Moved files
This commit is contained in:
parent
f4f7915a5d
commit
0c36702da5
GPG Key ID:
8F1CD799CCA516CC
62
certs/docker.gpg
Normal file
62
certs/docker.gpg
Normal file
@ -0,0 +1,62 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
|
||||
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
|
||||
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
|
||||
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
|
||||
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
|
||||
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
|
||||
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
|
||||
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
|
||||
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
|
||||
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
|
||||
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
|
||||
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
|
||||
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
|
||||
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
|
||||
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
|
||||
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
|
||||
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
|
||||
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
|
||||
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
|
||||
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
|
||||
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
|
||||
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
|
||||
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
|
||||
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
|
||||
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
|
||||
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
|
||||
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
|
||||
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
|
||||
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
|
||||
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
|
||||
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
|
||||
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
|
||||
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
|
||||
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
|
||||
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
|
||||
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
|
||||
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
|
||||
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
|
||||
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
|
||||
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
|
||||
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
|
||||
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
|
||||
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
|
||||
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
|
||||
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
|
||||
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
|
||||
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
|
||||
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
|
||||
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
|
||||
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
|
||||
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
|
||||
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
|
||||
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
|
||||
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
|
||||
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
|
||||
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
|
||||
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
|
||||
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
|
||||
=0YYh
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
@ -17,9 +17,10 @@ export BTCPAY_HOSTNAME="btcpay"
|
||||
export UMBREL_HOSTNAME="umbrel"
|
||||
export NEXTCLOUD_HOSTNAME="nextcloud"
|
||||
export GITEA_HOSTNAME="git"
|
||||
export NOSTR_HOSTNAME="messages"
|
||||
export NOSTR_HOSTNAME="relay"
|
||||
export NOSTR_ACCOUNT_PUBKEY=
|
||||
|
||||
# used by 'aws' deployments only; planned deprecation
|
||||
export DDNS_PASSWORD=
|
||||
|
||||
# this is where the html is sourced from.
|
||||
@ -66,18 +67,18 @@ export DUPLICITY_BACKUP_PASSPHRASE=
|
||||
export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage;opt-add-btctransmuter;opt-add-configurator;"
|
||||
export SSH_HOME="$HOME/.ssh"
|
||||
export VLAN_INTERFACE=
|
||||
export CACHE_DIR="$HOME/cache"
|
||||
export VM_NAME=
|
||||
export DEV_MEMORY_MB="4096"
|
||||
export DEV_CPU_COUNT="4"
|
||||
export SSHFS_PATH="/tmp/sshfs_temp"
|
||||
export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"
|
||||
|
||||
export NEXTCLOUD_SPACE_GB=10
|
||||
|
||||
DEV_LXD_REMOTE="$(lxc remote get-default)"
|
||||
export DEV_LXD_REMOTE="$DEV_LXD_REMOTE"
|
||||
|
||||
export SITE_TITLE=
|
||||
#export SITE_TITLE=
|
||||
|
||||
# we use this later when we create a VM, we annotate what git commit (from a tag) we used.
|
||||
LATEST_GIT_TAG="$(git describe --abbrev=0)"
|
||||
@ -94,7 +95,7 @@ if [ ! -f "$(which rsync)" ]; then
|
||||
fi
|
||||
|
||||
# shellcheck disable=1091
|
||||
export SITE_PATH="$HOME/.sites"
|
||||
|
||||
export LXD_DISK_TO_USE=
|
||||
|
||||
|
||||
@ -107,8 +108,9 @@ ENABLE_NGINX_CACHING=false
|
||||
# 2 ensure install.sh has been run by checking for tor, docker-machine, lxd, wait-for-it, etc.
|
||||
# 3 pretty much just run the install script if anything is awry
|
||||
# 4 maybe check to ensure all the CNAME and A+ records are there first so we can quit before machine creation.
|
||||
|
||||
export SITE_PATH="$SITE_PATH/$DOMAIN_NAME"
|
||||
export SITE_PATH_HOME="$HOME/ss-sites"
|
||||
SITE_PATH="$SITE_PATH_HOME/$DOMAIN_NAME"
|
||||
mkdir -p "$SITE_PATH"
|
||||
if [ ! -d "$SITE_PATH" ]; then
|
||||
echo "ERROR: '$SITE_PATH' does not exist."
|
||||
exit 1
|
||||
Binary file not shown.
33
lxd_init.yaml
Normal file
33
lxd_init.yaml
Normal file
@ -0,0 +1,33 @@
|
||||
# this goes in instructions. Basically how do you init a LXC cluster member with overlay fan.
|
||||
config:
|
||||
core.https_address: ${LXD_CLUSTER_IP}:8443
|
||||
core.trust_password: ${LXD_CLUSTER_PASSWORD}
|
||||
networks:
|
||||
- config:
|
||||
bridge.mode: fan
|
||||
fan.underlay_subnet: auto
|
||||
description: ""
|
||||
name: lxdfan0
|
||||
type: ""
|
||||
project: default
|
||||
storage_pools: []
|
||||
profiles:
|
||||
- config: {}
|
||||
description: ""
|
||||
devices:
|
||||
eth0:
|
||||
name: eth0
|
||||
network: lxdfan0
|
||||
type: nic
|
||||
name: default
|
||||
projects: []
|
||||
cluster:
|
||||
server_name: ${CLUSTER_NAME}
|
||||
enabled: true
|
||||
member_config: []
|
||||
cluster_address: ""
|
||||
cluster_certificate: ""
|
||||
server_address: ""
|
||||
cluster_password: ""
|
||||
cluster_certificate_path: ""
|
||||
cluster_token: ""
|
||||
@ -8,53 +8,6 @@ if [ ! -d "$SITE_PATH" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
function new_pass {
|
||||
apg -a 1 -M nc -n 3 -m 26 -E GHIJKLMNOPQRSTUVWXYZ | head -n1 | awk '{print $1;}'
|
||||
}
|
||||
|
||||
# check to see if the enf file exists. exist if not.
|
||||
SITE_DEFINITION_PATH="$SITE_PATH/site_definition"
|
||||
if [ ! -f "$SITE_DEFINITION_PATH" ]; then
|
||||
echo "WARNING: '$SITE_DEFINITION_PATH' does not exist! We have stubbed one out for you, but you need to UPDATE IT!"
|
||||
|
||||
# stub out a site_definition with new passwords.
|
||||
cat >"$SITE_DEFINITION_PATH" <<EOL
|
||||
#!/bin/bash
|
||||
|
||||
export SITE_TITLE="Short Title of Project"
|
||||
export DOMAIN_NAME="domain.tld"
|
||||
export DDNS_PASSWORD=
|
||||
export SMTP_PASSWORD=
|
||||
|
||||
# TODO VERIFY SECURE RNG
|
||||
export GHOST_MYSQL_PASSWORD="$(new_pass)"
|
||||
export GHOST_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||
export NEXTCLOUD_MYSQL_PASSWORD="$(new_pass)"
|
||||
export GITEA_MYSQL_PASSWORD="$(new_pass)"
|
||||
export NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||
#export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||
export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
||||
#export DEPLOY_WWW_SERVER=false
|
||||
#export DEPLOY_BTCPAY_SERVER=false
|
||||
#export DEPLOY_UMBREL_VPS=false
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_NOSTR=false
|
||||
export DEPLOY_NEXTCLOUD=true
|
||||
export DEPLOY_ONION_SITE=false
|
||||
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
|
||||
|
||||
# valid options: 'regtest' and 'mainnet'
|
||||
#export BTC_CHAIN=regtest
|
||||
#export WWW_INSTANCE_TYPE="t2.medium"
|
||||
#export BTCPAY_ADDITIONAL_HOSTNAMES="pay.domain.tld"
|
||||
|
||||
EOL
|
||||
|
||||
chmod 0744 "$SITE_DEFINITION_PATH"
|
||||
exit 1
|
||||
|
||||
fi
|
||||
|
||||
DOCKER_YAML_PATH="$SITE_PATH/appstack.yml"
|
||||
export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
|
||||
|
||||
@ -96,7 +49,7 @@ export NOSTR_FQDN="$NOSTR_HOSTNAME.$DOMAIN_NAME"
|
||||
|
||||
export ADMIN_ACCOUNT_USERNAME="info"
|
||||
export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME"
|
||||
export MAIL_FROM="$SITE_TITLE <$CERTIFICATE_EMAIL_ADDRESS>"
|
||||
#export MAIL_FROM="$SITE_TITLE <$CERTIFICATE_EMAIL_ADDRESS>"
|
||||
export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
|
||||
export REMOTE_CERT_DIR="$REMOTE_CERT_BASE_DIR/$FQDN"
|
||||
|
||||
@ -146,6 +99,21 @@ export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE"
|
||||
export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH"
|
||||
export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
|
||||
|
||||
|
||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||
# check to ensure the admin has specified a MACVLAN interface
|
||||
if [ -z "$MACVLAN_INTERFACE" ]; then
|
||||
echo "ERROR: MACVLAN_INTERFACE not defined in project."
|
||||
exit 1
|
||||
fi
|
||||
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||
# we require DDNS on AWS to set the public DNS to the right host.
|
||||
if [ -z "$DDNS_PASSWORD" ]; then
|
||||
echo "ERROR: Ensure DDNS_PASSWORD is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$DEPLOY_GHOST" = true ]; then
|
||||
if [ -z "$GHOST_MYSQL_PASSWORD" ]; then
|
||||
echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site_definition."
|
||||
@ -198,25 +166,15 @@ if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$SMTP_PASSWORD" ]; then
|
||||
echo "ERROR: Ensure SMTP_PASSWORD is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$DDNS_PASSWORD" ]; then
|
||||
echo "ERROR: Ensure DDNS_PASSWORD is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$DOMAIN_NAME" ]; then
|
||||
echo "ERROR: Ensure DOMAIN_NAME is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$SITE_TITLE" ]; then
|
||||
echo "ERROR: Ensure SITE_TITLE is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
#if [ -z "$SITE_TITLE" ]; then
|
||||
# echo "ERROR: Ensure SITE_TITLE is configured in your site_definition."
|
||||
# exit 1
|
||||
#fi
|
||||
|
||||
if [ -z "$DEPLOY_BTCPPAY_SERVER" ]; then
|
||||
echo "ERROR: Ensure DEPLOY_BTCPPAY_SERVER is configured in your site_definition."
|
||||
Loading…
Reference in New Issue
Block a user