From 68b786aaa20b79bfce04a3182ff8f054444478e9 Mon Sep 17 00:00:00 2001
From: Derek Smith <derek@farscapian.com>
Date: Tue, 4 Apr 2023 10:52:09 -0400
Subject: [PATCH] Wire up storage volumes.

---
 btcpayserver/restore.sh   |  6 ++--
 deploy.sh                 | 12 +++-----
 deploy_vm.sh              | 62 ++++++++++++++++++++++++++-------------
 stub_lxc_profile.sh       | 49 ++++++++++++++++++++++++++-----
 www/generate_certs.sh     |  4 +--
 www/stop_docker_stacks.sh |  2 +-
 6 files changed, 93 insertions(+), 42 deletions(-)

diff --git a/btcpayserver/restore.sh b/btcpayserver/restore.sh
index c122de6..ad33f96 100755
--- a/btcpayserver/restore.sh
+++ b/btcpayserver/restore.sh
@@ -7,9 +7,9 @@ if [ -f "$BACKUP_BTCPAY_ARCHIVE_PATH" ]; then
     # push the restoration archive to the remote server
     echo "INFO: Restoring BTCPAY Server: $BACKUP_BTCPAY_ARCHIVE_PATH"
 
-    REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/btcpayserver"
-    ssh "$FQDN" mkdir -p "$REMOTE_BACKUP_PATH"
-    REMOTE_BTCPAY_ARCHIVE_PATH="$REMOTE_BACKUP_PATH/btcpay.tar.gz"
+    BTCPAY_REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH/btcpayserver"
+    ssh "$FQDN" mkdir -p "$BTCPAY_REMOTE_BACKUP_PATH"
+    REMOTE_BTCPAY_ARCHIVE_PATH="$BTCPAY_REMOTE_BACKUP_PATH/btcpay.tar.gz"
     scp "$BACKUP_BTCPAY_ARCHIVE_PATH" "$FQDN:$REMOTE_BTCPAY_ARCHIVE_PATH"
 
     # push the modified restore script to the remote directory, set permissions, and execute.
diff --git a/deploy.sh b/deploy.sh
index 6b6496a..9c9a43f 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -252,6 +252,7 @@ PRIMARY_DOMAIN="domain0.tld"
 # OTHER_SITES_LIST="domain1.tld,domain2.tld,domain3.tld"
 
 WWW_SERVER_MAC_ADDRESS=
+# WWW_SSDATA_DISK_SIZE_GB=100
 # WWW_SERVER_CPU_COUNT="6"
 # WWW_SERVER_MEMORY_MB="4096"
 
@@ -374,31 +375,26 @@ for VIRTUAL_MACHINE in www btcpayserver; do
         FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
         VPS_HOSTNAME="$WWW_HOSTNAME"
         MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS"
-        ROOT_DISK_SIZE_GB="$((ROOT_DISK_SIZE_GB + NEXTCLOUD_SPACE_GB))"
 
     elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then
         FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
         VPS_HOSTNAME="$BTCPAY_HOSTNAME"
         MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS"
-        if [ "$BITCOIN_CHAIN" = mainnet ]; then
-            ROOT_DISK_SIZE_GB=150
-        elif [ "$BITCOIN_CHAIN" = testnet ]; then
-            ROOT_DISK_SIZE_GB=70
-        fi
 
     elif [ "$VIRTUAL_MACHINE" = "$BASE_IMAGE_VM_NAME" ]; then
         export FQDN="$BASE_IMAGE_VM_NAME"
-        ROOT_DISK_SIZE_GB=8
     else
         echo "ERROR: VIRTUAL_MACHINE not within allowable bounds."
         exit
     fi
 
+
+
+
     export FQDN="$FQDN"
     export LXD_VM_NAME="${FQDN//./-}"
     export MAC_ADDRESS_TO_PROVISION="$MAC_ADDRESS_TO_PROVISION"
     export PROJECT_PATH="$PROJECT_PATH"
-    export ROOT_DISK_SIZE_GB="$ROOT_DISK_SIZE_GB"
 
     ./deploy_vm.sh
 
diff --git a/deploy_vm.sh b/deploy_vm.sh
index 4e01a09..697a2f7 100755
--- a/deploy_vm.sh
+++ b/deploy_vm.sh
@@ -30,20 +30,51 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
         exit 1
     fi
 
-    # create the docker volume
-    VM_ID=w
+    # TODO ensure we are only GROWING the volume--never shrinking per zfs volume docs.
+    VM_ID=
+    BACKUP_DISK_SIZE_GB=
+    SSDATA_DISK_SIZE_GB=
+    DOCKER_DISK_SIZE_GB=
+    if [ "$VIRTUAL_MACHINE" = www ]; then
+        VM_ID="w"
+        BACKUP_DISK_SIZE_GB="$WWW_BACKUP_DISK_SIZE_GB"
+        SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"
+        DOCKER_DISK_SIZE_GB="$WWW_DOCKER_DISK_SIZE_GB"
+    fi
+
     if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
         VM_ID="b"
+        BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
+        SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
+        DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
     fi
     
     DOCKER_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""d"
-    export DOCKER_VOLUME_NAME="$DOCKER_VOLUME_NAME"
     if ! lxc storage volume list ss-base | grep -q "$DOCKER_VOLUME_NAME"; then
-        lxc storage volume create ss-base "$DOCKER_VOLUME_NAME" --type=filesystem
-        lxc storage volume set ss-base "$DOCKER_VOLUME_NAME" size="${ROOT_DISK_SIZE_GB}GB"
+        lxc storage volume create ss-base "$DOCKER_VOLUME_NAME" --type=block
     fi
 
-    bash -c "./stub_lxc_profile.sh --vm=$VIRTUAL_MACHINE --lxd-hostname=$LXD_VM_NAME --docker-volume-name=$DOCKER_VOLUME_NAME"
+    # TODO ensure we are only GROWING the volume--never shrinking
+    lxc storage volume set ss-base "$DOCKER_VOLUME_NAME" size="${DOCKER_DISK_SIZE_GB}GB"
+
+    SSDATA_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""s"
+    if ! lxc storage volume list ss-base | grep -q "$SSDATA_VOLUME_NAME"; then
+        lxc storage volume create ss-base "$SSDATA_VOLUME_NAME" --type=filesystem
+    fi
+
+    # TODO ensure we are only GROWING the volume--never shrinking per zfs volume docs.
+    lxc storage volume set ss-base "$SSDATA_VOLUME_NAME" size="${SSDATA_DISK_SIZE_GB}GB"
+
+
+    BACKUP_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""b"
+    if ! lxc storage volume list ss-base | grep -q "$BACKUP_VOLUME_NAME"; then
+        lxc storage volume create ss-base "$BACKUP_VOLUME_NAME" --type=filesystem
+    fi
+
+    lxc storage volume set ss-base "$BACKUP_VOLUME_NAME" size="${BACKUP_DISK_SIZE_GB}GB"
+
+
+    bash -c "./stub_lxc_profile.sh --vm=$VIRTUAL_MACHINE --lxd-hostname=$LXD_VM_NAME --ss-volume-name=$SSDATA_VOLUME_NAME --backup-volume-name=$BACKUP_VOLUME_NAME"
 
     # now let's create a new VM to work with.
     #lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
@@ -52,17 +83,9 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
     # let's PIN the HW address for now so we don't exhaust IP
     # and so we can set DNS internally.
     lxc config set "$LXD_VM_NAME" "volatile.enp5s0.hwaddr=$MAC_ADDRESS_TO_PROVISION"
-    #lxc config device override "$LXD_VM_NAME" root size="${ROOT_DISK_SIZE_GB}GB"
 
-    #lxc storage volume attach ss-base "$DOCKER_VOLUME_NAME" "$LXD_VM_NAME"
-
-    # HOME_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""h"
-    # if ! lxc storage volume list ss-base | grep -q "$HOME_VOLUME_NAME"; then
-    #     lxc storage volume create ss-base "$HOME_VOLUME_NAME" --type=block
-    #     lxc storage volume set ss-base "$HOME_VOLUME_NAME" size="${ROOT_DISK_SIZE_GB}GB"
-    # fi
-
-    #lxc storage volume attach ss-base "$HOME_VOLUME_NAME" "$LXD_VM_NAME"
+    # attack the docker block device.
+    lxc storage volume attach ss-base "$DOCKER_VOLUME_NAME" "$LXD_VM_NAME"
 
     # if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
     #     # attach any volumes
@@ -82,11 +105,8 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
     # scan the remote machine and install it's identity in our SSH known_hosts file.
     ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts"
 
-
-    # create a directory to store backup archives. This is on all new vms.
-    ssh "$FQDN" "mkdir -p $REMOTE_HOME/backups"
-
-    ssh "$FQDN" "sudo chown -R ubuntu:ubuntu $REMOTE_DATA_PATH"
+    ssh "$FQDN" "sudo chown ubuntu:ubuntu $REMOTE_DATA_PATH"
+    ssh "$FQDN" "sudo chown -R ubuntu:ubuntu $REMOTE_BACKUP_PATH"
 
     if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
         # send an updated ~/.bashrc so we have quicker access to cli tools
diff --git a/stub_lxc_profile.sh b/stub_lxc_profile.sh
index 0101adf..c4c1be4 100755
--- a/stub_lxc_profile.sh
+++ b/stub_lxc_profile.sh
@@ -5,7 +5,8 @@ cd "$(dirname "$0")"
 
 VIRTUAL_MACHINE=base
 LXD_HOSTNAME=
-DOCKER_VOLUME_NAME=
+SSDATA_VOLUME_NAME=
+BACKUP_VOLUME_NAME=
 
 # grab any modifications from the command line.
 for i in "$@"; do
@@ -18,8 +19,12 @@ for i in "$@"; do
             VIRTUAL_MACHINE="${i#*=}"
             shift
         ;;
-        --docker-volume-name=*)
-            DOCKER_VOLUME_NAME="${i#*=}"
+        --ss-volume-name=*)
+            SSDATA_VOLUME_NAME="${i#*=}"
+            shift
+        ;;
+        --backup-volume-name=*)
+            BACKUP_VOLUME_NAME="${i#*=}"
             shift
         ;;
         *)
@@ -136,7 +141,9 @@ EOF
 
     fi
 
+fi
 
+if [ "$VIRTUAL_MACHINE" = base ]; then
     cat >> "$YAML_PATH" <<EOF
     runcmd:
       - sudo mkdir -m 0755 -p /etc/apt/keyrings
@@ -146,11 +153,11 @@ EOF
       - sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
       - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server
 
-
 EOF
 
+fi
 
-else 
+if [ "$VIRTUAL_MACHINE" != base ]; then
     # all other machines that are not the base image
     cat >> "$YAML_PATH" <<EOF
   user.vendor-data: |
@@ -163,6 +170,30 @@ else
     preserve_hostname: true
     fqdn: ${FQDN}
 
+    resize_rootfs: false
+
+    disk_setup:
+      /dev/sdb:
+        table_type: 'gpt'
+        layout: true
+        overwrite: false
+
+    fs_setup:
+      - label: docker-data
+        filesystem: 'ext4'
+        device: '/dev/sdb1'
+        overwrite: false
+
+    mounts:
+      - [ sdb, /var/lib/docker ]
+
+    mount_default_fields: [ None, None, "auto", "defaults,nofail", "0", "2" ]
+
+EOF
+fi
+
+if [ "$VIRTUAL_MACHINE" != base ]; then
+    cat >> "$YAML_PATH" <<EOF
   user.network-config: |
     version: 2
     ethernets:
@@ -177,7 +208,6 @@ else
       enp6s0:
         dhcp4: true
 
-
 EOF
 
 fi
@@ -200,7 +230,12 @@ if [ "$VIRTUAL_MACHINE" != base ]; then
   ss-data:
     path: ${REMOTE_DATA_PATH}
     pool: ss-base
-    source: ${DOCKER_VOLUME_NAME}
+    source: ${SSDATA_VOLUME_NAME}
+    type: disk
+  ss-backup:
+    path: ${REMOTE_BACKUP_PATH}
+    pool: ss-base
+    source: ${BACKUP_VOLUME_NAME}
     type: disk
 EOF
 fi
diff --git a/www/generate_certs.sh b/www/generate_certs.sh
index 9231aa7..7da0817 100755
--- a/www/generate_certs.sh
+++ b/www/generate_certs.sh
@@ -18,7 +18,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
     # with the lxd side, we are trying to expose ALL OUR services from one IP address, which terminates
     # at a cachehing reverse proxy that runs nginx.
 
-    ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_DATA_PATH/letsencrypt/$DOMAIN_NAME/_logs"
+    ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_DATA_PATH_LETSENCRYPT/$DOMAIN_NAME/_logs"
 
     # this is minimum required; www and btcpay.
     DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN"
@@ -38,7 +38,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
         done
     fi
     
-    GENERATE_CERT_STRING="docker run -it --rm --name certbot -p 80:80 -p 443:443 -v $REMOTE_DATA_PATH/letsencrypt/$DOMAIN_NAME:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v $REMOTE_DATA_PATH/letsencrypt/$DOMAIN_NAME/_logs:/var/log/letsencrypt certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand ${DOMAIN_STRING} --email $CERTIFICATE_EMAIL_ADDRESS"
+    GENERATE_CERT_STRING="docker run -it --rm --name certbot -p 80:80 -p 443:443 -v $REMOTE_DATA_PATH_LETSENCRYPT/$DOMAIN_NAME:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v $REMOTE_DATA_PATH_LETSENCRYPT/$DOMAIN_NAME/_logs:/var/log/letsencrypt certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand ${DOMAIN_STRING} --email $CERTIFICATE_EMAIL_ADDRESS"
 
     # execute the certbot command that we dynamically generated.
     eval "$GENERATE_CERT_STRING"
diff --git a/www/stop_docker_stacks.sh b/www/stop_docker_stacks.sh
index 080f2be..7cd33c2 100755
--- a/www/stop_docker_stacks.sh
+++ b/www/stop_docker_stacks.sh
@@ -26,7 +26,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
 
             # these variable are used by both backup/restore scripts.
             export APP="$APP"
-            export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
+            export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH/www/$APP/$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
             export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_DATA_PATH/$APP/$DOMAIN_NAME"
   
             # ensure our local backup path exists so we can pull down the duplicity archive to the management machine.