Various updates.
This commit is contained in:
parent
b5a48ef23e
commit
8311a5015e
GPG Key ID:
8F1CD799CCA516CC
@ -7,7 +7,7 @@ export WWW_SERVER_MAC_ADDRESS=
|
||||
export DEPLOY_BTCPPAY_SERVER=false
|
||||
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_NOSTR_RELAY=false
|
||||
export DEPLOY_NOSTR_RELAY=true
|
||||
export DEPLOY_ONION_SITE=false
|
||||
export DEPLOY_NEXTCLOUD=false
|
||||
export DEPLOY_GITEA=false
|
||||
@ -108,7 +108,7 @@ DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
|
||||
|
||||
|
||||
# run the docker stack.
|
||||
export GHOST_IMAGE="ghost:5.14.2"
|
||||
export GHOST_IMAGE="ghost:5.18.0"
|
||||
export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
|
||||
export NGINX_IMAGE="nginx:1.23.1"
|
||||
export NEXTCLOUD_IMAGE="nextcloud:24.0.5"
|
||||
|
||||
20
deploy.sh
20
deploy.sh
@ -122,7 +122,6 @@ done
|
||||
source ./defaults.sh
|
||||
|
||||
export CACHES_DIR="$HOME/ss-cache"
|
||||
export SSH_HOME="$HOME/.ssh"
|
||||
export DOMAIN_NAME="$DOMAIN_NAME"
|
||||
export REGISTRY_DOCKER_IMAGE="registry:2"
|
||||
export RESTORE_ARCHIVE="$RESTORE_ARCHIVE"
|
||||
@ -158,7 +157,7 @@ if [ ! -f "$CLUSTER_PATH/authorized_keys" ]; then
|
||||
cat "$SSH_HOME/id_rsa.pub" >> "$CLUSTER_PATH/authorized_keys"
|
||||
echo "INFO: Sovereign Stack just stubbed out '$CLUSTER_PATH/authorized_keys'. Go update it."
|
||||
echo " Add ssh pubkeys for your various management machines, if any."
|
||||
echo " By default we added your main ssh pubkey: '$HOME/.ssh/id_rsa.pub'."
|
||||
echo " By default we added your main ssh pubkey: '$SSH_HOME/id_rsa.pub'."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@ -246,7 +245,16 @@ function instantiate_vms {
|
||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||
# first let's get the DISK_TO_USE and DATA_PLANE_MACVLAN_INTERFACE from the ss-config
|
||||
# which is set up during LXD cluster creation ss-cluster.
|
||||
LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbrSS | grep ss-config)"
|
||||
LXD_SS_CONFIG_LINE=
|
||||
if lxc network list --format csv | grep lxdbrSS | grep ss-config; then
|
||||
LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbrSS | grep ss-config)"
|
||||
fi
|
||||
|
||||
if [ -z "$LXD_SS_CONFIG_LINE" ]; then
|
||||
echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-cluster again."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
|
||||
DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
|
||||
DISK_TO_USE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f3)"
|
||||
@ -428,7 +436,7 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
||||
#export BTCPAY_HOSTNAME_IN_CERT="store"
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_NEXTCLOUD=true
|
||||
export DEPLOY_NOSTR_RELAY=false
|
||||
export DEPLOY_NOSTR_RELAY=true
|
||||
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
|
||||
export DEPLOY_GITEA=false
|
||||
#export DEPLOY_ONION_SITE=false
|
||||
@ -469,14 +477,14 @@ export DEPLOY_BTCPAY_SERVER=true
|
||||
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||
# export BTC_CHAIN=mainnet
|
||||
export PRIMARY_DOMAIN="CHANGE_ME"
|
||||
export OTHER_SITES_LIST=
|
||||
export OTHER_SITES_LIST=""
|
||||
EOL
|
||||
|
||||
chmod 0744 "$PROJECT_DEFINITION_PATH"
|
||||
echo "INFO: we stubbed a new project_defition for you at '$PROJECT_DEFINITION_PATH'. Go update it yo!"
|
||||
echo "INFO: Learn more at https://www.sovereign-stack.org/project-definitions/"
|
||||
|
||||
exit 1
|
||||
|
||||
fi
|
||||
|
||||
# source project defition.
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
set -eux
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
# let's make sure we have an ssh keypair. We just use ~/.ssh/id_rsa
|
||||
# let's make sure we have an ssh keypair. We just use $SSH_HOME/id_rsa
|
||||
# TODO convert this to SSH private key held on Trezor. THus trezor-T required for
|
||||
# login operations. This should be configurable of course.
|
||||
if [ ! -f "$SSH_HOME/id_rsa" ]; then
|
||||
|
||||
@ -17,7 +17,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
for APP in ghost gitea; do
|
||||
# backup each language for each app.
|
||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||
STACK_NAME="$DOCKER_STACK_SUFFIX-$APP-$LANGUAGE_CODE"
|
||||
STACK_NAME="$DOMAIN_IDENTIFIER-$APP-$LANGUAGE_CODE"
|
||||
|
||||
if docker stack list --format "{{.Name}}" | grep -q "$STACK_NAME"; then
|
||||
docker stack rm "$STACK_NAME"
|
||||
@ -26,7 +26,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
|
||||
# these variable are used by both backup/restore scripts.
|
||||
export APP="$APP"
|
||||
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
|
||||
|
||||
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
|
||||
@ -76,7 +76,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
|
||||
# these variable are used by both backup/restore scripts.
|
||||
export APP="letsencrypt"
|
||||
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX"
|
||||
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOMAIN_IDENTIFIER"
|
||||
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
|
||||
|
||||
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
|
||||
|
||||
@ -16,9 +16,10 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
# at https://www.domain.com/$LANGUAGE_CODE
|
||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||
|
||||
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
|
||||
# ensure directories on remote host exist so we can mount them into the containers.
|
||||
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_HOME/ghost/$DOMAIN_NAME"
|
||||
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_HOME/ghost/$DOMAIN_NAME/$LANGUAGE_CODE/ghost" "$REMOTE_HOME/ghost/$DOMAIN_NAME/$LANGUAGE_CODE/db"
|
||||
|
||||
export GHOST_STACK_TAG="ghost-$STACK_NAME"
|
||||
@ -30,8 +31,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
export DOCKER_YAML_PATH="$WEBSTACK_PATH/ghost-$LANGUAGE_CODE.yml"
|
||||
|
||||
# here's the NGINX config. We support ghost and nextcloud.
|
||||
echo "" > "$DOCKER_YAML_PATH"
|
||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||
cat > "$DOCKER_YAML_PATH" <<EOL
|
||||
version: "3.8"
|
||||
services:
|
||||
|
||||
@ -41,8 +41,8 @@ EOL
|
||||
${GHOST_STACK_TAG}:
|
||||
image: ${GHOST_IMAGE}
|
||||
networks:
|
||||
- ghostnet-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}
|
||||
- ghostdbnet-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}
|
||||
- ghostnet-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}
|
||||
- ghostdbnet-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}
|
||||
volumes:
|
||||
- ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/${LANGUAGE_CODE}/ghost:/var/lib/ghost/content
|
||||
environment:
|
||||
@ -72,7 +72,7 @@ EOL
|
||||
${GHOST_DB_STACK_TAG}:
|
||||
image: ${GHOST_DB_IMAGE}
|
||||
networks:
|
||||
- ghostdbnet-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}
|
||||
- ghostdbnet-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}
|
||||
volumes:
|
||||
- ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/${LANGUAGE_CODE}/db:/var/lib/mysql
|
||||
environment:
|
||||
@ -91,19 +91,19 @@ networks:
|
||||
EOL
|
||||
|
||||
if [ "$DEPLOY_GHOST" = true ]; then
|
||||
GHOSTNET_NAME="ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
GHOSTDBNET_NAME="ghostdbnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
GHOSTNET_NAME="ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
GHOSTDBNET_NAME="ghostdbnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
|
||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||
${GHOSTNET_NAME}:
|
||||
name: "reverse-proxy_ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
name: "reverse-proxy_ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
external: true
|
||||
|
||||
${GHOSTDBNET_NAME}:
|
||||
EOL
|
||||
fi
|
||||
|
||||
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOCKER_STACK_SUFFIX-ghost-$LANGUAGE_CODE"
|
||||
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-ghost-$LANGUAGE_CODE"
|
||||
|
||||
sleep 2
|
||||
|
||||
|
||||
@ -17,14 +17,14 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||
|
||||
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$GITEA_PATH/data" "$GITEA_PATH/db"
|
||||
|
||||
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
|
||||
export STACK_TAG="gitea-$STACK_NAME"
|
||||
export DB_STACK_TAG="giteadb-$STACK_NAME"
|
||||
export DOCKER_YAML_PATH="$SITE_PATH/webstack/gitea-en.yml"
|
||||
|
||||
NET_NAME="giteanet-$DOCKER_STACK_SUFFIX"
|
||||
DBNET_NAME="giteadbnet-$DOCKER_STACK_SUFFIX"
|
||||
NET_NAME="giteanet-$DOMAIN_IDENTIFIER"
|
||||
DBNET_NAME="giteadbnet-$DOMAIN_IDENTIFIER"
|
||||
|
||||
# here's the NGINX config. We support ghost and nextcloud.
|
||||
echo "" > "$DOCKER_YAML_PATH"
|
||||
@ -80,7 +80,7 @@ EOL
|
||||
${DBNET_NAME}:
|
||||
EOL
|
||||
|
||||
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOCKER_STACK_SUFFIX-gitea-$LANGUAGE_CODE"
|
||||
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-gitea-$LANGUAGE_CODE"
|
||||
sleep 1
|
||||
|
||||
fi
|
||||
|
||||
@ -256,7 +256,7 @@ EOL
|
||||
|
||||
echo " # set up cache paths for nginx caching" >>"$NGINX_CONF_PATH"
|
||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
proxy_cache_path /tmp/${STACK_NAME} levels=1:2 keys_zone=${STACK_NAME}:600m max_size=100m inactive=24h;
|
||||
EOL
|
||||
@ -294,7 +294,7 @@ EOL
|
||||
# fi
|
||||
|
||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||
STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
|
||||
|
||||
if [ "$LANGUAGE_CODE" = en ]; then
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
@ -355,7 +355,7 @@ EOL
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_intercept_errors on;
|
||||
proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE}:2368;
|
||||
proxy_pass http://ghost-${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE}:2368;
|
||||
|
||||
# https://stanislas.blog/2019/08/ghost-nginx-cache/ for nginx caching instructions
|
||||
# Remove cookies which are useless for anonymous visitor and prevent caching
|
||||
@ -364,7 +364,7 @@ EOL
|
||||
|
||||
# Add header for cache status (miss or hit)
|
||||
add_header X-Cache-Status \$upstream_cache_status;
|
||||
proxy_cache ${DOCKER_STACK_SUFFIX}-${LANGUAGE_CODE};
|
||||
proxy_cache ${DOMAIN_IDENTIFIER}-${LANGUAGE_CODE};
|
||||
|
||||
# Default TTL: 1 day
|
||||
proxy_cache_valid 5s;
|
||||
@ -403,7 +403,7 @@ EOL
|
||||
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
# proxy_intercept_errors on;
|
||||
# proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
|
||||
# proxy_pass http://ghost-${DOMAIN_IDENTIFIER}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
|
||||
# }
|
||||
# this piece is for GITEA.
|
||||
|
||||
@ -429,7 +429,7 @@ EOL
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
proxy_pass http://gitea-${DOCKER_STACK_SUFFIX}-en:3000;
|
||||
proxy_pass http://gitea-${DOMAIN_IDENTIFIER}-en:3000;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -31,25 +31,21 @@ EOL
|
||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||
# We create another ghost instance under /
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
- ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE
|
||||
- ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE
|
||||
EOL
|
||||
|
||||
if [ "$LANGUAGE_CODE" = en ]; then
|
||||
if [ "$DEPLOY_GITEA" = "true" ]; then
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
- giteanet-$DOCKER_STACK_SUFFIX-en
|
||||
- giteanet-$DOMAIN_IDENTIFIER-en
|
||||
EOL
|
||||
fi
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
|
||||
|
||||
done
|
||||
|
||||
|
||||
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
volumes:
|
||||
- ${REMOTE_HOME}/letsencrypt:/etc/letsencrypt:ro
|
||||
@ -88,7 +84,7 @@ EOL
|
||||
# at https://www.domain.com/$LANGUAGE_CODE
|
||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE:
|
||||
ghostnet-$DOMAIN_IDENTIFIER-$LANGUAGE_CODE:
|
||||
attachable: true
|
||||
|
||||
EOL
|
||||
@ -98,7 +94,7 @@ EOL
|
||||
|
||||
if [ "$DEPLOY_GITEA" = true ]; then
|
||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||
giteanet-$DOCKER_STACK_SUFFIX-en:
|
||||
giteanet-$DOMAIN_IDENTIFIER-en:
|
||||
attachable: true
|
||||
|
||||
EOL
|
||||
|
||||
@ -20,10 +20,11 @@ export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
|
||||
BACKUP_TIMESTAMP="$(date +"%Y-%m")"
|
||||
UNIX_BACKUP_TIMESTAMP="$(date +%s)"
|
||||
|
||||
SHASUM_OF_DOMAIN="$(echo -n "$DOMAIN_NAME" | sha256sum | awk '{print $1;}' )"
|
||||
export DOMAIN_IDENTIFIER="${SHASUM_OF_DOMAIN: -6}"
|
||||
echo "$DOMAIN_IDENTIFIER" > "$SITE_PATH/domain_id"
|
||||
|
||||
export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
|
||||
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
|
||||
export DOCKER_STACK_SUFFIX="${DOMAIN_NAME//./-}"
|
||||
|
||||
export LANGUAGE_CODE_COUNT=$(("$(echo "$SITE_LANGUAGE_CODES" | tr -cd , | wc -c)"+1))
|
||||
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ export DUPLICITY_BACKUP_PASSPHRASE=
|
||||
export BTCPAY_HOSTNAME_IN_CERT=
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_NEXTCLOUD=true
|
||||
export DEPLOY_NOSTR_RELAY=false
|
||||
export DEPLOY_NOSTR_RELAY=true
|
||||
export NOSTR_ACCOUNT_PUBKEY=
|
||||
export DEPLOY_GITEA=false
|
||||
export DEPLOY_ONION_SITE=false
|
||||
|
||||
Loading…
Reference in New Issue
Block a user