1
1

Various software updates and control updates.

Signed-off-by: Derek Smith <derek@farscapian.com>
This commit is contained in:
Derek Smith 2022-04-22 15:51:02 -04:00
parent 4c4a2304ac
commit 1e338fb603
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
10 changed files with 47 additions and 30 deletions

View File

@ -2,7 +2,7 @@
set -eu set -eu
export DEPLOY_WWW_SERVER=true export DEPLOY_WWW_SERVER=false
export DEPLOY_BTCPPAY_SERVER=false export DEPLOY_BTCPPAY_SERVER=false
export DEPLOY_UMBREL_VPS=false export DEPLOY_UMBREL_VPS=false
@ -44,8 +44,8 @@ export SMTP_PORT="587"
export AWS_REGION="us-east-1" export AWS_REGION="us-east-1"
# AMI NAME: # AMI NAME:
# ubuntu-minimal/images/hvm-ssd/ubuntu-hirsute-21.04-amd64-minimal-20211130-907a40d2-dca2-4750-b073-b3254c031ab6 # ubuntu-minimal/images/hvm-ssd/ubuntu-impish-21.10-amd64-minimal-20220308-f7c42f71-5c9c-40c0-b808-ada8557fe9a2
export AWS_AMI_ID="ami-080435381cbbb5b9b" export AWS_AMI_ID="ami-0ab880898e027d4c1"
WWW_INSTANCE_TYPE="t2.micro" WWW_INSTANCE_TYPE="t2.micro"
BTCPAY_INSTANCE_TYPE="t2.medium" BTCPAY_INSTANCE_TYPE="t2.medium"
@ -120,7 +120,6 @@ fi
export SITE_PATH="$SITE_PATH" export SITE_PATH="$SITE_PATH"
export BTC_CHAIN="$BTC_CHAIN" export BTC_CHAIN="$BTC_CHAIN"
export DEPLOY_BTCPAY_SERVER=false
# if we're running aws/public, we enable nginx caching since it's a public site. # if we're running aws/public, we enable nginx caching since it's a public site.
if [ "$VPS_HOSTING_TARGET" = aws ]; then if [ "$VPS_HOSTING_TARGET" = aws ]; then
@ -132,12 +131,12 @@ DEFAULT_DB_IMAGE="mariadb:10.6.5"
export ENABLE_NGINX_CACHING="$ENABLE_NGINX_CACHING" export ENABLE_NGINX_CACHING="$ENABLE_NGINX_CACHING"
# run the docker stack. # run the docker stack.
export GHOST_IMAGE="ghost:4.32.0" export GHOST_IMAGE="ghost:4.44.0"
export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE" export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
export NGINX_IMAGE="nginx:1.21.4" export NGINX_IMAGE="nginx:1.21.6"
export NEXTCLOUD_IMAGE="nextcloud:23.0.0" export NEXTCLOUD_IMAGE="nextcloud:23.0.2"
export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE" export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE"
export MATRIX_IMAGE="matrixdotorg/synapse:v1.49.0" export MATRIX_IMAGE="matrixdotorg/synapse:v1.52.0"
export MATRIX_DB_IMAGE="postgres:13.4" export MATRIX_DB_IMAGE="postgres:13.6"
export GITEA_IMAGE="gitea/gitea:latest" export GITEA_IMAGE="gitea/gitea:latest"
export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE" export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE"

View File

@ -3,7 +3,7 @@
set -exuo nounset set -exuo nounset
cd "$(dirname "$0")" cd "$(dirname "$0")"
USER_DELETE_MACHINE=false MIGRATE_VPS=false
DOMAIN_NAME= DOMAIN_NAME=
VPS_HOSTING_TARGET=lxd VPS_HOSTING_TARGET=lxd
RUN_CERT_RENEWAL=true RUN_CERT_RENEWAL=true
@ -15,7 +15,10 @@ MIGRATE_BTCPAY_SERVER=false
RECONFIGURE_BTCPAY_SERVER=false RECONFIGURE_BTCPAY_SERVER=false
BTCPAY_ADDITIONAL_HOSTNAMES= BTCPAY_ADDITIONAL_HOSTNAMES=
LXD_DISK_TO_USE= LXD_DISK_TO_USE=
DEV_BTCPAY_MAC_ADDRESS= DEPLOY_BTCPAY_SERVER=false
REDEPLOY_STACK=false
MACVLAN_INTERFACE=
for i in "$@"; do for i in "$@"; do
case $i in case $i in
@ -39,8 +42,8 @@ for i in "$@"; do
USER_NO_BACKUP=true USER_NO_BACKUP=true
shift shift
;; ;;
--delete) --migrate)
USER_DELETE_MACHINE=true MIGRATE_VPS=true
shift shift
;; ;;
--storage-backend=*) --storage-backend=*)
@ -79,6 +82,7 @@ export BTC_CHAIN="$BTC_CHAIN"
export UPDATE_BTCPAY="$UPDATE_BTCPAY" export UPDATE_BTCPAY="$UPDATE_BTCPAY"
export MIGRATE_BTCPAY_SERVER="$MIGRATE_BTCPAY_SERVER" export MIGRATE_BTCPAY_SERVER="$MIGRATE_BTCPAY_SERVER"
export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER" export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
export MACVLAN_INTERFACE="$MACVLAN_INTERFACE"
# # first of all, if there are uncommited changes, we quit. You better stash your work yo! # # first of all, if there are uncommited changes, we quit. You better stash your work yo!
# if git update-index --refresh| grep -q "needs update"; then # if git update-index --refresh| grep -q "needs update"; then
@ -108,7 +112,8 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
# skip if the server config is set to not deploy. # skip if the server config is set to not deploy.
if [ "$APP_TO_DEPLOY" = www ]; then if [ "$APP_TO_DEPLOY" = www ]; then
FQDN="$WWW_HOSTNAME.$DOMAIN_NAME" VPS_HOSTNAME="$WWW_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$WWW_MAC_ADDRESS"
if [ "$DEPLOY_WWW_SERVER" = false ]; then if [ "$DEPLOY_WWW_SERVER" = false ]; then
continue continue
fi fi
@ -123,6 +128,9 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
fi fi
fi fi
export MAC_ADDRESS_TO_PROVISION="$MAC_ADDRESS_TO_PROVISION"
export VPS_HOSTNAME="$VPS_HOSTNAME"
export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
# generate the docker yaml and nginx configs. # generate the docker yaml and nginx configs.
./stub_docker_yml.sh ./stub_docker_yml.sh
@ -143,7 +151,9 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
if [ "$MACHINE_EXISTS" = true ]; then if [ "$MACHINE_EXISTS" = true ]; then
# we delete the machine if the user has directed us to # we delete the machine if the user has directed us to
if [ "$USER_DELETE_MACHINE" = true ]; then if [ "$MIGRATE_VPS" = true ]; then
# run the domain_init based on user input. # run the domain_init based on user input.
if [ "$USER_NO_BACKUP" = true ]; then if [ "$USER_NO_BACKUP" = true ]; then
echo "Machine exists. We don't need to back it up because the user has directed --no-backup." echo "Machine exists. We don't need to back it up because the user has directed --no-backup."
@ -160,6 +170,7 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
fi fi
elif [ "$VPS_HOSTING_TARGET" = lxd ]; then elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
lxc delete --force "$LXD_VM_NAME" lxc delete --force "$LXD_VM_NAME"
USER_RUN_RESTORE=true
fi fi
# Then we run the script again to re-instantiate a new VPS, restoring all user data # Then we run the script again to re-instantiate a new VPS, restoring all user data
@ -178,7 +189,7 @@ for APP_TO_DEPLOY in btcpay www umbrel; do
RUN_RESTORE="$USER_RUN_RESTORE" RUN_BACKUP="$RUN_BACKUP" RUN_SERVICES=true ./domain_init.sh RUN_RESTORE="$USER_RUN_RESTORE" RUN_BACKUP="$RUN_BACKUP" RUN_SERVICES=true ./domain_init.sh
fi fi
else else
if [ "$USER_DELETE_MACHINE" = true ]; then if [ "$MIGRATE_VPS" = true ]; then
echo "INFO: User has indicated to delete the machine, but it doesn't exist. Going to create it anyway." echo "INFO: User has indicated to delete the machine, but it doesn't exist. Going to create it anyway."
fi fi

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -exuo nounset set -eux
cd "$(dirname "$0")" cd "$(dirname "$0")"
# let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa # let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa
@ -44,20 +44,20 @@ elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN" ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN"
#check to ensure the MACVLAN interface has been set by the user #check to ensure the MACVLAN interface has been set by the user
if [ -z "$DEV_MACVLAN_INTERFACE" ]; then if [ -z "$MACVLAN_INTERFACE" ]; then
echo "ERROR: DEV_MACVLAN_INTERFACE has not been defined. Use '--macvlan-interface=eno1' for example." echo "ERROR: MACVLAN_INTERFACE has not been defined. Use '--macvlan-interface=eno1' for example."
exit 1 exit 1
fi fi
# let's first check to ensure there's a cert.tar.gz. We need a valid cert for testing. # let's first check to ensure there's a cert.tar.gz. We need a valid cert for testing.
if [ ! -f "$SITE_PATH/certs.tar.gz" ]; then if [ ! -f "$SITE_PATH/certs.tar.gz" ]; then
echo "ERROR: We need a valid cert for testing. Please use the '--app=certonly' first." echo "ERROR: We need a valid cert for testing."
exit exit 1
fi fi
# if the machine doesn't exist, we create it. # if the machine doesn't exist, we create it.
if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
RUN_BACKUP=false export RUN_BACKUP=false
# create a base image if needed and instantiate a VM. # create a base image if needed and instantiate a VM.
./provision_lxc.sh ./provision_lxc.sh

View File

@ -1,9 +1,10 @@
#!/bin/bash #!/bin/bash
set -exuo nounset set -exu
cd "$(dirname "$0")" cd "$(dirname "$0")"
if [ "$RUN_BACKUP" = true ]; then if [ "$RUN_BACKUP" = true ]; then
# shellcheck disable=SC2029
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh" ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh"
fi fi
@ -17,6 +18,7 @@ if [ "$UPDATE_BTCPAY" = true ]; then
fi fi
# run the update. # run the update.
# shellcheck disable=SC2029
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-update.sh" ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-update.sh"
else else
@ -28,6 +30,7 @@ fi
# run a restoration if specified. # run a restoration if specified.
if [ "$RUN_RESTORE" = true ]; then if [ "$RUN_RESTORE" = true ]; then
# shellcheck disable=SC2029
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh" ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-down.sh"
./restore_btcpay.sh ./restore_btcpay.sh
fi fi
@ -38,9 +41,10 @@ if [ "$RECONFIGURE_BTCPAY_SERVER" = true ]; then
./run_btcpay_setup.sh ./run_btcpay_setup.sh
fi fi
if [ "$MIGRATE_BTCPAY_SERVER" = false ]; then if [ "$MIGRATE_VPS" = false ]; then
# The default is to resume services, though admin may want to keep services off (eg., for a migration) # The default is to resume services, though admin may want to keep services off (eg., for a migration)
# we bring the services back up by default. # we bring the services back up by default.
# shellcheck disable=SC2029
ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-up.sh" ssh "$FQDN" "cd $REMOTE_HOME/btcpayserver-docker/; sudo bash -c ./btcpay-up.sh"
# we wait for lightning to comone line too. # we wait for lightning to comone line too.

View File

@ -40,9 +40,9 @@ else
# restore the certs. If they don't exist in a backup we restore from SITE_PATH # restore the certs. If they don't exist in a backup we restore from SITE_PATH
if [ -f "$SITE_PATH/certs.tar.gz" ]; then if [ -f "$SITE_PATH/certs.tar.gz" ]; then
scp "$SITE_PATH/certs.tar.gz" "ubuntu@$FQDN:$REMOTE_HOME/certs.tar.gz" scp "$SITE_PATH/certs.tar.gz" "ubuntu@$FQDN:$REMOTE_HOME/certs.tar.gz"
ssh "$FQDN" sudo tar -xvf "$REMOTE_HOME/certs.tar.gz" -C /etc ssh "$FQDN" "sudo tar -xvf $REMOTE_HOME/certs.tar.gz -C /etc"
else else
echo "ERROR: Certificates do not exist locally. You need to obtain some, perhaps by running with '--app=certonly'." echo "ERROR: Certificates do not exist locally."
exit 1 exit 1
fi fi
fi fi

View File

@ -2,7 +2,7 @@
sudo apt-get update sudo apt-get update
sudo apt-get install -y wait-for-it dnsutils tor rsync sshfs sudo apt-get install -y wait-for-it dnsutils rsync sshfs
if [ ! -f $(which lxd) ]; then if [ ! -f $(which lxd) ]; then
sudo snap install lxd sudo snap install lxd

View File

@ -143,6 +143,6 @@ devices:
type: disk type: disk
enp5s0: enp5s0:
nictype: macvlan nictype: macvlan
parent: ${DEV_MACVLAN_INTERFACE} parent: ${MACVLAN_INTERFACE}
type: nic type: nic
name: ${LXD_VM_NAME} name: ${LXD_VM_NAME}

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -euo nounset set -eux
cd "$(dirname "$0")" cd "$(dirname "$0")"

View File

@ -17,4 +17,3 @@ scp -r "$LOCAL_BACKUP_PATH/" "$FQDN:$REMOTE_HOME/backups/$APP_TO_DEPLOY"
# now we run duplicity to restore the archive. # now we run duplicity to restore the archive.
ssh "$FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/" "$REMOTE_HOME/" ssh "$FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/" "$REMOTE_HOME/"
#ssh "$FQDN" sudo tar -xvf "$REMOTE_HOME/certs.tar.gz" -C /etc

View File

@ -59,6 +59,10 @@ DOCKER_YAML_PATH="$SITE_PATH/appstack.yml"
export DOCKER_YAML_PATH="$DOCKER_YAML_PATH" export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
# TODO add file existence check # TODO add file existence check
if [ ! -f "$SITE_PATH/site_definition" ]; then
echo "ERROR: site_definition does not exist."
exit 1
fi
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source "$SITE_PATH/site_definition" source "$SITE_PATH/site_definition"