sovereign-stack/go_www.sh

#!/bin/bash

set -exuo nounset
cd "$(dirname "$0")"

TOR_CONFIG_PATH=

ssh "$FQDN" mkdir -p "$REMOTE_HOME/ghost_site" "$REMOTE_HOME/ghost_db"

if [ "$DEPLOY_NEXTCLOUD" = true ]; then
    ssh "$FQDN" mkdir -p "$REMOTE_NEXTCLOUD_PATH/db/data" \
    ssh "$FQDN" mkdir -p "$REMOTE_NEXTCLOUD_PATH/db/logs" \
    ssh "$FQDN" mkdir -p "$REMOTE_NEXTCLOUD_PATH/html"
fi

if [ "$DEPLOY_GITEA" = true ]; then
    ssh "$FQDN" mkdir -p "$REMOTE_GITEA_PATH/data" "$REMOTE_GITEA_PATH/db"
fi

# enable docker swarm mode so we can support docker stacks.
if ! docker info | grep -q "Swarm: active"; then
    docker swarm init
fi

# stop services.
if docker stack list --format "{{.Name}}" | grep -q webstack; then
    docker stack rm webstack
    sleep 10
fi

# this will generate letsencrypt certs and pull them down locally.
if [ "$VPS_HOSTING_TARGET" != lxd ]; then
    # really we should change this if clause to some thing like
    # "if the perimeter firewall allows port 80/443, then go ahead."
    if [ "$VPS_HOSTING_TARGET" = aws ] && [ "$RUN_CERT_RENEWAL" = true ]; then
        ./generate_certs.sh
    fi
else
    
    # restore the certs. If they don't exist in a backup we restore from SITE_PATH
    if [ -f "$SITE_PATH/certs.tar.gz" ]; then
        scp "$SITE_PATH/certs.tar.gz" "ubuntu@$FQDN:$REMOTE_HOME/certs.tar.gz"
        ssh "$FQDN" sudo tar -xvf "$REMOTE_HOME/certs.tar.gz" -C /etc
    else
        echo "ERROR: Certificates do not exist locally. You need to obtain some, perhaps by running with '--app=certonly'."
        exit 1
    fi
fi


if [ "$RUN_BACKUP"  = true ]; then
    ./backup_www.sh
fi

if [ "$RUN_RESTORE" = true ]; then
    ./restore_www.sh
fi

NEW_MATRIX_DEPLOYMENT=false
if [ "$DEPLOY_MATRIX" = true ]; then
    if ! ssh "$FQDN" "[ -d $REMOTE_HOME/matrix ]"; then
        NEW_MATRIX_DEPLOYMENT=true
        ssh "$FQDN" "mkdir $REMOTE_HOME/matrix && mkdir $REMOTE_HOME/matrix/db && mkdir $REMOTE_HOME/matrix/data"

        docker run -it --rm -v "$REMOTE_HOME/matrix/data":/data \
            -e SYNAPSE_SERVER_NAME="${DOMAIN_NAME}" \
            -e SYNAPSE_REGISTRATION_SHARED_SECRET="${MATRIX_SHARED_SECRET}" \
            -e SYNAPSE_REPORT_STATS=yes \
            -e POSTGRES_PASSWORD="${MATRIX_DB_PASSWORD}" \
            -e SYNAPSE_NO_TLS=1 \
            -e SYNAPSE_ENABLE_REGISTRATION=yes \
            -e SYNAPSE_LOG_LEVEL=DEBUG \
            -e POSTGRES_DB=synapse \
            -e POSTGRES_HOST=matrix-db \
            -e POSTGRES_USER=synapse \
            -e POSTGRES_PASSWORD="${MATRIX_DB_PASSWORD}" \
            "$MATRIX_IMAGE" generate
    fi
fi

if [ "$DEPLOY_ONION_SITE" = true ]; then
    # ensure the tor image is built
    docker build -t tor:latest ./tor

    # if the tor folder doesn't exist, we provision a new one. Otherwise you need to restore.
    # this is how we generate a new torv3 endpoint.
    if ! ssh "$FQDN" "[ -d $REMOTE_HOME/tor/www ]"; then
        ssh "$FQDN" "mkdir -p $REMOTE_HOME/tor"
        TOR_CONFIG_PATH="$(pwd)/tor/torrc-init"
        export TOR_CONFIG_PATH="$TOR_CONFIG_PATH"
        docker stack deploy -c ./tor.yml torstack
        sleep 20
        docker stack rm torstack
        sleep 20
    fi

    ONION_ADDRESS="$(ssh "$FQDN" sudo cat "${REMOTE_HOME}"/tor/www/hostname)"
    export ONION_ADDRESS="$ONION_ADDRESS"

    # # Since we run a separate ghost process, we create a new directory and symlink it to the original
    # if ! ssh "$FQDN" "[ -L $REMOTE_HOME/tor_ghost ]"; then
    #     ssh "$FQDN" ln -s "$REMOTE_HOME/ghost_site/themes $REMOTE_HOME/tor_ghost/themes"
    # fi
fi

if [ "$RUN_SERVICES" = true ]; then
    docker stack deploy -c "$DOCKER_YAML_PATH" webstack

    # start a browser session; point it to port 80 to ensure HTTPS redirect.
    wait-for-it -t 320 "$DOMAIN_NAME:80"
    wait-for-it -t 320 "$DOMAIN_NAME:443"

    if [ "$DEPLOY_MATRIX" = true ]; then
        # If this is a new Matrix deployment, then we should add the default admin user.
        if [ $NEW_MATRIX_DEPLOYMENT = true ]; then
            # get the container ID for matrix/synapse.
            MATRIX_CONTAINER_ID="$(docker ps | grep matrixdotorg | awk '{print $1;}')"

            # create the user.
            docker exec -it "$MATRIX_CONTAINER_ID" register_new_matrix_user http://localhost:8008 -u "$ADMIN_ACCOUNT_USERNAME" -p "$MATRIX_ADMIN_PASSWORD" -a --config /data/homeserver.yaml
        fi
    fi

    # open bowser tabs.
    if [ "$DEPLOY_GHOST" = true ]; then
        xdg-open "http://$FQDN"
    fi

    if [ "$DEPLOY_NEXTCLOUD" = true ]; then
        xdg-open "http://$NEXTCLOUD_FQDN"
    fi

    if [ "$DEPLOY_GITEA" = true ]; then
        xdg-open "http://$GITTEA_FQDN"
    fi
fi
Initial Commit 2021-12-25 18:43:01 +00:00			`#!/bin/bash`

			`set -exuo nounset`
			`cd "$(dirname "$0")"`

			`TOR_CONFIG_PATH=`

			`ssh "$FQDN" mkdir -p "$REMOTE_HOME/ghost_site" "$REMOTE_HOME/ghost_db"`

			`if [ "$DEPLOY_NEXTCLOUD" = true ]; then`
			`ssh "$FQDN" mkdir -p "$REMOTE_NEXTCLOUD_PATH/db/data" \`
			`ssh "$FQDN" mkdir -p "$REMOTE_NEXTCLOUD_PATH/db/logs" \`
			`ssh "$FQDN" mkdir -p "$REMOTE_NEXTCLOUD_PATH/html"`
			`fi`

			`if [ "$DEPLOY_GITEA" = true ]; then`
			`ssh "$FQDN" mkdir -p "$REMOTE_GITEA_PATH/data" "$REMOTE_GITEA_PATH/db"`
			`fi`

			`# enable docker swarm mode so we can support docker stacks.`
			`if ! docker info \| grep -q "Swarm: active"; then`
			`docker swarm init`
			`fi`

			`# stop services.`
			`if docker stack list --format "{{.Name}}" \| grep -q webstack; then`
			`docker stack rm webstack`
			`sleep 10`
			`fi`

			`# this will generate letsencrypt certs and pull them down locally.`
			`if [ "$VPS_HOSTING_TARGET" != lxd ]; then`
			`# really we should change this if clause to some thing like`
			`# "if the perimeter firewall allows port 80/443, then go ahead."`
			`if [ "$VPS_HOSTING_TARGET" = aws ] && [ "$RUN_CERT_RENEWAL" = true ]; then`
			`./generate_certs.sh`
			`fi`
			`else`

			`# restore the certs. If they don't exist in a backup we restore from SITE_PATH`
			`if [ -f "$SITE_PATH/certs.tar.gz" ]; then`
			`scp "$SITE_PATH/certs.tar.gz" "ubuntu@$FQDN:$REMOTE_HOME/certs.tar.gz"`
			`ssh "$FQDN" sudo tar -xvf "$REMOTE_HOME/certs.tar.gz" -C /etc`
			`else`
			`echo "ERROR: Certificates do not exist locally. You need to obtain some, perhaps by running with '--app=certonly'."`
			`exit 1`
			`fi`
			`fi`


			`if [ "$RUN_BACKUP" = true ]; then`
			`./backup_www.sh`
			`fi`

			`if [ "$RUN_RESTORE" = true ]; then`
			`./restore_www.sh`
			`fi`

			`NEW_MATRIX_DEPLOYMENT=false`
			`if [ "$DEPLOY_MATRIX" = true ]; then`
			`if ! ssh "$FQDN" "[ -d $REMOTE_HOME/matrix ]"; then`
			`NEW_MATRIX_DEPLOYMENT=true`
			`ssh "$FQDN" "mkdir $REMOTE_HOME/matrix && mkdir $REMOTE_HOME/matrix/db && mkdir $REMOTE_HOME/matrix/data"`

			`docker run -it --rm -v "$REMOTE_HOME/matrix/data":/data \`
			`-e SYNAPSE_SERVER_NAME="${DOMAIN_NAME}" \`
			`-e SYNAPSE_REGISTRATION_SHARED_SECRET="${MATRIX_SHARED_SECRET}" \`
			`-e SYNAPSE_REPORT_STATS=yes \`
			`-e POSTGRES_PASSWORD="${MATRIX_DB_PASSWORD}" \`
			`-e SYNAPSE_NO_TLS=1 \`
			`-e SYNAPSE_ENABLE_REGISTRATION=yes \`
			`-e SYNAPSE_LOG_LEVEL=DEBUG \`
			`-e POSTGRES_DB=synapse \`
			`-e POSTGRES_HOST=matrix-db \`
			`-e POSTGRES_USER=synapse \`
			`-e POSTGRES_PASSWORD="${MATRIX_DB_PASSWORD}" \`
			`"$MATRIX_IMAGE" generate`
			`fi`
			`fi`

			`if [ "$DEPLOY_ONION_SITE" = true ]; then`
			`# ensure the tor image is built`
			`docker build -t tor:latest ./tor`

			`# if the tor folder doesn't exist, we provision a new one. Otherwise you need to restore.`
			`# this is how we generate a new torv3 endpoint.`
			`if ! ssh "$FQDN" "[ -d $REMOTE_HOME/tor/www ]"; then`
			`ssh "$FQDN" "mkdir -p $REMOTE_HOME/tor"`
			`TOR_CONFIG_PATH="$(pwd)/tor/torrc-init"`
			`export TOR_CONFIG_PATH="$TOR_CONFIG_PATH"`
			`docker stack deploy -c ./tor.yml torstack`
			`sleep 20`
			`docker stack rm torstack`
			`sleep 20`
			`fi`

			`ONION_ADDRESS="$(ssh "$FQDN" sudo cat "${REMOTE_HOME}"/tor/www/hostname)"`
			`export ONION_ADDRESS="$ONION_ADDRESS"`

			`# # Since we run a separate ghost process, we create a new directory and symlink it to the original`
			`# if ! ssh "$FQDN" "[ -L $REMOTE_HOME/tor_ghost ]"; then`
			`# ssh "$FQDN" ln -s "$REMOTE_HOME/ghost_site/themes $REMOTE_HOME/tor_ghost/themes"`
			`# fi`
			`fi`

			`if [ "$RUN_SERVICES" = true ]; then`
			`docker stack deploy -c "$DOCKER_YAML_PATH" webstack`

			`# start a browser session; point it to port 80 to ensure HTTPS redirect.`
			`wait-for-it -t 320 "$DOMAIN_NAME:80"`
			`wait-for-it -t 320 "$DOMAIN_NAME:443"`

			`if [ "$DEPLOY_MATRIX" = true ]; then`
			`# If this is a new Matrix deployment, then we should add the default admin user.`
			`if [ $NEW_MATRIX_DEPLOYMENT = true ]; then`
			`# get the container ID for matrix/synapse.`
			`MATRIX_CONTAINER_ID="$(docker ps \| grep matrixdotorg \| awk '{print $1;}')"`

			`# create the user.`
			`docker exec -it "$MATRIX_CONTAINER_ID" register_new_matrix_user http://localhost:8008 -u "$ADMIN_ACCOUNT_USERNAME" -p "$MATRIX_ADMIN_PASSWORD" -a --config /data/homeserver.yaml`
			`fi`
			`fi`

			`# open bowser tabs.`
			`if [ "$DEPLOY_GHOST" = true ]; then`
			`xdg-open "http://$FQDN"`
			`fi`

			`if [ "$DEPLOY_NEXTCLOUD" = true ]; then`
			`xdg-open "http://$NEXTCLOUD_FQDN"`
			`fi`

			`if [ "$DEPLOY_GITEA" = true ]; then`
			`xdg-open "http://$GITTEA_FQDN"`
			`fi`
			`fi`