1
1

Moved files

This commit is contained in:
Derek Smith 2022-05-24 14:14:53 -04:00
parent f4f7915a5d
commit 0c36702da5
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
5 changed files with 124 additions and 69 deletions

62
certs/docker.gpg Normal file
View File

@ -0,0 +1,62 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -17,9 +17,10 @@ export BTCPAY_HOSTNAME="btcpay"
export UMBREL_HOSTNAME="umbrel" export UMBREL_HOSTNAME="umbrel"
export NEXTCLOUD_HOSTNAME="nextcloud" export NEXTCLOUD_HOSTNAME="nextcloud"
export GITEA_HOSTNAME="git" export GITEA_HOSTNAME="git"
export NOSTR_HOSTNAME="messages" export NOSTR_HOSTNAME="relay"
export NOSTR_ACCOUNT_PUBKEY= export NOSTR_ACCOUNT_PUBKEY=
# used by 'aws' deployments only; planned deprecation
export DDNS_PASSWORD= export DDNS_PASSWORD=
# this is where the html is sourced from. # this is where the html is sourced from.
@ -66,18 +67,18 @@ export DUPLICITY_BACKUP_PASSPHRASE=
export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage;opt-add-btctransmuter;opt-add-configurator;" export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage;opt-add-btctransmuter;opt-add-configurator;"
export SSH_HOME="$HOME/.ssh" export SSH_HOME="$HOME/.ssh"
export VLAN_INTERFACE= export VLAN_INTERFACE=
export CACHE_DIR="$HOME/cache"
export VM_NAME= export VM_NAME=
export DEV_MEMORY_MB="4096" export DEV_MEMORY_MB="4096"
export DEV_CPU_COUNT="4" export DEV_CPU_COUNT="4"
export SSHFS_PATH="/tmp/sshfs_temp" export SSHFS_PATH="/tmp/sshfs_temp"
export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"
export NEXTCLOUD_SPACE_GB=10 export NEXTCLOUD_SPACE_GB=10
DEV_LXD_REMOTE="$(lxc remote get-default)" DEV_LXD_REMOTE="$(lxc remote get-default)"
export DEV_LXD_REMOTE="$DEV_LXD_REMOTE" export DEV_LXD_REMOTE="$DEV_LXD_REMOTE"
export SITE_TITLE= #export SITE_TITLE=
# we use this later when we create a VM, we annotate what git commit (from a tag) we used. # we use this later when we create a VM, we annotate what git commit (from a tag) we used.
LATEST_GIT_TAG="$(git describe --abbrev=0)" LATEST_GIT_TAG="$(git describe --abbrev=0)"
@ -94,7 +95,7 @@ if [ ! -f "$(which rsync)" ]; then
fi fi
# shellcheck disable=1091 # shellcheck disable=1091
export SITE_PATH="$HOME/.sites"
export LXD_DISK_TO_USE= export LXD_DISK_TO_USE=
@ -107,8 +108,9 @@ ENABLE_NGINX_CACHING=false
# 2 ensure install.sh has been run by checking for tor, docker-machine, lxd, wait-for-it, etc. # 2 ensure install.sh has been run by checking for tor, docker-machine, lxd, wait-for-it, etc.
# 3 pretty much just run the install script if anything is awry # 3 pretty much just run the install script if anything is awry
# 4 maybe check to ensure all the CNAME and A+ records are there first so we can quit before machine creation. # 4 maybe check to ensure all the CNAME and A+ records are there first so we can quit before machine creation.
export SITE_PATH_HOME="$HOME/ss-sites"
export SITE_PATH="$SITE_PATH/$DOMAIN_NAME" SITE_PATH="$SITE_PATH_HOME/$DOMAIN_NAME"
mkdir -p "$SITE_PATH"
if [ ! -d "$SITE_PATH" ]; then if [ ! -d "$SITE_PATH" ]; then
echo "ERROR: '$SITE_PATH' does not exist." echo "ERROR: '$SITE_PATH' does not exist."
exit 1 exit 1

33
lxd_init.yaml Normal file
View File

@ -0,0 +1,33 @@
# this goes in instructions. Basically how do you init a LXC cluster member with overlay fan.
config:
core.https_address: ${LXD_CLUSTER_IP}:8443
core.trust_password: ${LXD_CLUSTER_PASSWORD}
networks:
- config:
bridge.mode: fan
fan.underlay_subnet: auto
description: ""
name: lxdfan0
type: ""
project: default
storage_pools: []
profiles:
- config: {}
description: ""
devices:
eth0:
name: eth0
network: lxdfan0
type: nic
name: default
projects: []
cluster:
server_name: ${CLUSTER_NAME}
enabled: true
member_config: []
cluster_address: ""
cluster_certificate: ""
server_address: ""
cluster_password: ""
cluster_certificate_path: ""
cluster_token: ""

View File

@ -8,53 +8,6 @@ if [ ! -d "$SITE_PATH" ]; then
exit 1 exit 1
fi fi
function new_pass {
apg -a 1 -M nc -n 3 -m 26 -E GHIJKLMNOPQRSTUVWXYZ | head -n1 | awk '{print $1;}'
}
# check to see if the enf file exists. exist if not.
SITE_DEFINITION_PATH="$SITE_PATH/site_definition"
if [ ! -f "$SITE_DEFINITION_PATH" ]; then
echo "WARNING: '$SITE_DEFINITION_PATH' does not exist! We have stubbed one out for you, but you need to UPDATE IT!"
# stub out a site_definition with new passwords.
cat >"$SITE_DEFINITION_PATH" <<EOL
#!/bin/bash
export SITE_TITLE="Short Title of Project"
export DOMAIN_NAME="domain.tld"
export DDNS_PASSWORD=
export SMTP_PASSWORD=
# TODO VERIFY SECURE RNG
export GHOST_MYSQL_PASSWORD="$(new_pass)"
export GHOST_MYSQL_ROOT_PASSWORD="$(new_pass)"
export NEXTCLOUD_MYSQL_PASSWORD="$(new_pass)"
export GITEA_MYSQL_PASSWORD="$(new_pass)"
export NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
#export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
#export DEPLOY_WWW_SERVER=false
#export DEPLOY_BTCPAY_SERVER=false
#export DEPLOY_UMBREL_VPS=false
export DEPLOY_GHOST=true
export DEPLOY_NOSTR=false
export DEPLOY_NEXTCLOUD=true
export DEPLOY_ONION_SITE=false
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
# valid options: 'regtest' and 'mainnet'
#export BTC_CHAIN=regtest
#export WWW_INSTANCE_TYPE="t2.medium"
#export BTCPAY_ADDITIONAL_HOSTNAMES="pay.domain.tld"
EOL
chmod 0744 "$SITE_DEFINITION_PATH"
exit 1
fi
DOCKER_YAML_PATH="$SITE_PATH/appstack.yml" DOCKER_YAML_PATH="$SITE_PATH/appstack.yml"
export DOCKER_YAML_PATH="$DOCKER_YAML_PATH" export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
@ -96,7 +49,7 @@ export NOSTR_FQDN="$NOSTR_HOSTNAME.$DOMAIN_NAME"
export ADMIN_ACCOUNT_USERNAME="info" export ADMIN_ACCOUNT_USERNAME="info"
export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME" export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME"
export MAIL_FROM="$SITE_TITLE <$CERTIFICATE_EMAIL_ADDRESS>" #export MAIL_FROM="$SITE_TITLE <$CERTIFICATE_EMAIL_ADDRESS>"
export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs" export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
export REMOTE_CERT_DIR="$REMOTE_CERT_BASE_DIR/$FQDN" export REMOTE_CERT_DIR="$REMOTE_CERT_BASE_DIR/$FQDN"
@ -146,6 +99,21 @@ export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE"
export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH" export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH"
export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES" export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
# check to ensure the admin has specified a MACVLAN interface
if [ -z "$MACVLAN_INTERFACE" ]; then
echo "ERROR: MACVLAN_INTERFACE not defined in project."
exit 1
fi
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
# we require DDNS on AWS to set the public DNS to the right host.
if [ -z "$DDNS_PASSWORD" ]; then
echo "ERROR: Ensure DDNS_PASSWORD is configured in your site_definition."
exit 1
fi
fi
if [ "$DEPLOY_GHOST" = true ]; then if [ "$DEPLOY_GHOST" = true ]; then
if [ -z "$GHOST_MYSQL_PASSWORD" ]; then if [ -z "$GHOST_MYSQL_PASSWORD" ]; then
echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site_definition." echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site_definition."
@ -198,25 +166,15 @@ if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
exit 1 exit 1
fi fi
if [ -z "$SMTP_PASSWORD" ]; then
echo "ERROR: Ensure SMTP_PASSWORD is configured in your site_definition."
exit 1
fi
if [ -z "$DDNS_PASSWORD" ]; then
echo "ERROR: Ensure DDNS_PASSWORD is configured in your site_definition."
exit 1
fi
if [ -z "$DOMAIN_NAME" ]; then if [ -z "$DOMAIN_NAME" ]; then
echo "ERROR: Ensure DOMAIN_NAME is configured in your site_definition." echo "ERROR: Ensure DOMAIN_NAME is configured in your site_definition."
exit 1 exit 1
fi fi
if [ -z "$SITE_TITLE" ]; then #if [ -z "$SITE_TITLE" ]; then
echo "ERROR: Ensure SITE_TITLE is configured in your site_definition." # echo "ERROR: Ensure SITE_TITLE is configured in your site_definition."
exit 1 # exit 1
fi #fi
if [ -z "$DEPLOY_BTCPPAY_SERVER" ]; then if [ -z "$DEPLOY_BTCPPAY_SERVER" ]; then
echo "ERROR: Ensure DEPLOY_BTCPPAY_SERVER is configured in your site_definition." echo "ERROR: Ensure DEPLOY_BTCPPAY_SERVER is configured in your site_definition."