04-04 15:09:35 +00:00
if [ " $DEPLOY_CLAMS " = true ] ; then
BUILD_CLAMS = true
fi
2023-03-06 19:30:56 +00:00
### Let's check to ensure all the requiredsettings are set.
if [ " $DEPLOY_GHOST " = true ] ; then
if [ -z " $GHOST_MYSQL_PASSWORD " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
if [ -z " $GHOST_MYSQL_ROOT_PASSWORD " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure GHOST_MYSQL_ROOT_PASSWORD is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
fi
if [ " $DEPLOY_GITEA " = true ] ; then
if [ -z " $GITEA_MYSQL_PASSWORD " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure GITEA_MYSQL_PASSWORD is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
if [ -z " $GITEA_MYSQL_ROOT_PASSWORD " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure GITEA_MYSQL_ROOT_PASSWORD is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
fi
if [ " $DEPLOY_NEXTCLOUD " = true ] ; then
if [ -z " $NEXTCLOUD_MYSQL_ROOT_PASSWORD " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure NEXTCLOUD_MYSQL_ROOT_PASSWORD is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
if [ -z " $NEXTCLOUD_MYSQL_PASSWORD " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure NEXTCLOUD_MYSQL_PASSWORD is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
fi
2023-04-04 15:10:38 +00:00
if [ " $DEPLOY_NOSTR " = true ] ; then
if [ -z " $NOSTR_ACCOUNT_PUBKEY " ] ; then
echo "ERROR: When deploying nostr, you MUST specify NOSTR_ACCOUNT_PUBKEY."
exit 1
fi
fi
2023-03-06 19:30:56 +00:00
if [ -z " $DUPLICITY_BACKUP_PASSPHRASE " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
if [ -z " $DOMAIN_NAME " ] ; then
2023-03-13 18:43:23 +00:00
echo "ERROR: Ensure DOMAIN_NAME is configured in your site.conf."
2023-03-06 19:30:56 +00:00
exit 1
fi
done
./stop_docker_stacks.sh
# TODO check if there are any other stacks that are left running (other than reverse proxy)
# if so, this may mean the user has disabled one or more domains and that existing sites/services
# are still running. We should prompt the user of this and quit. They have to go manually docker stack remove these.
2023-03-19 17:44:37 +00:00
if [ [ $( docker stack list | wc -l) -gt 2 ] ] ; then
2023-03-06 19:30:56 +00:00
echo "WARNING! You still have stacks running. If you have modified the SITES list, you may need to go remove the docker stacks runnong the remote machine."
echo "exiting."
exit 1
fi
# ok, the backend stacks are stopped.
if [ " $RESTART_FRONT_END " = true ] ; then
# generate the certs and grab a backup
2023-03-18 15:04:59 +00:00
if [ " $RUN_CERT_RENEWAL " = true ] && [ " $RESTORE_CERTS " = false ] ; then
2023-03-27 15:05:20 +00:00
if [ " $STOP_SERVICES " = false ] ; then
./generate_certs.sh
fi
2023-03-06 19:30:56 +00:00
fi
# let's backup all our letsencrypt certs
export APP = "letsencrypt"
for DOMAIN_NAME in ${ DOMAIN_LIST //,/ } ; do
export DOMAIN_NAME = " $DOMAIN_NAME "
export SITE_PATH = " $SITES_PATH / $DOMAIN_NAME "
# source the site path so we know what features it has.
2023-04-07 14:20:15 +00:00
source ../project_defaults.sh
2023-03-13 18:43:23 +00:00
source " $SITE_PATH /site.conf "
2023-03-06 19:30:56 +00:00
source ../domain_env.sh
# these variable are used by both backup/restore scripts.
2023-04-04 15:10:38 +00:00
export REMOTE_BACKUP_PATH = " $REMOTE_BACKUP_PATH /www/ $APP / $DOMAIN_IDENTIFIER "
2023-04-02 13:28:42 +00:00
export REMOTE_SOURCE_BACKUP_PATH = " $REMOTE_DATA_PATH / $APP / $DOMAIN_NAME "
2023-03-06 19:30:56 +00:00
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
export LOCAL_BACKUP_PATH = " $SITE_PATH /backups/www/ $APP "
mkdir -p " $LOCAL_BACKUP_PATH "
2023-03-18 15:04:59 +00:00
# we grab a backup of the certs unless we're restoring.
if [ " $RESTORE_CERTS " = true ] ; then
2023-03-06 19:30:56 +00:00
./restore_path.sh
2023-03-18 15:04:59 +00:00
else
2023-03-06 19:30:56 +00:00
./backup_path.sh
fi
done
2023-04-04 15:08:22 +00:00
else
exit 0
fi
# build the clams docker image
if [ " $BUILD_CLAMS " = true ] ; then
./clams/build.sh
2023-03-06 19:30:56 +00:00
fi
# nginx gets deployed first since it "owns" the docker networks of downstream services.
./stub/nginx_yml.sh
# next run our application stub logic. These deploy the apps too if configured to do so.
./stub/ghost_yml.sh
./stub/nextcloud_yml.sh
./stub/gitea_yml.sh
./stub/nostr_yml.sh
2023-04-04 15:08:22 +00:00
2023-03-06 19:30:56 +00:00
# # start a browser session; point it to port 80 to ensure HTTPS redirect.
# # WWW_FQDN is in our certificate, so we resolve to that.
# wait-for-it -t 320 "$WWW_FQDN:80"
# wait-for-it -t 320 "$WWW_FQDN:443"
# # open bowser tabs.
# if [ "$DEPLOY_GHOST" = true ]; then
# xdg-open "http://$WWW_FQDN" > /dev/null 2>&1
# fi
# if [ "$DEPLOY_NEXTCLOUD" = true ]; then
# xdg-open "http://$NEXTCLOUD_FQDN" > /dev/null 2>&1
# fi
# if [ "$DEPLOY_GITEA" = true ]; then
# xdg-open "http://$GITEA_FQDN" > /dev/null 2>&1
# fi