1
1
sovereign-stack/deployment/stub_profile.sh

339 lines
7.3 KiB
Bash
Raw Normal View History

2023-04-07 14:23:04 +00:00
#!/bin/bash
2023-09-22 23:46:07 +00:00
set -exu
2023-04-07 14:23:04 +00:00
cd "$(dirname "$0")"
VIRTUAL_MACHINE=base
2023-11-29 19:04:24 +00:00
INCUS_HOSTNAME=
2023-04-07 14:23:04 +00:00
SSDATA_VOLUME_NAME=
BACKUP_VOLUME_NAME=
# grab any modifications from the command line.
for i in "$@"; do
case $i in
2023-11-30 02:33:45 +00:00
--incus-hostname=*)
2023-11-29 19:04:24 +00:00
INCUS_HOSTNAME="${i#*=}"
2023-04-07 14:23:04 +00:00
shift
;;
--vm=*)
VIRTUAL_MACHINE="${i#*=}"
shift
;;
--ss-volume-name=*)
SSDATA_VOLUME_NAME="${i#*=}"
shift
;;
--backup-volume-name=*)
BACKUP_VOLUME_NAME="${i#*=}"
shift
;;
*)
echo "Unexpected option: $1"
exit 1
;;
esac
done
# generate the custom cloud-init file. Cloud init installs and configures sshd
SSH_AUTHORIZED_KEY=$(<"$SSH_PUBKEY_PATH")
2023-09-22 23:46:07 +00:00
eval "$(ssh-agent -s)" > /dev/null
ssh-add "$SSH_HOME/id_rsa" > /dev/null
2023-04-07 14:23:04 +00:00
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
2023-11-29 19:04:24 +00:00
export FILENAME="$INCUS_HOSTNAME.yml"
2023-04-07 14:23:04 +00:00
mkdir -p "$PROJECT_PATH/cloud-init"
YAML_PATH="$PROJECT_PATH/cloud-init/$FILENAME"
# If we are deploying the www, we attach the vm to the underlay via macvlan.
cat > "$YAML_PATH" <<EOF
config:
EOF
if [ "$VIRTUAL_MACHINE" = base ]; then
cat >> "$YAML_PATH" <<EOF
limits.cpu: 4
limits.memory: 4096MB
EOF
fi
if [ "$VIRTUAL_MACHINE" = www ]; then
cat >> "$YAML_PATH" <<EOF
limits.cpu: "${WWW_SERVER_CPU_COUNT}"
limits.memory: "${WWW_SERVER_MEMORY_MB}MB"
EOF
fi
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
cat >> "$YAML_PATH" <<EOF
limits.cpu: "${BTCPAY_SERVER_CPU_COUNT}"
limits.memory: "${BTCPAY_SERVER_MEMORY_MB}MB"
EOF
2023-09-06 02:01:57 +00:00
elif [ "$VIRTUAL_MACHINE" = lnplayserver ]; then
2023-08-12 16:19:44 +00:00
cat >> "$YAML_PATH" <<EOF
2023-09-06 02:01:57 +00:00
limits.cpu: "${LNPLAY_SERVER_CPU_COUNT}"
limits.memory: "${LNPLAY_SERVER_MEMORY_MB}MB"
2023-08-12 16:19:44 +00:00
EOF
2023-04-07 14:23:04 +00:00
fi
# if VIRTUAL_MACHINE=base, then we doing the base image.
if [ "$VIRTUAL_MACHINE" = base ]; then
# this is for the base image only...
cat >> "$YAML_PATH" <<EOF
user.vendor-data: |
#cloud-config
package_update: true
package_upgrade: false
package_reboot_if_required: false
preserve_hostname: false
fqdn: ${BASE_IMAGE_VM_NAME}
packages:
- curl
- ssh-askpass
- apt-transport-https
- ca-certificates
- gnupg-agent
- software-properties-common
- lsb-release
- net-tools
- htop
- rsync
- duplicity
- sshfs
- fswatch
- jq
- git
- nano
- wait-for-it
- dnsutils
- wget
groups:
- docker
users:
- name: ubuntu
groups: docker
shell: /bin/bash
lock_passwd: false
sudo: ALL=(ALL) NOPASSWD:ALL
ssh_authorized_keys:
- ${SSH_AUTHORIZED_KEY}
EOF
if [ "$REGISTRY_URL" != "https://index.docker.io/v1" ]; then
cat >> "$YAML_PATH" <<EOF
write_files:
- path: /etc/docker/daemon.json
permissions: 0644
owner: root
content: |
{
"registry-mirrors": [
"${REGISTRY_URL}"
]
}
EOF
fi
fi
if [ "$VIRTUAL_MACHINE" = base ]; then
cat >> "$YAML_PATH" <<EOF
runcmd:
- sudo mkdir -m 0755 -p /etc/apt/keyrings
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
2024-02-09 16:26:10 +00:00
- echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable" | sudo tee /etc/apt/sources.list.d/docker.list
2023-04-07 14:23:04 +00:00
- sudo apt-get update
- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server
EOF
fi
if [ "$VIRTUAL_MACHINE" != base ]; then
# all other machines that are not the base image
cat >> "$YAML_PATH" <<EOF
user.vendor-data: |
#cloud-config
apt_mirror: http://us.archive.ubuntu.com/ubuntu/
package_update: false
package_upgrade: false
package_reboot_if_required: false
preserve_hostname: true
fqdn: ${FQDN}
2023-12-14 17:50:49 +00:00
EOF
fi
2023-04-07 14:23:04 +00:00
2023-12-14 17:50:49 +00:00
if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
# all other machines that are not the base image
cat >> "$YAML_PATH" <<EOF
resize_rootfs: false
2023-04-07 14:23:04 +00:00
disk_setup:
/dev/sdb:
table_type: 'gpt'
layout: true
overwrite: false
fs_setup:
- label: docker-data
filesystem: 'ext4'
device: '/dev/sdb1'
overwrite: false
mounts:
- [ sdb, /var/lib/docker ]
mount_default_fields: [ None, None, "auto", "defaults,nofail", "0", "2" ]
EOF
fi
if [ "$VIRTUAL_MACHINE" != base ]; then
cat >> "$YAML_PATH" <<EOF
user.network-config: |
version: 2
ethernets:
enp5s0:
dhcp4: true
dhcp4-overrides:
route-metric: 50
match:
macaddress: ${MAC_ADDRESS_TO_PROVISION}
set-name: enp5s0
2023-08-12 16:16:44 +00:00
EOF
fi
2023-04-07 14:23:04 +00:00
2023-08-12 16:16:44 +00:00
# TODO try to get DHCP working reliably.
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
cat >> "$YAML_PATH" <<EOF
2023-04-07 14:23:04 +00:00
enp6s0:
2023-08-12 16:16:44 +00:00
addresses:
- 10.10.10.66/24
2023-04-07 14:23:04 +00:00
EOF
2023-08-12 16:22:34 +00:00
fi
2023-04-07 14:23:04 +00:00
2023-08-12 16:22:34 +00:00
if [ "$VIRTUAL_MACHINE" = www ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0:
addresses:
- 10.10.10.65/24
EOF
2023-04-07 14:23:04 +00:00
fi
# All profiles get a root disk and cloud-init config.
cat >> "$YAML_PATH" <<EOF
2023-11-29 19:04:24 +00:00
description: Default incus profile for ${FILENAME}
2023-04-07 14:23:04 +00:00
devices:
2023-12-14 17:50:49 +00:00
EOF
if [ "$VIRTUAL_MACHINE" = lnplayserver ]; then
# All profiles get a root disk and cloud-init config.
cat >> "$YAML_PATH" <<EOF
root:
path: /
pool: ss-base
type: disk
size: 20GiB
EOF
else
# All profiles get a root disk and cloud-init config.
cat >> "$YAML_PATH" <<EOF
2023-04-07 14:23:04 +00:00
root:
path: /
pool: ss-base
type: disk
2023-12-14 17:50:49 +00:00
EOF
fi
cat >> "$YAML_PATH" <<EOF
2023-04-07 14:23:04 +00:00
config:
source: cloud-init:config
type: disk
EOF
2023-12-14 17:50:49 +00:00
if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
2023-04-07 14:23:04 +00:00
cat >> "$YAML_PATH" <<EOF
ss-data:
path: ${REMOTE_DATA_PATH}
pool: ss-base
source: ${SSDATA_VOLUME_NAME}
type: disk
ss-backup:
path: ${REMOTE_BACKUP_PATH}
pool: ss-base
source: ${BACKUP_VOLUME_NAME}
type: disk
EOF
fi
# Stub out the network piece for the base image.
if [ "$VIRTUAL_MACHINE" = base ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0:
name: enp6s0
2023-09-23 16:26:51 +00:00
network: incusbr0
2023-04-07 14:23:04 +00:00
type: nic
name: ${FILENAME}
EOF
else
2023-12-14 17:50:49 +00:00
# all other vms attach to the network underlay
2023-04-07 14:23:04 +00:00
cat >> "$YAML_PATH" <<EOF
enp5s0:
nictype: macvlan
parent: ${DATA_PLANE_MACVLAN_INTERFACE}
type: nic
2023-08-12 16:22:34 +00:00
EOF
if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
cat >> "$YAML_PATH" <<EOF
2023-04-07 14:23:04 +00:00
enp6s0:
name: enp6s0
network: ss-ovn
type: nic
2023-08-12 16:22:34 +00:00
EOF
fi
2023-04-07 14:23:04 +00:00
2023-08-12 16:22:34 +00:00
cat >> "$YAML_PATH" <<EOF
2023-04-07 14:23:04 +00:00
name: ${PRIMARY_DOMAIN}
EOF
fi
if [ "$VIRTUAL_MACHINE" = base ]; then
2023-11-29 19:04:24 +00:00
if ! incus profile list --format csv --project default | grep -q "$INCUS_HOSTNAME"; then
incus profile create "$INCUS_HOSTNAME" --project default
2023-04-07 14:23:04 +00:00
fi
# configure the profile with our generated cloud-init.yml file.
2023-11-29 19:04:24 +00:00
incus profile edit "$INCUS_HOSTNAME" --project default < "$YAML_PATH"
2023-04-07 14:23:04 +00:00
else
2023-11-29 19:04:24 +00:00
if ! incus profile list --format csv | grep -q "$INCUS_HOSTNAME"; then
incus profile create "$INCUS_HOSTNAME"
2023-04-07 14:23:04 +00:00
fi
# configure the profile with our generated cloud-init.yml file.
2023-11-29 19:04:24 +00:00
incus profile edit "$INCUS_HOSTNAME" < "$YAML_PATH"
2023-04-07 14:23:04 +00:00
fi