updates needed for self-hosting updates.
This commit is contained in:
parent
eb6c354922
commit
5e83204f59
25
defaults.sh
Normal file → Executable file
25
defaults.sh
Normal file → Executable file
@ -66,7 +66,8 @@ export NEXTCLOUD_MYSQL_ROOT_PASSWORD=
|
|||||||
export GITEA_MYSQL_ROOT_PASSWORD=
|
export GITEA_MYSQL_ROOT_PASSWORD=
|
||||||
export DUPLICITY_BACKUP_PASSPHRASE=
|
export DUPLICITY_BACKUP_PASSPHRASE=
|
||||||
#opt-add-fireflyiii;opt-add-zammad
|
#opt-add-fireflyiii;opt-add-zammad
|
||||||
export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage;opt-add-btctransmuter;opt-add-configurator;"
|
|
||||||
|
|
||||||
export SSH_HOME="$HOME/.ssh"
|
export SSH_HOME="$HOME/.ssh"
|
||||||
export VLAN_INTERFACE=
|
export VLAN_INTERFACE=
|
||||||
export VM_NAME=
|
export VM_NAME=
|
||||||
@ -77,9 +78,6 @@ export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"
|
|||||||
|
|
||||||
export NEXTCLOUD_SPACE_GB=10
|
export NEXTCLOUD_SPACE_GB=10
|
||||||
|
|
||||||
DEV_LXD_REMOTE="$(lxc remote get-default)"
|
|
||||||
export DEV_LXD_REMOTE="$DEV_LXD_REMOTE"
|
|
||||||
|
|
||||||
# first of all, if there are uncommited changes, we quit. You better stash or commit!
|
# first of all, if there are uncommited changes, we quit. You better stash or commit!
|
||||||
# Remote VPS instances are tagged with your current git HEAD so we know which code revision
|
# Remote VPS instances are tagged with your current git HEAD so we know which code revision
|
||||||
# used when provisioning the VPS.
|
# used when provisioning the VPS.
|
||||||
@ -101,15 +99,9 @@ ENABLE_NGINX_CACHING=true
|
|||||||
# 2 ensure install.sh has been run by checking for tor, docker-machine, lxd, wait-for-it, etc.
|
# 2 ensure install.sh has been run by checking for tor, docker-machine, lxd, wait-for-it, etc.
|
||||||
# 3 pretty much just run the install script if anything is awry
|
# 3 pretty much just run the install script if anything is awry
|
||||||
# 4 maybe check to ensure all the CNAME and A+ records are there first so we can quit before machine creation.
|
# 4 maybe check to ensure all the CNAME and A+ records are there first so we can quit before machine creation.
|
||||||
export SITE_PATH_HOME="$HOME/ss-sites"
|
|
||||||
SITE_PATH="$SITE_PATH_HOME/$DOMAIN_NAME"
|
|
||||||
mkdir -p "$SITE_PATH"
|
|
||||||
if [ ! -d "$SITE_PATH" ]; then
|
|
||||||
echo "ERROR: '$SITE_PATH' does not exist."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
export SITE_PATH="$SITE_PATH"
|
BTC_CHAIN=regtest
|
||||||
|
|
||||||
export BTC_CHAIN="$BTC_CHAIN"
|
export BTC_CHAIN="$BTC_CHAIN"
|
||||||
|
|
||||||
DEFAULT_DB_IMAGE="mariadb:10.6.5"
|
DEFAULT_DB_IMAGE="mariadb:10.6.5"
|
||||||
@ -125,6 +117,9 @@ export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
|||||||
export GITEA_IMAGE="gitea/gitea:latest"
|
export GITEA_IMAGE="gitea/gitea:latest"
|
||||||
export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
||||||
|
|
||||||
export WWW_MAC_ADDRESS=
|
export WWW_MAC_ADDRESS="aa:bb:cc:00:00:00"
|
||||||
export BTCPAY_MAC_ADDRESS=
|
export BTCPAY_MAC_ADDRESS="aa:bb:cc:00:00:01"
|
||||||
export UMBREL_MAC_ADDRESS=
|
export UMBREL_MAC_ADDRESS="aa:bb:cc:00:00:02"
|
||||||
|
|
||||||
|
export CLUSTERS_DIR="$HOME/ss-clusters"
|
||||||
|
export SITES_PATH="$HOME/ss-sites"
|
||||||
|
296
deploy.sh
296
deploy.sh
@ -16,18 +16,23 @@ check_dependencies () {
|
|||||||
check_dependencies wait-for-it dig rsync sshfs lxc docker-machine duplicity
|
check_dependencies wait-for-it dig rsync sshfs lxc docker-machine duplicity
|
||||||
# TODO remove dependency on Docker-machine. That's what we use to provision VM on 3rd party vendors. Looking for LXD endpoint.
|
# TODO remove dependency on Docker-machine. That's what we use to provision VM on 3rd party vendors. Looking for LXD endpoint.
|
||||||
|
|
||||||
|
# let's check to ensure the management machine is on the Baseline ubuntu 21.04
|
||||||
|
if ! lsb_release -d | grep -q "Ubuntu 22.04 LTS"; then
|
||||||
|
echo "ERROR: Your machine is not running the Ubuntu 22.04 LTS baseline OS on your management machine."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
MIGRATE_VPS=false
|
MIGRATE_VPS=false
|
||||||
DOMAIN_NAME=
|
DOMAIN_NAME=
|
||||||
VPS_HOSTING_TARGET=lxd
|
VPS_HOSTING_TARGET=lxd
|
||||||
RUN_CERT_RENEWAL=true
|
RUN_CERT_RENEWAL=true
|
||||||
USER_NO_BACKUP=false
|
USER_NO_BACKUP=false
|
||||||
USER_RUN_RESTORE=false
|
USER_RUN_RESTORE=false
|
||||||
BTC_CHAIN=regtest
|
|
||||||
UPDATE_BTCPAY=false
|
UPDATE_BTCPAY=false
|
||||||
RECONFIGURE_BTCPAY_SERVER=false
|
RECONFIGURE_BTCPAY_SERVER=false
|
||||||
DEPLOY_BTCPAY_SERVER=false
|
DEPLOY_BTCPAY_SERVER=false
|
||||||
MACVLAN_INTERFACE=
|
CURRENT_REMOTE="$(lxc remote get-default)"
|
||||||
LXD_DISK_TO_USE=
|
|
||||||
|
|
||||||
# grab any modifications from the command line.
|
# grab any modifications from the command line.
|
||||||
for i in "$@"; do
|
for i in "$@"; do
|
||||||
@ -62,18 +67,6 @@ for i in "$@"; do
|
|||||||
RUN_CERT_RENEWAL=false
|
RUN_CERT_RENEWAL=false
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--mainnet)
|
|
||||||
BTC_CHAIN=mainnet
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--testnet)
|
|
||||||
BTC_CHAIN=testnet
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--regtest)
|
|
||||||
BTC_CHAIN=regtest
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
--reconfigure-btcpay)
|
--reconfigure-btcpay)
|
||||||
RECONFIGURE_BTCPAY_SERVER=true
|
RECONFIGURE_BTCPAY_SERVER=true
|
||||||
shift
|
shift
|
||||||
@ -85,26 +78,26 @@ for i in "$@"; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
# set up our default paths.
|
# set up our default paths.
|
||||||
export CLUSTERS_DIR="$HOME/ss-clusters"
|
source ./defaults.sh
|
||||||
|
|
||||||
export CACHES_DIR="$HOME/ss-cache"
|
export CACHES_DIR="$HOME/ss-cache"
|
||||||
export SSH_HOME="$HOME/.ssh"
|
export SSH_HOME="$HOME/.ssh"
|
||||||
export DOMAIN_NAME="$DOMAIN_NAME"
|
export DOMAIN_NAME="$DOMAIN_NAME"
|
||||||
export REGISTRY_DOCKER_IMAGE="registry:2"
|
export REGISTRY_DOCKER_IMAGE="registry:2"
|
||||||
|
|
||||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||||
CURRENT_REMOTE="$(lxc remote get-default)"
|
|
||||||
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
|
||||||
CURRENT_REMOTE="docker-machine"
|
CURRENT_REMOTE="docker-machine"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export LXD_REMOTE_PATH="$CLUSTERS_DIR/$CURRENT_REMOTE"
|
|
||||||
export CURRENT_REMOTE="$CURRENT_REMOTE"
|
export CURRENT_REMOTE="$CURRENT_REMOTE"
|
||||||
|
export LXD_REMOTE_PATH="$CLUSTERS_DIR/$CURRENT_REMOTE"
|
||||||
|
|
||||||
|
# ensure our cluster path is created.
|
||||||
|
mkdir -p "$LXD_REMOTE_PATH"
|
||||||
|
|
||||||
# if an authorized_keys file does not exist, we'll stub one out with the current user.
|
# if an authorized_keys file does not exist, we'll stub one out with the current user.
|
||||||
# add additional id_rsa.pub entries manually for more administrative logins.
|
# add additional id_rsa.pub entries manually for more administrative logins.
|
||||||
if [ ! -f "$LXD_REMOTE_PATH/authorized_keys" ]; then
|
if [ ! -f "$LXD_REMOTE_PATH/authorized_keys" ]; then
|
||||||
mkdir -p "u"
|
|
||||||
cat "$SSH_HOME/id_rsa.pub" >> "$LXD_REMOTE_PATH/authorized_keys"
|
cat "$SSH_HOME/id_rsa.pub" >> "$LXD_REMOTE_PATH/authorized_keys"
|
||||||
echo "INFO: Sovereign Stack just stubbed out '$LXD_REMOTE_PATH/authorized_keys'. Go update it."
|
echo "INFO: Sovereign Stack just stubbed out '$LXD_REMOTE_PATH/authorized_keys'. Go update it."
|
||||||
echo " Add ssh pubkeys for your various management machines, if any. We've stubbed it out"
|
echo " Add ssh pubkeys for your various management machines, if any. We've stubbed it out"
|
||||||
@ -113,54 +106,16 @@ if [ ! -f "$LXD_REMOTE_PATH/authorized_keys" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
mkdir -p "$CACHES_DIR" "$LXD_REMOTE_PATH"
|
CLUSTER_DEFINITION="$LXD_REMOTE_PATH/cluster_definition"
|
||||||
CLUSTER_DEFINTION="$LXD_REMOTE_PATH/cluster_definition"
|
export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
|
||||||
export CLUSTER_DEFINTION="$CLUSTER_DEFINTION"
|
|
||||||
|
|
||||||
if [ ! -f "$CLUSTER_DEFINTION" ]; then
|
|
||||||
# stub out a cluster_definition.
|
|
||||||
cat >"$CLUSTER_DEFINTION" <<EOL
|
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1'
|
|
||||||
# Then $HOME/clusters/cluster1 will be your cluster working path.
|
|
||||||
|
|
||||||
# This is REQUIRED. A list of all sites in ~/sites/ that will be deployed.
|
|
||||||
# e.g., 'domain1.tld,domain2.tld,domain3.tld'
|
|
||||||
SITE_LIST="domain1.tld"
|
|
||||||
|
|
||||||
# REQUIRED - change the MACVLAN_INTERFACE to the host adapter that attaches to the SERVERS LAN segment/VLAN/subnet.
|
|
||||||
MACVLAN_INTERFACE="REQUIRED_CHANGE_ME"
|
|
||||||
LXD_DISK_TO_USE=""
|
|
||||||
|
|
||||||
# Deploy a registry cache on your management machine.
|
|
||||||
DEPLOY_REGISTRY=true
|
|
||||||
|
|
||||||
# only relevant
|
|
||||||
export REGISTRY_URL="http://\$HOSTNAME:5000"
|
|
||||||
export REGISTRY_USERNAME=<USERNAME TO DOCKERHUB.COM>
|
|
||||||
export REGISTRY_PASSWORD=<PASSWORD TO DOCKERHUB.COM>
|
|
||||||
|
|
||||||
export MACVLAN_INTERFACE="\$MACVLAN_INTERFACE"
|
|
||||||
export LXD_DISK_TO_USE="\$LXD_DISK_TO_USE"
|
|
||||||
export SITE_LIST="\$SITE_LIST"
|
|
||||||
|
|
||||||
EOL
|
|
||||||
|
|
||||||
chmod 0744 "$CLUSTER_DEFINTION"
|
|
||||||
echo "We stubbed out a '$CLUSTER_DEFINTION' file for you."
|
|
||||||
echo "Use this file to customize your cluster deployment;"
|
|
||||||
echo "Check out 'https://www.sovereign-stack.org/cluster-definition' for an example."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
if [ ! -f "$CLUSTER_DEFINTION" ]; then
|
if [ ! -f "$CLUSTER_DEFINITION" ]; then
|
||||||
echo "ERROR: CLUSTER DEFINITION NOT PRESENT."
|
echo "ERROR: The cluster defintion could not be found. You may need to re-run 'ss-cluster create'."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
source "$CLUSTER_DEFINTION"
|
source "$CLUSTER_DEFINITION"
|
||||||
|
|
||||||
###########################3
|
###########################3
|
||||||
# # This section is done to the management machine. We deploy a registry pull through cache on port 5000
|
# # This section is done to the management machine. We deploy a registry pull through cache on port 5000
|
||||||
@ -206,65 +161,184 @@ function new_pass {
|
|||||||
function run_domain {
|
function run_domain {
|
||||||
|
|
||||||
export VPS_HOSTING_TARGET="$VPS_HOSTING_TARGET"
|
export VPS_HOSTING_TARGET="$VPS_HOSTING_TARGET"
|
||||||
export LXD_DISK_TO_USE="$LXD_DISK_TO_USE"
|
|
||||||
export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
|
export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
|
||||||
|
|
||||||
export BTC_CHAIN="$BTC_CHAIN"
|
export BTC_CHAIN="$BTC_CHAIN"
|
||||||
export UPDATE_BTCPAY="$UPDATE_BTCPAY"
|
export UPDATE_BTCPAY="$UPDATE_BTCPAY"
|
||||||
export MIGRATE_VPS="$MIGRATE_VPS"
|
export MIGRATE_VPS="$MIGRATE_VPS"
|
||||||
export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
|
export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
|
||||||
export MACVLAN_INTERFACE="$MACVLAN_INTERFACE"
|
|
||||||
export LXD_DISK_TO_USE="$LXD_DISK_TO_USE"
|
|
||||||
|
|
||||||
source ./defaults.sh
|
|
||||||
# iterate over all our server endpoints and provision them if needed.
|
# iterate over all our server endpoints and provision them if needed.
|
||||||
# www
|
# www
|
||||||
VPS_HOSTNAME=
|
VPS_HOSTNAME=
|
||||||
for APP_TO_DEPLOY in btcpay www umbrel; do
|
for APP_TO_DEPLOY in www btcpay umbrel; do
|
||||||
FQDN=
|
FQDN=
|
||||||
export APP_TO_DEPLOY="$APP_TO_DEPLOY"
|
|
||||||
|
|
||||||
# shellcheck disable=SC1091
|
# shellcheck disable=SC1091
|
||||||
source ./shared.sh
|
source ./shared.sh
|
||||||
|
|
||||||
# skip this iteration if the site_definition says not to deploy btcpay server.
|
if [ ! -f "$SITE_PATH/site_definition" ]; then
|
||||||
if [ "$APP_TO_DEPLOY" = btcpay ]; then
|
echo "ERROR: Something went wrong. Your site_definition is missing."
|
||||||
VPS_HOSTNAME="$BTCPAY_HOSTNAME"
|
exit 1
|
||||||
MAC_ADDRESS_TO_PROVISION="$BTCPAY_MAC_ADDRESS"
|
|
||||||
if [ "$DEPLOY_BTCPAY_SERVER" = false ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# skip if the server config is set to not deploy.
|
source "$SITE_PATH/site_definition"
|
||||||
if [ "$APP_TO_DEPLOY" = www ]; then
|
|
||||||
VPS_HOSTNAME="$WWW_HOSTNAME"
|
|
||||||
MAC_ADDRESS_TO_PROVISION="$WWW_MAC_ADDRESS"
|
|
||||||
if [ "$DEPLOY_WWW_SERVER" = false ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# skip umbrel if
|
|
||||||
if [ "$APP_TO_DEPLOY" = umbrel ]; then
|
|
||||||
VPS_HOSTNAME="$UMBREL_HOSTNAME"
|
|
||||||
MAC_ADDRESS_TO_PROVISION="$UMBREL_MAC_ADDRESS"
|
|
||||||
if [ "$DEPLOY_UMBREL_VPS" = false ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# create the local packup path if it's not there!
|
# create the local packup path if it's not there!
|
||||||
BACKUP_PATH_CREATED=false
|
BACKUP_PATH_CREATED=false
|
||||||
|
|
||||||
|
export BACKUP_PATH_CREATED="$BACKUP_PATH_CREATED"
|
||||||
|
export MAC_ADDRESS_TO_PROVISION=
|
||||||
|
export VPS_HOSTNAME="$VPS_HOSTNAME"
|
||||||
|
export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
|
||||||
|
export APP_TO_DEPLOY="$APP_TO_DEPLOY"
|
||||||
|
BACKUP_TIMESTAMP="$(date +"%Y-%m")"
|
||||||
|
UNIX_BACKUP_TIMESTAMP="$(date +%s)"
|
||||||
|
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/$APP_TO_DEPLOY/$BACKUP_TIMESTAMP"
|
||||||
|
LOCAL_BACKUP_PATH="$SITE_PATH/backups/$APP_TO_DEPLOY/$BACKUP_TIMESTAMP"
|
||||||
|
export LOCAL_BACKUP_PATH="$LOCAL_BACKUP_PATH"
|
||||||
|
|
||||||
|
export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
|
||||||
|
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
|
||||||
|
|
||||||
|
export REMOTE_CERT_DIR="$REMOTE_CERT_BASE_DIR/$FQDN"
|
||||||
|
|
||||||
if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
|
if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
|
||||||
mkdir -p "$LOCAL_BACKUP_PATH"
|
mkdir -p "$LOCAL_BACKUP_PATH"
|
||||||
BACKUP_PATH_CREATED=true
|
BACKUP_PATH_CREATED=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export BACKUP_PATH_CREATED="$BACKUP_PATH_CREATED"
|
DDNS_HOST=
|
||||||
export MAC_ADDRESS_TO_PROVISION="$MAC_ADDRESS_TO_PROVISION"
|
if [ "$APP_TO_DEPLOY" = www ]; then
|
||||||
export VPS_HOSTNAME="$VPS_HOSTNAME"
|
VPS_HOSTNAME="$WWW_HOSTNAME"
|
||||||
export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
|
MAC_ADDRESS_TO_PROVISION="$WWW_MAC_ADDRESS"
|
||||||
|
DDNS_HOST="$WWW_HOSTNAME"
|
||||||
|
ROOT_DISK_SIZE_GB="$((ROOT_DISK_SIZE_GB + NEXTCLOUD_SPACE_GB))"
|
||||||
|
|
||||||
|
if [ "$DEPLOY_WWW_SERVER" = false ]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
elif [ "$APP_TO_DEPLOY" = btcpay ]; then
|
||||||
|
DDNS_HOST="$BTCPAY_HOSTNAME"
|
||||||
|
VPS_HOSTNAME="$BTCPAY_HOSTNAME"
|
||||||
|
MAC_ADDRESS_TO_PROVISION="$BTCPAY_MAC_ADDRESS"
|
||||||
|
if [ "$BTC_CHAIN" = mainnet ]; then
|
||||||
|
ROOT_DISK_SIZE_GB=150
|
||||||
|
elif [ "$BTC_CHAIN" = testnet ]; then
|
||||||
|
ROOT_DISK_SIZE_GB=40
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DEPLOY_BTCPAY_SERVER" = false ]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
elif [ "$APP_TO_DEPLOY" = umbrel ]; then
|
||||||
|
DDNS_HOST="$UMBREL_HOSTNAME"
|
||||||
|
VPS_HOSTNAME="$UMBREL_HOSTNAME"
|
||||||
|
MAC_ADDRESS_TO_PROVISION="$UMBREL_MAC_ADDRESS"
|
||||||
|
if [ "$BTC_CHAIN" = mainnet ]; then
|
||||||
|
ROOT_DISK_SIZE_GB=1000
|
||||||
|
elif [ "$BTC_CHAIN" = testnet ]; then
|
||||||
|
ROOT_DISK_SIZE_GB=70
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DEPLOY_UMBREL_VPS" = false ]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
elif [ "$APP_TO_DEPLOY" = certonly ]; then
|
||||||
|
DDNS_HOST="$WWW_HOSTNAME"
|
||||||
|
ROOT_DISK_SIZE_GB=8
|
||||||
|
else
|
||||||
|
echo "ERROR: APP_TO_DEPLOY not within allowable bounds."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
export DDNS_HOST="$DDNS_HOST"
|
||||||
|
export FQDN="$DDNS_HOST.$DOMAIN_NAME"
|
||||||
|
export LXD_VM_NAME="${FQDN//./-}"
|
||||||
|
export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH"
|
||||||
|
|
||||||
|
# This next section of if statements is our sanity checking area.
|
||||||
|
if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||||
|
# we require DDNS on AWS to set the public DNS to the right host.
|
||||||
|
if [ -z "$DDNS_PASSWORD" ]; then
|
||||||
|
echo "ERROR: Ensure DDNS_PASSWORD is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DEPLOY_GHOST" = true ]; then
|
||||||
|
if [ -z "$GHOST_MYSQL_PASSWORD" ]; then
|
||||||
|
echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$GHOST_MYSQL_ROOT_PASSWORD" ]; then
|
||||||
|
echo "ERROR: Ensure GHOST_MYSQL_ROOT_PASSWORD is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DEPLOY_GITEA" = true ]; then
|
||||||
|
if [ -z "$GITEA_MYSQL_PASSWORD" ]; then
|
||||||
|
echo "ERROR: Ensure GITEA_MYSQL_PASSWORD is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "$GITEA_MYSQL_ROOT_PASSWORD" ]; then
|
||||||
|
echo "ERROR: Ensure GITEA_MYSQL_ROOT_PASSWORD is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
|
||||||
|
if [ -z "$NEXTCLOUD_MYSQL_ROOT_PASSWORD" ]; then
|
||||||
|
echo "ERROR: Ensure NEXTCLOUD_MYSQL_ROOT_PASSWORD is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$NEXTCLOUD_MYSQL_PASSWORD" ]; then
|
||||||
|
echo "ERROR: Ensure NEXTCLOUD_MYSQL_PASSWORD is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||||
|
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
||||||
|
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
||||||
|
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
|
||||||
|
echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$DOMAIN_NAME" ]; then
|
||||||
|
echo "ERROR: Ensure DOMAIN_NAME is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$DEPLOY_BTCPPAY_SERVER" ]; then
|
||||||
|
echo "ERROR: Ensure DEPLOY_BTCPPAY_SERVER is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ -z "$DEPLOY_UMBREL_VPS" ]; then
|
||||||
|
echo "ERROR: Ensure DEPLOY_UMBREL_VPS is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
||||||
|
echo "ERROR: You MUST specify a Nostr public key. This is how you get all your social features."
|
||||||
|
echo "INFO: Go to your site_definition file and set the NOSTR_ACCOUNT_PUBKEY variable."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# generate the docker yaml and nginx configs.
|
# generate the docker yaml and nginx configs.
|
||||||
bash -c ./deployment/stub_docker_yml.sh
|
bash -c ./deployment/stub_docker_yml.sh
|
||||||
@ -333,13 +407,13 @@ function run_domain {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function stub_site_definition {
|
function stub_site_definition {
|
||||||
|
|
||||||
source ./defaults.sh
|
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
||||||
|
mkdir -p "$SITE_PATH"
|
||||||
|
|
||||||
if [ -f "$SITE_PATH/site_definition" ]; then
|
if [ -f "$SITE_PATH/site_definition" ]; then
|
||||||
source "$SITE_PATH/site_definition"
|
source ./shared.sh
|
||||||
else
|
else
|
||||||
|
|
||||||
# check to see if the enf file exists. exist if not.
|
# check to see if the enf file exists. exist if not.
|
||||||
@ -362,8 +436,8 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
|||||||
## WWW
|
## WWW
|
||||||
export DEPLOY_WWW_SERVER=true
|
export DEPLOY_WWW_SERVER=true
|
||||||
|
|
||||||
# REQUIRED - CHANGE ME - RESERVE ME IN DHCP
|
# see https://www.sovereign-stack.org/mac-addresses-for-new-type-vms/ for more info
|
||||||
export WWW_MAC_ADDRESS="CHANGE_ME"
|
# export WWW_MAC_ADDRESS="CHANGE_ME"
|
||||||
|
|
||||||
# Deploy APPS to www
|
# Deploy APPS to www
|
||||||
export DEPLOY_GHOST=true
|
export DEPLOY_GHOST=true
|
||||||
@ -392,16 +466,16 @@ export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
|||||||
## BTCPAY SERVER; if true, then a BTCPay server is deployed.
|
## BTCPAY SERVER; if true, then a BTCPay server is deployed.
|
||||||
export DEPLOY_BTCPAY_SERVER=false
|
export DEPLOY_BTCPAY_SERVER=false
|
||||||
|
|
||||||
# REQUIRED if DEPLOY_BTCPAY_SERVER=true
|
# https://www.sovereign-stack.org/mac-addresses-for-new-type-vms/
|
||||||
#export BTCPAY_MAC_ADDRESS="CHANGE_ME"
|
#export BTCPAY_MAC_ADDRESS=""
|
||||||
|
|
||||||
## BTCPAY Server
|
## Deploy and Umbrel node?
|
||||||
export DEPLOY_UMBREL_VPS=false
|
export DEPLOY_UMBREL_VPS=false
|
||||||
|
|
||||||
# REQUIRED if DEPLOY_UMBREL_VPS=true
|
# REQUIRED if DEPLOY_UMBREL_VPS=true; https://www.sovereign-stack.org/mac-addresses-for-new-type-vms/
|
||||||
#export UMBREL_MAC_ADDRESS="CHANGE_ME"
|
# export UMBREL_MAC_ADDRESS=""
|
||||||
|
|
||||||
# CHAIN to DEPLOY; valid are 'testnet' and 'mainnet'
|
# CHAIN to DEPLOY; valid are 'regtest', 'testnet', and 'mainnet'
|
||||||
export BTC_CHAIN=regtest
|
export BTC_CHAIN=regtest
|
||||||
|
|
||||||
# set to false to disable nginx caching; helps when making website updates.
|
# set to false to disable nginx caching; helps when making website updates.
|
||||||
@ -418,10 +492,12 @@ EOL
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# let's iterate over the user-supplied domain list and provision each domain.
|
||||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
# iterate through our site list as provided by operator from cluster_definition
|
# iterate through our site list as provided by operator from cluster_definition
|
||||||
for i in ${SITE_LIST//,/ }; do
|
for i in ${SITE_LIST//,/ }; do
|
||||||
export DOMAIN_NAME="$i"
|
export DOMAIN_NAME="$i"
|
||||||
|
export SITE_PATH=""
|
||||||
|
|
||||||
stub_site_definition
|
stub_site_definition
|
||||||
|
|
||||||
|
@ -4,6 +4,8 @@ set -eux
|
|||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
# let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa
|
# let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa
|
||||||
|
# TODO convert this to SSH private key held on Trezor. THus trezor-T required for
|
||||||
|
# login operations. This should be configurable of course.
|
||||||
if [ ! -f "$SSH_HOME/id_rsa" ]; then
|
if [ ! -f "$SSH_HOME/id_rsa" ]; then
|
||||||
# generate a new SSH key for the base vm image.
|
# generate a new SSH key for the base vm image.
|
||||||
ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
|
ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
|
||||||
@ -24,6 +26,23 @@ EOF
|
|||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
function prepare_host {
|
||||||
|
# scan the remote machine and install it's identity in our SSH known_hosts file.
|
||||||
|
ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts"
|
||||||
|
|
||||||
|
# create a directory to store backup archives. This is on all new vms.
|
||||||
|
ssh "$FQDN" mkdir -p "$REMOTE_HOME/backups"
|
||||||
|
|
||||||
|
if [ "$APP_TO_DEPLOY" = btcpay ]; then
|
||||||
|
echo "INFO: new machine detected. Provisioning BTCPay server scripts."
|
||||||
|
|
||||||
|
./btcpayserver/run_setup.sh
|
||||||
|
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
# when set to true, this flag indicates that a new VPS was created during THIS script run.
|
# when set to true, this flag indicates that a new VPS was created during THIS script run.
|
||||||
if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||||
# let's create the remote VPS if needed.
|
# let's create the remote VPS if needed.
|
||||||
@ -32,7 +51,7 @@ if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
|||||||
|
|
||||||
./provision_vps.sh
|
./provision_vps.sh
|
||||||
|
|
||||||
./prepare_vps_host.sh
|
prepare_host
|
||||||
fi
|
fi
|
||||||
elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN"
|
ssh-keygen -f "$SSH_HOME/known_hosts" -R "$FQDN"
|
||||||
@ -51,8 +70,7 @@ elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
|||||||
./provision_lxc.sh
|
./provision_lxc.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# prepare the VPS to support our applications and backups and stuff.
|
prepare_host
|
||||||
./prepare_vps_host.sh
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if the local docker client isn't logged in, do so;
|
# if the local docker client isn't logged in, do so;
|
||||||
@ -64,12 +82,11 @@ fi
|
|||||||
# this tells our local docker client to target the remote endpoint via SSH
|
# this tells our local docker client to target the remote endpoint via SSH
|
||||||
export DOCKER_HOST="ssh://ubuntu@$FQDN"
|
export DOCKER_HOST="ssh://ubuntu@$FQDN"
|
||||||
|
|
||||||
|
|
||||||
# the following scripts take responsibility for the rest of the provisioning depending on the app you're deploying.
|
# the following scripts take responsibility for the rest of the provisioning depending on the app you're deploying.
|
||||||
if [ "$APP_TO_DEPLOY" = www ]; then
|
if [ "$APP_TO_DEPLOY" = www ]; then
|
||||||
./go_www.sh
|
./go_www.sh
|
||||||
elif [ "$APP_TO_DEPLOY" = btcpay ]; then
|
elif [ "$APP_TO_DEPLOY" = btcpay ]; then
|
||||||
./go_btcpay.sh
|
./btcpayserver/go.sh
|
||||||
elif [ "$APP_TO_DEPLOY" = umbrel ]; then
|
elif [ "$APP_TO_DEPLOY" = umbrel ]; then
|
||||||
./go_umbrel.sh
|
./go_umbrel.sh
|
||||||
elif [ "$APP_TO_DEPLOY" = certonly ]; then
|
elif [ "$APP_TO_DEPLOY" = certonly ]; then
|
||||||
@ -85,4 +102,4 @@ else
|
|||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Successfull deployed '$DOMAIN_NAME' with git commit '$(cat ./.git/refs/heads/master)' VPS_HOSTING_TARGET=$VPS_HOSTING_TARGET;" >> "$SITE_PATH/debug.log"
|
echo "Successfull deployed '$DOMAIN_NAME' with git commit '$(cat ./.git/refs/heads/master)' VPS_HOSTING_TARGET=$VPS_HOSTING_TARGET;"
|
||||||
|
@ -30,21 +30,24 @@ config:
|
|||||||
- git
|
- git
|
||||||
- nano
|
- nano
|
||||||
- wait-for-it
|
- wait-for-it
|
||||||
|
- dnsutils
|
||||||
|
- wget
|
||||||
|
|
||||||
|
|
||||||
groups:
|
groups:
|
||||||
- docker
|
- docker
|
||||||
|
|
||||||
|
|
||||||
users:
|
users:
|
||||||
- name: ubuntu
|
- name: ubuntu
|
||||||
|
groups: docker
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
lock_passwd: false
|
lock_passwd: false
|
||||||
groups:
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||||
- docker
|
|
||||||
sudo:
|
|
||||||
- ALL=(ALL) NOPASSWD:ALL
|
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- ${SSH_AUTHORIZED_KEY}
|
- ${SSH_AUTHORIZED_KEY}
|
||||||
|
|
||||||
|
|
||||||
write_files:
|
write_files:
|
||||||
- path: ${REMOTE_HOME}/docker.asc
|
- path: ${REMOTE_HOME}/docker.asc
|
||||||
content: |
|
content: |
|
||||||
@ -113,32 +116,31 @@ config:
|
|||||||
|
|
||||||
- path: /etc/ssh/ssh_config
|
- path: /etc/ssh/ssh_config
|
||||||
content: |
|
content: |
|
||||||
Port 22
|
Port 22
|
||||||
ListenAddress 0.0.0.0
|
ListenAddress 0.0.0.0
|
||||||
Protocol 2
|
Protocol 2
|
||||||
ChallengeResponseAuthentication no
|
ChallengeResponseAuthentication no
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
UsePAM no
|
UsePAM no
|
||||||
LogLevel INFO
|
LogLevel INFO
|
||||||
|
|
||||||
- path: /etc/docker/daemon.json
|
- path: /etc/docker/daemon.json
|
||||||
content: |
|
content: |
|
||||||
{
|
{
|
||||||
"registry-mirrors": [
|
"registry-mirrors": [
|
||||||
"${REGISTRY_URL}"
|
"${REGISTRY_URL}"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
runcmd:
|
runcmd:
|
||||||
- cat ${REMOTE_HOME}/docker.asc | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
- cat ${REMOTE_HOME}/docker.asc | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
||||||
- sudo rm ${REMOTE_HOME}/docker.asc
|
- sudo rm ${REMOTE_HOME}/docker.asc
|
||||||
- echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
|
- echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
|
||||||
- sudo apt-get remove docker docker.io containerd runc
|
|
||||||
- sudo apt-get update
|
- sudo apt-get update
|
||||||
- sudo apt-get install -y docker-ce docker-ce-cli containerd.io
|
- sudo apt-get install -y docker-ce docker-ce-cli containerd.io
|
||||||
- echo "alias ll='ls -lah'" >> ${REMOTE_HOME}/.bash_profile
|
- echo "alias ll='ls -lah'" >> ${REMOTE_HOME}/.bash_profile
|
||||||
- sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
- sudo curl -s -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
||||||
- sudo chmod +x /usr/local/bin/docker-compose
|
- sudo chmod +x /usr/local/bin/docker-compose
|
||||||
- sudo apt-get install -y openssh-server
|
- sudo apt-get install -y openssh-server
|
||||||
|
|
||||||
@ -146,13 +148,8 @@ description: Default LXD profile for ${DOMAIN_NAME}
|
|||||||
devices:
|
devices:
|
||||||
root:
|
root:
|
||||||
path: /
|
path: /
|
||||||
pool: default
|
pool: sovereign-stack
|
||||||
type: disk
|
type: disk
|
||||||
config:
|
config:
|
||||||
source: cloud-init:config
|
source: cloud-init:config
|
||||||
type: disk
|
type: disk
|
||||||
enp5s0:
|
|
||||||
nictype: macvlan
|
|
||||||
parent: ${MACVLAN_INTERFACE}
|
|
||||||
type: nic
|
|
||||||
name: ${LXD_VM_NAME}
|
|
||||||
|
139
shared.sh
139
shared.sh
@ -16,23 +16,7 @@ fi
|
|||||||
|
|
||||||
DOCKER_YAML_PATH="$SITE_PATH/appstack.yml"
|
DOCKER_YAML_PATH="$SITE_PATH/appstack.yml"
|
||||||
export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
|
export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
|
||||||
|
|
||||||
# TODO add file existence check
|
|
||||||
if [ ! -f "$SITE_PATH/site_definition" ]; then
|
|
||||||
echo "ERROR: site_definition does not exist."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
source "$SITE_PATH/site_definition"
|
|
||||||
|
|
||||||
export REMOTE_HOME="/home/ubuntu"
|
export REMOTE_HOME="/home/ubuntu"
|
||||||
BACKUP_TIMESTAMP="$(date +"%Y-%m")"
|
|
||||||
UNIX_BACKUP_TIMESTAMP="$(date +%s)"
|
|
||||||
export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
|
|
||||||
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
|
|
||||||
REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/$APP_TO_DEPLOY/$BACKUP_TIMESTAMP"
|
|
||||||
LOCAL_BACKUP_PATH="$SITE_PATH/backups/$APP_TO_DEPLOY/$BACKUP_TIMESTAMP"
|
|
||||||
export LOCAL_BACKUP_PATH="$LOCAL_BACKUP_PATH"
|
|
||||||
|
|
||||||
mkdir -p "$SSHFS_PATH"
|
mkdir -p "$SSHFS_PATH"
|
||||||
|
|
||||||
@ -50,7 +34,7 @@ export NOSTR_FQDN="$NOSTR_HOSTNAME.$DOMAIN_NAME"
|
|||||||
export ADMIN_ACCOUNT_USERNAME="info"
|
export ADMIN_ACCOUNT_USERNAME="info"
|
||||||
export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME"
|
export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME"
|
||||||
export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
|
export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
|
||||||
export REMOTE_CERT_DIR="$REMOTE_CERT_BASE_DIR/$FQDN"
|
|
||||||
|
|
||||||
export VM_NAME="sovereign-stack-base"
|
export VM_NAME="sovereign-stack-base"
|
||||||
export REMOTE_NEXTCLOUD_PATH="$REMOTE_HOME/nextcloud"
|
export REMOTE_NEXTCLOUD_PATH="$REMOTE_HOME/nextcloud"
|
||||||
@ -59,129 +43,10 @@ export REMOTE_GITEA_PATH="$REMOTE_HOME/gitea"
|
|||||||
# this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
|
# this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
|
||||||
export ROOT_DISK_SIZE_GB=20
|
export ROOT_DISK_SIZE_GB=20
|
||||||
|
|
||||||
DDNS_HOST=
|
|
||||||
if [ "$APP_TO_DEPLOY" = www ]; then
|
|
||||||
DDNS_HOST="$WWW_HOSTNAME"
|
|
||||||
ROOT_DISK_SIZE_GB=$((ROOT_DISK_SIZE_GB + NEXTCLOUD_SPACE_GB))
|
|
||||||
elif [ "$APP_TO_DEPLOY" = btcpay ]; then
|
|
||||||
DDNS_HOST="$BTCPAY_HOSTNAME"
|
|
||||||
if [ "$BTC_CHAIN" = mainnet ]; then
|
|
||||||
ROOT_DISK_SIZE_GB=150
|
|
||||||
elif [ "$BTC_CHAIN" = testnet ]; then
|
|
||||||
ROOT_DISK_SIZE_GB=40
|
|
||||||
fi
|
|
||||||
elif [ "$APP_TO_DEPLOY" = umbrel ]; then
|
|
||||||
DDNS_HOST="$UMBREL_HOSTNAME"
|
|
||||||
if [ "$BTC_CHAIN" = mainnet ]; then
|
|
||||||
ROOT_DISK_SIZE_GB=1000
|
|
||||||
elif [ "$BTC_CHAIN" = testnet ]; then
|
|
||||||
ROOT_DISK_SIZE_GB=70
|
|
||||||
fi
|
|
||||||
elif [ "$APP_TO_DEPLOY" = certonly ]; then
|
|
||||||
DDNS_HOST="$WWW_HOSTNAME"
|
|
||||||
ROOT_DISK_SIZE_GB=8
|
|
||||||
else
|
|
||||||
echo "ERROR: APP_TO_DEPLOY not within allowable bounds."
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
# we use this in other subshells.
|
|
||||||
export APP_TO_DEPLOY="$APP_TO_DEPLOY"
|
|
||||||
export DDNS_HOST="$DDNS_HOST"
|
|
||||||
export FQDN="$DDNS_HOST.$DOMAIN_NAME"
|
|
||||||
export LXD_VM_NAME="${FQDN//./-}"
|
|
||||||
export BTC_CHAIN="$BTC_CHAIN"
|
export BTC_CHAIN="$BTC_CHAIN"
|
||||||
export ROOT_DISK_SIZE_GB=$ROOT_DISK_SIZE_GB
|
export ROOT_DISK_SIZE_GB=$ROOT_DISK_SIZE_GB
|
||||||
export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE"
|
export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE"
|
||||||
export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH"
|
|
||||||
export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
|
export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
|
||||||
|
|
||||||
|
|
||||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
|
||||||
# check to ensure the admin has specified a MACVLAN interface
|
|
||||||
if [ -z "$MACVLAN_INTERFACE" ]; then
|
|
||||||
echo "ERROR: MACVLAN_INTERFACE not defined in project."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
|
||||||
# we require DDNS on AWS to set the public DNS to the right host.
|
|
||||||
if [ -z "$DDNS_PASSWORD" ]; then
|
|
||||||
echo "ERROR: Ensure DDNS_PASSWORD is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$DEPLOY_GHOST" = true ]; then
|
|
||||||
if [ -z "$GHOST_MYSQL_PASSWORD" ]; then
|
|
||||||
echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$GHOST_MYSQL_ROOT_PASSWORD" ]; then
|
|
||||||
echo "ERROR: Ensure GHOST_MYSQL_ROOT_PASSWORD is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$DEPLOY_GITEA" = true ]; then
|
|
||||||
if [ -z "$GITEA_MYSQL_PASSWORD" ]; then
|
|
||||||
echo "ERROR: Ensure GITEA_MYSQL_PASSWORD is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ -z "$GITEA_MYSQL_ROOT_PASSWORD" ]; then
|
|
||||||
echo "ERROR: Ensure GITEA_MYSQL_ROOT_PASSWORD is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
|
|
||||||
if [ -z "$NEXTCLOUD_MYSQL_ROOT_PASSWORD" ]; then
|
|
||||||
echo "ERROR: Ensure NEXTCLOUD_MYSQL_ROOT_PASSWORD is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$NEXTCLOUD_MYSQL_PASSWORD" ]; then
|
|
||||||
echo "ERROR: Ensure NEXTCLOUD_MYSQL_PASSWORD is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$DEPLOY_NOSTR" = true ]; then
|
|
||||||
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
|
||||||
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
|
||||||
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
|
|
||||||
echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$DOMAIN_NAME" ]; then
|
|
||||||
echo "ERROR: Ensure DOMAIN_NAME is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$DEPLOY_BTCPPAY_SERVER" ]; then
|
|
||||||
echo "ERROR: Ensure DEPLOY_BTCPPAY_SERVER is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if [ -z "$DEPLOY_UMBREL_VPS" ]; then
|
|
||||||
echo "ERROR: Ensure DEPLOY_UMBREL_VPS is configured in your site_definition."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
|
||||||
echo "ERROR: You MUST specify a Nostr public key. This is how you get all your social features."
|
|
||||||
echo "INFO: Go to your site_definition file and set the NOSTR_ACCOUNT_PUBKEY variable."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user