ss/sovereign-stack
ss
/
sovereign-stack
1
1
Fork 1
Code Releases Activity

Various updates.

This commit is contained in:
Derek Smith 2022-10-19 13:15:38 -04:00
parent b5a48ef23e
commit 8311a5015e
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
10 changed files with 49 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
defaults.sh
View File

@ -7,7 +7,7 @@ export WWW_SERVER_MAC_ADDRESS=
export DEPLOY_BTCPPAY_SERVER=false
export DEPLOY_GHOST=true
export DEPLOY_NOSTR_RELAY=false
export DEPLOY_NOSTR_RELAY=true
export DEPLOY_ONION_SITE=false
export DEPLOY_NEXTCLOUD=false
export DEPLOY_GITEA=false
@ -108,7 +108,7 @@ DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
# run the docker stack.
export GHOST_IMAGE="ghost:5.14.2"
export GHOST_IMAGE="ghost:5.18.0"
export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
export NGINX_IMAGE="nginx:1.23.1"
export NEXTCLOUD_IMAGE="nextcloud:24.0.5"

20
deploy.sh
View File

@ -122,7 +122,6 @@ done
source ./defaults.sh
export CACHES_DIR="$HOME/ss-cache"
export SSH_HOME="$HOME/.ssh"
export DOMAIN_NAME="$DOMAIN_NAME"
export REGISTRY_DOCKER_IMAGE="registry:2"
export RESTORE_ARCHIVE="$RESTORE_ARCHIVE"
@ -158,7 +157,7 @@ if [ ! -f "$CLUSTER_PATH/authorized_keys" ]; then
cat "$SSH_HOME/id_rsa.pub" >> "$CLUSTER_PATH/authorized_keys"
echo "INFO: Sovereign Stack just stubbed out '$CLUSTER_PATH/authorized_keys'. Go update it."
echo " Add ssh pubkeys for your various management machines, if any."
echo " By default we added your main ssh pubkey: '$HOME/.ssh/id_rsa.pub'."
echo " By default we added your main ssh pubkey: '$SSH_HOME/id_rsa.pub'."
exit 1
fi
@ -246,7 +245,16 @@ function instantiate_vms {
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
# first let's get the DISK_TO_USE and DATA_PLANE_MACVLAN_INTERFACE from the ss-config
# which is set up during LXD cluster creation ss-cluster.
LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbrSS | grep ss-config)"
LXD_SS_CONFIG_LINE=
if lxc network list --format csv | grep lxdbrSS | grep ss-config; then
LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbrSS | grep ss-config)"
fi
if [ -z "$LXD_SS_CONFIG_LINE" ]; then
echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-cluster again."
exit 1
fi
CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
DISK_TO_USE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f3)"
@ -428,7 +436,7 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
#export BTCPAY_HOSTNAME_IN_CERT="store"
export DEPLOY_GHOST=true
export DEPLOY_NEXTCLOUD=true
export DEPLOY_NOSTR_RELAY=false
export DEPLOY_NOSTR_RELAY=true
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
export DEPLOY_GITEA=false
#export DEPLOY_ONION_SITE=false
@ -469,14 +477,14 @@ export DEPLOY_BTCPAY_SERVER=true
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
# export BTC_CHAIN=mainnet
export PRIMARY_DOMAIN="CHANGE_ME"
export OTHER_SITES_LIST=
export OTHER_SITES_LIST=""
EOL
chmod 0744 "$PROJECT_DEFINITION_PATH"
echo "INFO: we stubbed a new project_defition for you at '$PROJECT_DEFINITION_PATH'. Go update it yo!"
echo "INFO: Learn more at https://www.sovereign-stack.org/project-definitions/"
exit 1
fi
# source project defition.

2
deployment/deploy_vms.sh
View File

@ -3,7 +3,7 @@
set -eux
cd "$(dirname "$0")"
# let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa
# let's make sure we have an ssh keypair. We just use $SSH_HOME/id_rsa
# TODO convert this to SSH private key held on Trezor. THus trezor-T required for
# login operations. This should be configurable of course.
if [ ! -f "$SSH_HOME/id_rsa" ]; then

6
deployment/www/stop_docker_stacks.sh
View File

@ -17,7 +17,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
for APP in ghost gitea; do
# backup each language for each app.
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
STACK_NAME="$DOCKER_STACK_SUFFIX-$APP-$LANGUAGE_CODE"
STACK_NAME="$DOMAIN_IDENTIFIER-$APP-$LANGUAGE_CODE"
if docker stack list --format "{{.Name}}" | grep -q "$STACK_NAME"; then
docker stack rm "$STACK_NAME"
@ -26,7 +26,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
# these variable are used by both backup/restore scripts.
export APP="$APP"
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
@ -76,7 +76,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
# these variable are used by both backup/restore scripts.
export APP="letsencrypt"
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX"
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOMAIN_IDENTIFIER"
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.

20
deployment/www/stub/ghost_yml.sh
View File

@ -16,9 +16,10 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
# at https://www.domain.com/$LANGUAGE_CODE
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
# ensure directories on remote host exist so we can mount them into the containers.
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_HOME/ghost/$DOMAIN_NAME"
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_HOME/ghost/$DOMAIN_NAME/$LANGUAGE_CODE/ghost" "$REMOTE_HOME/ghost/$DOMAIN_NAME/$LANGUAGE_CODE/db"
export GHOST_STACK_TAG="ghost-$STACK_NAME"
@ -30,8 +31,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOCKER_YAML_PATH="$WEBSTACK_PATH/ghost-$LANGUAGE_CODE.yml"
# here's the NGINX config. We support ghost and nextcloud.
echo "" > "$DOCKER_YAML_PATH"
cat >>"$DOCKER_YAML_PATH" <<EOL
cat > "$DOCKER_YAML_PATH" <<EOL
version: "3.8"
services:
@ -41,8 +41,8 @@ EOL
${GHOST_STACK_TAG}:
image: ${GHOST_IMAGE}
networks:
- ghostnet-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}
- ghostdbnet-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}
- ghostnet-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}
- ghostdbnet-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}
volumes:
- ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/${LANGUAGE_CODE}/ghost:/var/lib/ghost/content
environment:
@ -72,7 +72,7 @@ EOL
${GHOST_DB_STACK_TAG}:
image: ${GHOST_DB_IMAGE}
networks:
- ghostdbnet-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}
- ghostdbnet-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}
volumes:
- ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/${LANGUAGE_CODE}/db:/var/lib/mysql
environment:
@ -91,19 +91,19 @@ networks:
EOL
if [ "$DEPLOY_GHOST" = true ]; then
GHOSTNET_NAME="ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
GHOSTDBNET_NAME="ghostdbnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
GHOSTNET_NAME="ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
GHOSTDBNET_NAME="ghostdbnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
cat >>"$DOCKER_YAML_PATH" <<EOL
${GHOSTNET_NAME}:
name: "reverse-proxy_ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
name: "reverse-proxy_ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
external: true
${GHOSTDBNET_NAME}:
EOL
fi
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOCKER_STACK_SUFFIX-ghost-$LANGUAGE_CODE"
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-ghost-$LANGUAGE_CODE"
sleep 2

8
deployment/www/stub/gitea_yml.sh
View File

@ -17,14 +17,14 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$GITEA_PATH/data" "$GITEA_PATH/db"
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
export STACK_TAG="gitea-$STACK_NAME"
export DB_STACK_TAG="giteadb-$STACK_NAME"
export DOCKER_YAML_PATH="$SITE_PATH/webstack/gitea-en.yml"
NET_NAME="giteanet-$DOCKER_STACK_SUFFIX"
DBNET_NAME="giteadbnet-$DOCKER_STACK_SUFFIX"
NET_NAME="giteanet-$DOMAIN_IDENTIFIER"
DBNET_NAME="giteadbnet-$DOMAIN_IDENTIFIER"
# here's the NGINX config. We support ghost and nextcloud.
echo "" > "$DOCKER_YAML_PATH"
@ -80,7 +80,7 @@ EOL
${DBNET_NAME}:
EOL
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOCKER_STACK_SUFFIX-gitea-$LANGUAGE_CODE"
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-gitea-$LANGUAGE_CODE"
sleep 1
fi

12
deployment/www/stub/nginx_config.sh
View File

@ -256,7 +256,7 @@ EOL
echo " # set up cache paths for nginx caching" >>"$NGINX_CONF_PATH"
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
cat >>"$NGINX_CONF_PATH" <<EOL
proxy_cache_path /tmp/${STACK_NAME} levels=1:2 keys_zone=${STACK_NAME}:600m max_size=100m inactive=24h;
EOL
@ -294,7 +294,7 @@ EOL
# fi
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
if [ "$LANGUAGE_CODE" = en ]; then
cat >>"$NGINX_CONF_PATH" <<EOL
@ -355,7 +355,7 @@ EOL
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_intercept_errors on;
proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}:2368;
proxy_pass http://ghost-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}:2368;
# https://stanislas.blog/2019/08/ghost-nginx-cache/ for nginx caching instructions
# Remove cookies which are useless for anonymous visitor and prevent caching
@ -364,7 +364,7 @@ EOL
# Add header for cache status (miss or hit)
add_header X-Cache-Status \$upstream_cache_status;
proxy_cache ${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE};
proxy_cache ${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE};
# Default TTL: 1 day
proxy_cache_valid 5s;
@ -403,7 +403,7 @@ EOL
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto \$scheme;
# proxy_intercept_errors on;
# proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
# proxy_pass http://ghost-${DOMAIN_IDENTIFIER}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
# }
# this piece is for GITEA.
@ -429,7 +429,7 @@ EOL
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://gitea-${DOCKER_STACK_SUFFIX}-en:3000;
proxy_pass http://gitea-${DOMAIN_IDENTIFIER}-en:3000;
}
}

12
deployment/www/stub/nginx_yml.sh
View File

@ -31,25 +31,21 @@ EOL
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
# We create another ghost instance under /
cat >> "$DOCKER_YAML_PATH" <<EOL
- ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE
- ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE
EOL
if [ "$LANGUAGE_CODE" = en ]; then
if [ "$DEPLOY_GITEA" = "true" ]; then
cat >> "$DOCKER_YAML_PATH" <<EOL
- giteanet-$DOCKER_STACK_SUFFIX-en
- giteanet-$DOMAIN_IDENTIFIER-en
EOL
fi
fi
done
done
cat >> "$DOCKER_YAML_PATH" <<EOL
volumes:
- ${REMOTE_HOME}/letsencrypt:/etc/letsencrypt:ro
@ -88,7 +84,7 @@ EOL
# at https://www.domain.com/$LANGUAGE_CODE
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
cat >> "$DOCKER_YAML_PATH" <<EOL
ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE:
ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE:
attachable: true
EOL
@ -98,7 +94,7 @@ EOL
if [ "$DEPLOY_GITEA" = true ]; then
cat >> "$DOCKER_YAML_PATH" <<EOL
giteanet-$DOCKER_STACK_SUFFIX-en:
giteanet-$DOMAIN_IDENTIFIER-en:
attachable: true
EOL

7
domain_env.sh
View File

@ -20,10 +20,11 @@ export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
BACKUP_TIMESTAMP="$(date +"%Y-%m")"
UNIX_BACKUP_TIMESTAMP="$(date +%s)"
SHASUM_OF_DOMAIN="$(echo -n "$DOMAIN_NAME" | sha256sum | awk '{print $1;}' )"
export DOMAIN_IDENTIFIER="${SHASUM_OF_DOMAIN: -6}"
echo "$DOMAIN_IDENTIFIER" > "$SITE_PATH/domain_id"
export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
export DOCKER_STACK_SUFFIX="${DOMAIN_NAME//./-}"
export LANGUAGE_CODE_COUNT=$(("$(echo "$SITE_LANGUAGE_CODES" | tr -cd , | wc -c)"+1))

2
reset_env.sh
View File

@ -7,7 +7,7 @@ export DUPLICITY_BACKUP_PASSPHRASE=
export BTCPAY_HOSTNAME_IN_CERT=
export DEPLOY_GHOST=true
export DEPLOY_NEXTCLOUD=true
export DEPLOY_NOSTR_RELAY=false
export DEPLOY_NOSTR_RELAY=true
export NOSTR_ACCOUNT_PUBKEY=
export DEPLOY_GITEA=false
export DEPLOY_ONION_SITE=false