ss/sovereign-stack
ss/sovereign-stack
1
1
Fork 1
Code Releases Activity

Added Nextcloud yml generation.

Browse Source
This commit is contained in:
Derek Smith 2022-10-21 20:04:03 -04:00
parent 8311a5015e
commit 0264d4a298
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
10 changed files with 166 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
defaults.sh
View File

@ -111,7 +111,9 @@ DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
export GHOST_IMAGE="ghost:5.18.0" export GHOST_IMAGE="ghost:5.18.0"
export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE" export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
export NGINX_IMAGE="nginx:1.23.1" export NGINX_IMAGE="nginx:1.23.1"
export NEXTCLOUD_IMAGE="nextcloud:24.0.5"
# version of backup is 24.0.3
export NEXTCLOUD_IMAGE="nextcloud:25.0.0"
export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE" export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE"
# TODO PIN the gitea version number. # TODO PIN the gitea version number.

14
deploy.sh
View File

@ -23,13 +23,12 @@ if ! lsb_release -d | grep -q "Ubuntu 22.04"; then
exit 1 exit 1
fi fi
DOMAIN_NAME= DOMAIN_NAME=
RESTORE_ARCHIVE= RESTORE_ARCHIVE=
VPS_HOSTING_TARGET=lxd VPS_HOSTING_TARGET=lxd
RUN_CERT_RENEWAL=false RUN_CERT_RENEWAL=false
RESTORE_WWW=false RESTORE_WWW=false
BACKUP_CERTS=true BACKUP_CERTS=false
BACKUP_APPS=true BACKUP_APPS=true
BACKUP_BTCPAY=false BACKUP_BTCPAY=false
RESTORE_BTCPAY=false RESTORE_BTCPAY=false
@ -41,6 +40,7 @@ UPDATE_BTCPAY=false
RECONFIGURE_BTCPAY_SERVER=false RECONFIGURE_BTCPAY_SERVER=false
DEPLOY_BTCPAY_SERVER=false DEPLOY_BTCPAY_SERVER=false
CLUSTER_NAME="$(lxc remote get-default)" CLUSTER_NAME="$(lxc remote get-default)"
STOP_SERVICES=false
# grab any modifications from the command line. # grab any modifications from the command line.
for i in "$@"; do for i in "$@"; do
@ -65,6 +65,10 @@ for i in "$@"; do
BACKUP_CERTS=true BACKUP_CERTS=true
shift shift
;; ;;
--stop)
STOP_SERVICES=true
shift
;;
--archive=*) --archive=*)
RESTORE_ARCHIVE="${i#*=}" RESTORE_ARCHIVE="${i#*=}"
shift shift
@ -126,7 +130,7 @@ export DOMAIN_NAME="$DOMAIN_NAME"
export REGISTRY_DOCKER_IMAGE="registry:2" export REGISTRY_DOCKER_IMAGE="registry:2"
export RESTORE_ARCHIVE="$RESTORE_ARCHIVE" export RESTORE_ARCHIVE="$RESTORE_ARCHIVE"
export RESTORE_WWW="$RESTORE_WWW" export RESTORE_WWW="$RESTORE_WWW"
export STOP_SERVICES="$STOP_SERVICES"
export BACKUP_CERTS="$BACKUP_CERTS" export BACKUP_CERTS="$BACKUP_CERTS"
export BACKUP_APPS="$BACKUP_APPS" export BACKUP_APPS="$BACKUP_APPS"
export RESTORE_BTCPAY="$RESTORE_BTCPAY" export RESTORE_BTCPAY="$RESTORE_BTCPAY"
@ -435,9 +439,9 @@ export SITE_LANGUAGE_CODES="en"
export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)" export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
#export BTCPAY_HOSTNAME_IN_CERT="store" #export BTCPAY_HOSTNAME_IN_CERT="store"
export DEPLOY_GHOST=true export DEPLOY_GHOST=true
export DEPLOY_NEXTCLOUD=true export DEPLOY_NEXTCLOUD=false
export DEPLOY_NOSTR_RELAY=true export DEPLOY_NOSTR_RELAY=true
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME" export NOSTR_ACCOUNT_PUBKEY="NOSTR_IDENTITY_PUBKEY_GOES_HERE"
export DEPLOY_GITEA=false export DEPLOY_GITEA=false
#export DEPLOY_ONION_SITE=false #export DEPLOY_ONION_SITE=false
export GHOST_MYSQL_PASSWORD="$(new_pass)" export GHOST_MYSQL_PASSWORD="$(new_pass)"

10
deployment/www/go.sh
View File

@ -114,15 +114,13 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
# fi # fi
fi fi
bash -c ./stub/nginx_yml.sh ./stub/nginx_yml.sh
sleep 3 ./stub/ghost_yml.sh
bash -c ./stub/ghost_yml.sh ./stub/nextcloud_yml.sh
sleep 3 ./stub/gitea_yml.sh
bash -c ./stub/gitea_yml.sh
# # start a browser session; point it to port 80 to ensure HTTPS redirect. # # start a browser session; point it to port 80 to ensure HTTPS redirect.

7
deployment/www/stop_docker_stacks.sh
View File

@ -14,7 +14,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
source ../../domain_env.sh source ../../domain_env.sh
### Stop all services. ### Stop all services.
for APP in ghost gitea; do for APP in ghost nextcloud gitea; do
# backup each language for each app. # backup each language for each app.
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
STACK_NAME="$DOMAIN_IDENTIFIER-$APP-$LANGUAGE_CODE" STACK_NAME="$DOMAIN_IDENTIFIER-$APP-$LANGUAGE_CODE"
@ -52,6 +52,11 @@ done
if docker stack list --format "{{.Name}}" | grep -q reverse-proxy; then if docker stack list --format "{{.Name}}" | grep -q reverse-proxy; then
docker stack rm reverse-proxy docker stack rm reverse-proxy
if [ "$STOP_SERVICES" = true ]; then
echo "STOPPING as indicated by the --stop flag."
exit 1
fi
# wait for all docker containers to stop. # wait for all docker containers to stop.
# TODO see if there's a way to check for this. # TODO see if there's a way to check for this.
sleep 10 sleep 10

122
deployment/www/stub/nextcloud_yml.sh Normal file → Executable file
View File

@ -1,48 +1,82 @@
#!/bin/bash
set -exu
cd "$(dirname "$0")"
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
# source the site path so we know what features it has.
source ../../../reset_env.sh
source "$SITE_PATH/site_definition"
source ../../../domain_env.sh
# ensure remote directories exist
if [ "$DEPLOY_NEXTCLOUD" = true ]; then if [ "$DEPLOY_NEXTCLOUD" = true ]; then
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs" ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/$DOMAIN_NAME/en/db"
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html" ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/$DOMAIN_NAME/en/html"
sleep 2
WEBSTACK_PATH="$SITE_PATH/webstack"
mkdir -p "$WEBSTACK_PATH"
export DOCKER_YAML_PATH="$WEBSTACK_PATH/nextcloud-en.yml"
# here's the NGINX config. We support ghost and nextcloud.
cat > "$DOCKER_YAML_PATH" <<EOL
version: "3.8"
services:
${NEXTCLOUD_STACK_TAG}:
image: ${NEXTCLOUD_IMAGE}
networks:
- nextcloud-${DOMAIN_IDENTIFIER}-en
- nextclouddb-${DOMAIN_IDENTIFIER}-en
volumes:
- ${REMOTE_HOME}/nextcloud/${DOMAIN_NAME}/en/html:/var/www/html
environment:
- MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=${NEXTCLOUD_DB_STACK_TAG}
- NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN_NAME}
- OVERWRITEHOST=${NEXTCLOUD_FQDN}
- OVERWRITEPROTOCOL=https
- SERVERNAME=${NEXTCLOUD_FQDN}
deploy:
restart_policy:
condition: on-failure
${NEXTCLOUD_DB_STACK_TAG}:
image: ${NEXTCLOUD_DB_IMAGE}
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF
networks:
- nextclouddb-${DOMAIN_IDENTIFIER}-en
volumes:
- ${REMOTE_HOME}/nextcloud/${DOMAIN_NAME}/en/db:/var/lib/mysql
environment:
- MARIADB_ROOT_PASSWORD=\${NEXTCLOUD_MYSQL_ROOT_PASSWORD}
- MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
deploy:
restart_policy:
condition: on-failure
networks:
nextcloud-${DOMAIN_IDENTIFIER}-en:
name: "reverse-proxy_nextcloudnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
external: true
nextclouddb-${DOMAIN_IDENTIFIER}-en:
EOL
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-nextcloud-en"
fi fi
done
# if [ "$DEPLOY_NEXTCLOUD" = true ]; then
# cat >>"$NGINX_CONF_PATH" <<EOL
# # TLS listener for ${NEXTCLOUD_FQDN}
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
# ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
# ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
# server_name ${NEXTCLOUD_FQDN};
# location / {
# proxy_headers_hash_max_size 512;
# proxy_headers_hash_bucket_size 64;
# proxy_set_header X-Real-IP \$remote_addr;
# proxy_set_header Host \$host;
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto \$scheme;
# proxy_set_header X-NginX-Proxy true;
# proxy_pass http://nextcloud:80;
# }
# # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html
# location /.well-known/carddav {
# return 301 \$scheme://\$host/remote.php/dav;
# }
# location /.well-known/caldav {
# return 301 \$scheme://\$host/remote.php/dav;
# }
# }
# EOL
# fi

42
deployment/www/stub/nginx_config.sh
View File

@ -395,6 +395,48 @@ EOL
EOL EOL
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
cat >>"$NGINX_CONF_PATH" <<EOL
# TLS listener for ${NEXTCLOUD_FQDN}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
server_name ${NEXTCLOUD_FQDN};
location / {
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://${NEXTCLOUD_STACK_TAG}:80;
}
# https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html
location /.well-known/carddav {
return 301 \$scheme://\$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 \$scheme://\$host/remote.php/dav;
}
}
EOL
fi
# TODO this MIGHT be part of the solution for Twitter Cards. # TODO this MIGHT be part of the solution for Twitter Cards.
# location /contents { # location /contents {
# resolver 127.0.0.11 ipv6=off valid=5m; # resolver 127.0.0.11 ipv6=off valid=5m;

15
deployment/www/stub/nginx_yml.sh
View File

@ -40,6 +40,13 @@ EOL
- giteanet-$DOMAIN_IDENTIFIER-en - giteanet-$DOMAIN_IDENTIFIER-en
EOL EOL
fi fi
if [ "$DEPLOY_NEXTCLOUD" = "true" ]; then
cat >> "$DOCKER_YAML_PATH" <<EOL
- nextcloudnet-$DOMAIN_IDENTIFIER-en
EOL
fi
fi fi
done done
@ -97,6 +104,14 @@ EOL
giteanet-$DOMAIN_IDENTIFIER-en: giteanet-$DOMAIN_IDENTIFIER-en:
attachable: true attachable: true
EOL
fi
if [ "$DEPLOY_NEXTCLOUD" = "true" ]; then
cat >> "$DOCKER_YAML_PATH" <<EOL
nextcloudnet-$DOMAIN_IDENTIFIER-en:
attachable: true
EOL EOL
fi fi

2
deployment/www/stub_docker_yml.sh
View File

@ -10,7 +10,7 @@
# cat >>"$DOCKER_YAML_PATH" <<EOL # cat >>"$DOCKER_YAML_PATH" <<EOL
# nextcloud-db: # nextcloud-db:
# image: ${NEXTCLOUD_DB_IMAGE} # image: ${NEXTCLOUD_DB_IMAGE}
# command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF # command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --log-bin --innodb_read_only_compressed=OFF
# networks: # networks:
# - nextclouddb-net # - nextclouddb-net
# volumes: # volumes:

4
domain_env.sh
View File

@ -28,3 +28,7 @@ export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP" export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
export LANGUAGE_CODE_COUNT=$(("$(echo "$SITE_LANGUAGE_CODES" | tr -cd , | wc -c)"+1)) export LANGUAGE_CODE_COUNT=$(("$(echo "$SITE_LANGUAGE_CODES" | tr -cd , | wc -c)"+1))
STACK_NAME="$DOMAIN_IDENTIFIER-en"
export NEXTCLOUD_STACK_TAG="nextcloud-$STACK_NAME"
export NEXTCLOUD_DB_STACK_TAG="nextclouddb-$STACK_NAME"

2
reset_env.sh
View File

@ -6,7 +6,7 @@ export DOMAIN_NAME=
export DUPLICITY_BACKUP_PASSPHRASE= export DUPLICITY_BACKUP_PASSPHRASE=
export BTCPAY_HOSTNAME_IN_CERT= export BTCPAY_HOSTNAME_IN_CERT=
export DEPLOY_GHOST=true export DEPLOY_GHOST=true
export DEPLOY_NEXTCLOUD=true export DEPLOY_NEXTCLOUD=false
export DEPLOY_NOSTR_RELAY=true export DEPLOY_NOSTR_RELAY=true
export NOSTR_ACCOUNT_PUBKEY= export NOSTR_ACCOUNT_PUBKEY=
export DEPLOY_GITEA=false export DEPLOY_GITEA=false