More work on self-hosting + projects.

2022-09-09 14:00:07 -04:00 · 2022-09-09 14:00:07 -04:00 · 8d0af43339
commit 8d0af43339
parent 07c1c13bba
15 changed files with 720 additions and 647 deletions
--- a/cluster.sh
+++ b/cluster.sh
@ -35,16 +35,14 @@ if [ "$COMMAND" = create ]; then
    cat >"$CLUSTER_DEFINITION" <<EOL
 #!/bin/bash
-# Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1'
+# see https://www.sovereign-stack.org/cluster_definition for more info!
-# Then $HOME/ss-clusters/cluster1 will be your cluster working path.
+
 export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
-
+export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
-export PROJECT_NAME="[public|private1|private2]"
+export PROJECT_NAME="$CLUSTER_NAME-public"
 # only relevant
 export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
-export REGISTRY_USERNAME=""
+export REGISTRY_USERNAME="CHANGE_ME"
-export REGISTRY_PASSWORD=""
+export REGISTRY_PASSWORD="CHANGE_ME"
 EOL
@ -89,29 +87,29 @@ EOL
            esac
        done
-        if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
+        # if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
-            echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
+        #     echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
-            echo "      We need to know which interface that is! Enter it here now."
+        #     echo "      We need to know which interface that is! Enter it here now."
-            echo ""
+        #     echo ""
-            ssh "ubuntu@$FQDN" ip link
+        #     ssh "ubuntu@$FQDN" ip link
-            echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
+        #     echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
-            read -r DATA_PLANE_MACVLAN_INTERFACE
+        #     read -r DATA_PLANE_MACVLAN_INTERFACE
-        fi
+        # fi
-        if [ -z "$DISK_TO_USE" ]; then
+        # if [ -z "$DISK_TO_USE" ]; then
-            echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
+        #     echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
-            echo ""
+        #     echo ""
-            ssh "ubuntu@$FQDN" lsblk
+        #     ssh "ubuntu@$FQDN" lsblk
-            USER_DISK=
+        #     USER_DISK=
-            echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop):  "
+        #     echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop):  "
-            read -r USER_DISK
+        #     read -r USER_DISK
-        fi
+        # fi
    else
        echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster."
--- a/defaults.sh
+++ b/defaults.sh
@ -14,7 +14,7 @@ export DEPLOY_GITEA=false
 export WWW_HOSTNAME="www"
 export BTCPAY_HOSTNAME="btcpay"
-export BTCPAY_HOSTNAME_IN_CERT="pay"
+export BTCPAY_HOSTNAME_IN_CERT="tip"
 export NEXTCLOUD_HOSTNAME="nextcloud"
 export GITEA_HOSTNAME="git"
 export NOSTR_HOSTNAME="relay"
@ -82,8 +82,8 @@ export NEXTCLOUD_SPACE_GB=10
 # first of all, if there are uncommited changes, we quit. You better stash or commit!
 # Remote VPS instances are tagged with your current git HEAD so we know which code revision
 # used when provisioning the VPS.
-LATEST_GIT_COMMIT="$(cat ./.git/refs/heads/master)"
+#LATEST_GIT_COMMIT="$(cat ./.git/refs/heads/master)"
-export LATEST_GIT_COMMIT="$LATEST_GIT_COMMIT"
+#export LATEST_GIT_COMMIT="$LATEST_GIT_COMMIT"
 # check if there are any uncommited changes. It's dangerous to instantiate VMs using
 # code that hasn't been committed.
@ -109,18 +109,18 @@ DEFAULT_DB_IMAGE="mariadb:10.8.3-jammy"
 export ENABLE_NGINX_CACHING="$ENABLE_NGINX_CACHING"
 # run the docker stack.
-export GHOST_IMAGE="ghost:5.9.4"
+export GHOST_IMAGE="ghost:5.12.3"
 export GHOST_DB_IMAGE="$DEFAULT_DB_IMAGE"
 export NGINX_IMAGE="nginx:1.23.1"
-export NEXTCLOUD_IMAGE="nextcloud:24.0.3"
+export NEXTCLOUD_IMAGE="nextcloud:24.0.4"
 export NEXTCLOUD_DB_IMAGE="$DEFAULT_DB_IMAGE"
 export GITEA_IMAGE="gitea/gitea:latest"
 export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE"
 export SOVEREIGN_STACK_MAC_ADDRESS=
-export WWW_MAC_ADDRESS=
+export WWW_SERVER_MAC_ADDRESS=
-export BTCPAY_MAC_ADDRESS=
+export BTCPAYSERVER_MAC_ADDRESS=
 export CLUSTERS_DIR="$HOME/ss-clusters"
 export PROJECTS_DIR="$HOME/ss-projects"
@ -132,7 +132,7 @@ export BASE_LXC_IMAGE="ubuntu/22.04/cloud"
 # Deploy a registry cache on your management machine.
 export DEPLOY_MGMT_REGISTRY=true
-
+export OTHER_SITES_LIST=
 export REMOTE_HOME="/home/ubuntu"
--- a/deploy.sh
+++ b/deploy.sh
@ -128,6 +128,7 @@ export RESTORE_BTCPAY="$RESTORE_BTCPAY"
 export BACKUP_BTCPAY="$RESTORE_BTCPAY"
 export MIGRATE_WWW="$MIGRATE_WWW"
 export MIGRATE_BTCPAY="$MIGRATE_BTCPAY"
 export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
 if [ "$VPS_HOSTING_TARGET" = aws ]; then
@ -150,8 +151,8 @@ mkdir -p "$CLUSTER_PATH"
 if [ ! -f "$CLUSTER_PATH/authorized_keys" ]; then
    cat "$SSH_HOME/id_rsa.pub" >> "$CLUSTER_PATH/authorized_keys"
    echo "INFO: Sovereign Stack just stubbed out '$CLUSTER_PATH/authorized_keys'. Go update it."
-    echo "      Add ssh pubkeys for your various management machines, if any. We've stubbed it out"
+    echo "      Add ssh pubkeys for your various management machines, if any."
-    echo "      with your ssh pubkey at '$HOME/.ssh/id_rsa.pub'."
+    echo "      By default we added your main ssh pubkey: '$HOME/.ssh/id_rsa.pub'."
    exit 1
 fi
@ -214,7 +215,6 @@ function new_pass {
 function instantiate_vms {
    export VPS_HOSTING_TARGET="$VPS_HOSTING_TARGET"
    export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
    export BTC_CHAIN="$BTC_CHAIN"
    export UPDATE_BTCPAY="$UPDATE_BTCPAY"
    export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
@ -227,12 +227,9 @@ function instantiate_vms {
        FQDN=
        export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
        if [ ! -f "$SITE_PATH/site_definition" ]; then
            echo "ERROR: Something went wrong. Your site_definition is missing."
            exit 1
        fi
        source "$SITE_PATH/site_definition"
        source ./domain_env.sh
        # VALIDATE THE INPUT from the ENVFILE
        if [ -z "$DOMAIN_NAME" ]; then
@ -240,34 +237,10 @@ function instantiate_vms {
            exit 1
        fi
        # TODO, ensure VPS_HOSTING_TARGET is in range.
        export NEXTCLOUD_FQDN="$NEXTCLOUD_HOSTNAME.$DOMAIN_NAME"
        export BTCPAY_FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
        export BTCPAY_USER_FQDN="$BTCPAY_HOSTNAME_IN_CERT.$DOMAIN_NAME"
        export WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
        export GITEA_FQDN="$GITEA_HOSTNAME.$DOMAIN_NAME"
        export NOSTR_FQDN="$NOSTR_HOSTNAME.$DOMAIN_NAME"
        export ADMIN_ACCOUNT_USERNAME="info"
        export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME"
        export REMOTE_NEXTCLOUD_PATH="$REMOTE_HOME/nextcloud"
        export REMOTE_GITEA_PATH="$REMOTE_HOME/gitea"
        export BTC_CHAIN="$BTC_CHAIN"
        export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE"
        export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
        # ensure the 
        if [ ! -f "$PROJECT_PATH/project_definition" ]; then 
            echo "ERROR: Your project_definition is not set."
            exit 1
        fi
        source "$PROJECT_PATH/project_definition"
        if [ "$VPS_HOSTING_TARGET" = lxd ]; then
            # first let's get the DISK_TO_USE and DATA_PLANE_MACVLAN_INTERFACE from the ss-config
            # which is set up during LXD cluster creation ss-cluster.
-            LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep ss-config)"
+            LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbrSS | grep ss-config)"
            CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
            DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
            DISK_TO_USE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f3)"
@ -286,17 +259,6 @@ function instantiate_vms {
        export MAC_ADDRESS_TO_PROVISION=
        export VPS_HOSTNAME="$VPS_HOSTNAME"
        export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
        export VIRTUAL_MACHINE="$VIRTUAL_MACHINE"
        BACKUP_TIMESTAMP="$(date +"%Y-%m")"
        UNIX_BACKUP_TIMESTAMP="$(date +%s)"
        export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/$VIRTUAL_MACHINE/$BACKUP_TIMESTAMP"
        LOCAL_BACKUP_PATH="$SITE_PATH/backups/$VIRTUAL_MACHINE/$BACKUP_TIMESTAMP"
        export LOCAL_BACKUP_PATH="$LOCAL_BACKUP_PATH"
        export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
        export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
        export REMOTE_CERT_DIR="$REMOTE_CERT_BASE_DIR/$FQDN"
        # ensure the admin has set the MAC address for the base image.
        if [ -z "$SOVEREIGN_STACK_MAC_ADDRESS" ]; then
@ -304,11 +266,6 @@ function instantiate_vms {
            exit 1
        fi
        if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
            mkdir -p "$LOCAL_BACKUP_PATH"
            BACKUP_PATH_CREATED=true
        fi
        DDNS_HOST=
        MIGRATE_VPS=false
        if [ "$VIRTUAL_MACHINE" = www ]; then
@ -317,7 +274,7 @@ function instantiate_vms {
            fi
            VPS_HOSTNAME="$WWW_HOSTNAME"
-            MAC_ADDRESS_TO_PROVISION="$WWW_MAC_ADDRESS"
+            MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS"
            DDNS_HOST="$WWW_HOSTNAME"
            ROOT_DISK_SIZE_GB="$((ROOT_DISK_SIZE_GB + NEXTCLOUD_SPACE_GB))"
            if [ "$MIGRATE_WWW" = true ]; then
@ -330,7 +287,7 @@ function instantiate_vms {
            DDNS_HOST="$BTCPAY_HOSTNAME"
            VPS_HOSTNAME="$BTCPAY_HOSTNAME"
-            MAC_ADDRESS_TO_PROVISION="$BTCPAY_MAC_ADDRESS"
+            MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS"
            if [ "$BTC_CHAIN" = mainnet ]; then
                ROOT_DISK_SIZE_GB=150
            elif [ "$BTC_CHAIN" = testnet ]; then
@ -352,8 +309,25 @@ function instantiate_vms {
        export DDNS_HOST="$DDNS_HOST"
        export FQDN="$DDNS_HOST.$DOMAIN_NAME"
        export LXD_VM_NAME="${FQDN//./-}"
-        #${PROJECT_NAME//./-}-
+        BACKUP_TIMESTAMP="$(date +"%Y-%m")"
        UNIX_BACKUP_TIMESTAMP="$(date +%s)"
        export VIRTUAL_MACHINE="$VIRTUAL_MACHINE"
        export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/$VIRTUAL_MACHINE"
        export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
        export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
        export REMOTE_CERT_DIR="$REMOTE_CERT_BASE_DIR/$FQDN"
        export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH"
        export MAC_ADDRESS_TO_PROVISION="$MAC_ADDRESS_TO_PROVISION"
        LOCAL_BACKUP_PATH="$SITE_PATH/backups/$VIRTUAL_MACHINE/$BACKUP_TIMESTAMP"
        export LOCAL_BACKUP_PATH="$LOCAL_BACKUP_PATH"
        if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
            mkdir -p "$LOCAL_BACKUP_PATH"
            BACKUP_PATH_CREATED=true
        fi
        # This next section of if statements is our sanity checking area.
        if [ "$VPS_HOSTING_TARGET" = aws ]; then
@ -383,7 +357,8 @@ function instantiate_vms {
                fi
                # get a backup of the machine. This is what we restore to the new VPS.
-                echo "INFO: Machine exists.  Since we're going to delete it, let's grab a backup. We don't need to restore services since we're deleting it."
+                echo "INFO: Machine exists.  Since we're going to delete it, let's grab a backup. "
                echo "      We don't need to restore services since we're deleting it."
                ./deployment/deploy_vms.sh
                # delete the remote VPS.
@ -411,7 +386,8 @@ function instantiate_vms {
            fi
        else
            if [ "$MIGRATE_VPS" = true ]; then
-                echo "INFO: User has indicated to delete the machine, but it doesn't exist. Going to create it anyway."
+                echo "INFO: User has indicated to delete the machine, but it doesn't exist."
                echo "      Going to create it anyway."
            fi
            # The machine does not exist. Let's bring it into existence, restoring from latest backup.
@ -419,13 +395,6 @@ function instantiate_vms {
            ./deployment/deploy_vms.sh
        fi
    done
 }
 function run_domain {
        # if the local docker client isn't logged in, do so;
        # this helps prevent docker pull errors since they throttle.
        if [ ! -f "$HOME/.docker/config.json" ]; then
@ -433,27 +402,18 @@ function run_domain {
        fi
        # this tells our local docker client to target the remote endpoint via SSH
-    export DOCKER_HOST="ssh://ubuntu@$WWW_FQDN"
+        export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
    # enable docker swarm mode so we can support docker stacks.
    if docker info | grep -q "Swarm: inactive"; then
        docker swarm init --advertise-addr enp6s0
    fi
    bash -c "./deployment/www/go.sh"
    export DOCKER_HOST="ssh://ubuntu@$BTCPAY_FQDN"
        # enable docker swarm mode so we can support docker stacks.
        if docker info | grep -q "Swarm: inactive"; then
            docker swarm init --advertise-addr enp6s0
        fi
-    bash -c "./deployment/btcpayserver/go.sh"
+    done
    echo "Successfully deployed '$DOMAIN_NAME' with git commit '$(cat ./.git/refs/heads/master)' VPS_HOSTING_TARGET=$VPS_HOSTING_TARGET;"
 }
 function stub_site_definition {
    mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites"
@ -471,36 +431,21 @@ function stub_site_definition {
            cat >"$SITE_DEFINITION_PATH" <<EOL
 #!/bin/bash
 # Set the domain name for the identity site.
 export DOMAIN_NAME="${DOMAIN_NAME}"
 # duplicitiy backup archive password
 export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
 # AWS only
 #export DDNS_PASSWORD=
-
+#export BTCPAY_HOSTNAME_IN_CERT="store"
 # Deploy APPS to www
 export DEPLOY_GHOST=true
 export DEPLOY_NEXTCLOUD=true
 export DEPLOY_NOSTR=false
 # set if NOSTR_ACCOUNT_PUBKEY=true
 export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
 export DEPLOY_GITEA=false
 export DEPLOY_ONION_SITE=false
 # passwords for WWW apps
 ## GHOST
 export GHOST_MYSQL_PASSWORD="$(new_pass)"
 export GHOST_MYSQL_ROOT_PASSWORD="$(new_pass)"
 ## NEXTCLOUD
 export NEXTCLOUD_MYSQL_PASSWORD="$(new_pass)"
 export NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
 ## GITEA
 export GITEA_MYSQL_PASSWORD="$(new_pass)"
 export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
@ -526,40 +471,25 @@ function stub_project_definition {
        cat >"$PROJECT_DEFINITION_PATH" <<EOL
 #!/bin/bash
-# for more info about this file and how to use it, see
+# see https://www.sovereign-stack.org/project-definition for more info.
 # www.sovereign-stack.org/project-defintion
 # Createa a DHCP reservation for the baseline image.
 export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
 # Create a DHCP reservation for the www/reverse proxy VM.
 export DEPLOY_WWW_SERVER=true
 export WWW_SERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
-
+export DEPLOY_BTCPAY_SERVER=true
 # Create a DHCP reservation for the btcpay server VM.
 export DEPLOY_BTCPAY_SERVER=false
 export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
-
+# export BTC_CHAIN=mainnet
 # valid are 'regtest', 'testnet', and 'mainnet'
 export BTC_CHAIN=regtest
 # set to true to enable nginx caching; helps when making website updates.
 # export ENABLE_NGINX_CACHING=true
-
+export PRIMARY_DOMAIN="CHANGE_ME"
-# A list of all sites in ~/ss-sites/ that will be deployed under the project.
+export OTHER_SITES_LIST=
 # e.g., 'domain1.tld,domain2.tld,domain3.tld'.
 export SITE_LIST="domain1.tld"
 EOL
        chmod 0744 "$PROJECT_DEFINITION_PATH"
        echo "INFO: we stubbed a new project_defition for you at '$PROJECT_DEFINITION_PATH'. Go update it yo!"
-        echo "INFO: Learn more at https://www.sovereign-stack.org/project-defition/"
+        echo "INFO: Learn more at https://www.sovereign-stack.org/project-definitions/"
        exit 1
    fi
    # source project defition.
    source "$PROJECT_DEFINITION_PATH"
 }
@ -568,13 +498,13 @@ EOL
 if [ "$VPS_HOSTING_TARGET" = lxd ]; then
    CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
-    PROJECT_PATH="$PROJECTS_DIR/$CURRENT_PROJECT"
+    PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
    mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
    export PROJECT_PATH="$PROJECT_PATH"
    # create a symlink from ./clusterpath/projects/project
-    if [ ! -d "$CLUSTER_PATH/projects/$CURRENT_PROJECT" ]; then
+    if [ ! -d "$CLUSTER_PATH/projects/$PROJECT_NAME" ]; then
-        ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$CURRENT_PROJECT"
+        ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$PROJECT_NAME"
    fi
    # check if we need to provision a new lxc project.
@ -589,29 +519,36 @@ if [ "$VPS_HOSTING_TARGET" = lxd ]; then
    fi
    # stub out the project definition if needed.
    stub_project_definition
-    # iterate through our site list as provided by operator from cluster_definition
+    # the DOMAIN_LIST is a complete list of all our domains. We often iterate over this list.
-    iteration=0
+    export DOMAIN_LIST="${PRIMARY_DOMAIN},${OTHER_SITES_LIST}"
-    for DOMAIN_NAME in ${SITE_LIST//,/ }; do
+    export DOMAIN_COUNT=$(("$(echo $DOMAIN_LIST | tr -cd , | wc -c)"+1))
    # let's provision our primary domain first.
    export DOMAIN_NAME="$PRIMARY_DOMAIN"
    export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
    export PRIMARY_WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
    stub_site_definition
    # bring the vms up under the primary domain name.
    instantiate_vms
    # let's stub out the rest of our site definitions, if any.
    for DOMAIN_NAME in ${OTHER_SITES_LIST//,/ }; do
        export DOMAIN_NAME="$DOMAIN_NAME"
        export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
        # the vms are named accordignt to the first domain listed.
        if [ $iteration = 0 ]; then
            # bring the vms up
            instantiate_vms
        fi
        # stub out the site_defition if it's doesn't exist.
        stub_site_definition
        # run the logic for a domain deployment.
        run_domain
        iteration=$((iteration+1))
    done
    # now let's run the www and btcpay-specific provisioning scripts.
    bash -c "./deployment/www/go.sh"
    bash -c "./deployment/btcpayserver/go.sh"
 elif [ "$VPS_HOSTING_TARGET" = aws ]; then
    stub_site_definition
--- a/deployment/btcpayserver/go.sh
+++ b/deployment/btcpayserver/go.sh
@ -3,7 +3,10 @@
 set -eux
 cd "$(dirname "$0")"
 export DOCKER_HOST="ssh://ubuntu@$BTCPAY_FQDN"
 OPEN_URL=false
 RUN_SERVICES=false
 # we will re-run the btcpayserver provisioning scripts if directed to do so.
 # if an update does occur, we grab another backup.
@ -58,8 +61,8 @@ fi
 if [ "$OPEN_URL" = true ]; then
    if [ "$VPS_HOSTING_TARGET" = lxd ]; then
-        if wait-for-it -t 5 "$WWW_FQDN:80"; then
+        if wait-for-it -t 5 "$PRIMARY_WWW_FQDN:80"; then
-            xdg-open "http://$WWW_FQDN" > /dev/null 2>&1
+            xdg-open "http://$PRIMARY_WWW_FQDN" > /dev/null 2>&1
        fi
    else
        if wait-for-it -t 5 "$FQDN:443"; then
--- a/deployment/deploy_vms.sh
+++ b/deployment/deploy_vms.sh
@ -60,7 +60,7 @@ elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
        # create a base image if needed and instantiate a VM.
        if [ -z "$MAC_ADDRESS_TO_PROVISION" ]; then
-            echo "ERROR: You MUST define a MAC Address for all your machines by setting WWW_MAC_ADDRESS, BTCPAY_MAC_ADDRESS in your site defintion."
+            echo "ERROR: You MUST define a MAC Address for all your machines by setting WWW_SERVER_MAC_ADDRESS, BTCPAYSERVER_MAC_ADDRESS in your site defintion."
            echo "INFO: IMPORTANT! You MUST have DHCP Reservations for these MAC addresses. You also need static DNS entries."
            exit 1
        fi
--- a/deployment/provision_vps.sh
+++ b/deployment/provision_vps.sh
@ -47,9 +47,8 @@ if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = certonly ]; then
        --amazonec2-ami "$AWS_AMI_ID" \
        --amazonec2-root-size "$ROOT_DISK_SIZE_GB" \
        --amazonec2-instance-type "$WWW_INSTANCE_TYPE" \
        --engine-label commit="$LATEST_GIT_COMMIT" \
        "$FQDN"
-        
+            #    --engine-label commit="$LATEST_GIT_COMMIT" \
 elif [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
    # creates a public VM in AWS and provisions the bcm website.
    docker-machine create --driver amazonec2 \
@ -62,9 +61,8 @@ elif [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
        --amazonec2-ami "$AWS_AMI_ID" \
        --amazonec2-root-size "$ROOT_DISK_SIZE_GB" \
        --amazonec2-instance-type "$BTCPAY_INSTANCE_TYPE" \
        --engine-label commit="$LATEST_GIT_COMMIT" \
        "$FQDN"
-
+#        --engine-label commit="$LATEST_GIT_COMMIT" \
 fi
 docker-machine scp "$CLUSTER_PATH/authorized_keys" "$FQDN:$REMOTE_HOME/authorized_keys"
--- a/deployment/www/backup.sh
+++ b/deployment/www/backup.sh
@ -9,12 +9,12 @@ cd "$(dirname "$0")"
 # maybe something like https://superuser.com/questions/616182/how-to-mount-local-directory-to-remote-like-sshfs
 # step 1: run duplicity on the remote system to backup all files to the remote system.
-ssh "$WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --allow-source-mismatch --exclude "$REMOTE_HOME/backups" "$REMOTE_HOME" "file://$REMOTE_BACKUP_PATH"
+ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --allow-source-mismatch --exclude "$REMOTE_HOME/backups" "$REMOTE_HOME" "file://$REMOTE_BACKUP_PATH"
-ssh "$WWW_FQDN" sudo chown -R ubuntu:ubuntu "$REMOTE_BACKUP_PATH"
+ssh "$PRIMARY_WWW_FQDN" sudo chown -R ubuntu:ubuntu "$REMOTE_BACKUP_PATH"
 # now let's pull down the latest files from the backup directory.
 # create a temp directory to serve as the mountpoint for the remote machine backups directory
-sshfs "$WWW_FQDN:$REMOTE_BACKUP_PATH" "$SSHFS_PATH"
+sshfs "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH" "$SSHFS_PATH"
 # rsync the files from the remote server to our local backup path.
 rsync -av "$SSHFS_PATH/" "$LOCAL_BACKUP_PATH/"
--- a/deployment/www/generate_certs.sh
+++ b/deployment/www/generate_certs.sh
@ -2,6 +2,7 @@
 set -ex
 # let's do a refresh of the certificates. Let's Encrypt will not run if it's not time.
 docker pull certbot/certbot:latest
@ -20,13 +21,38 @@ if [ "$VPS_HOSTING_TARGET" = aws ]; then
 elif [ "$VPS_HOSTING_TARGET" = lxd ]; then
    # with the lxd side, we are trying to expose ALL OUR services from one IP address, which terminates
    # at a cachehing reverse proxy that runs nginx.
    # docker run -it --rm \
    #     --name certbot \
    #     -p 80:80 \
    #     -p 443:443 \
    #     -v "$REMOTE_HOME/letsencrypt":/etc/letsencrypt \
    #     -v /var/lib/letsencrypt:/var/lib/letsencrypt \
    #     -v "$REMOTE_HOME/letsencrypt_logs":/var/log/letsencrypt \
    #     certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$PRIMARY_WWW_FQDN" -d "$BTCPAY_USER_FQDN" -d "$NEXTCLOUD_FQDN" -d "$GITEA_FQDN" -d "$NOSTR_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
    for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
        export DOMAIN_NAME="$DOMAIN_NAME"
        export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
        # source the site path so we know what features it has.
        source ../../reset_env.sh
        source "$SITE_PATH/site_definition"
        source ../../domain_env.sh
        # with the lxd side, we are trying to expose ALL OUR services from one IP address, which terminates
        # at a cachehing reverse proxy that runs nginx.
        ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs"
        docker run -it --rm \
            --name certbot \
            -p 80:80 \
            -p 443:443 \
-        -v "$REMOTE_HOME/letsencrypt":/etc/letsencrypt \
+            -v "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME":/etc/letsencrypt \
            -v /var/lib/letsencrypt:/var/lib/letsencrypt \
-        -v "$REMOTE_HOME/letsencrypt_logs":/var/log/letsencrypt \
+            -v "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs":/var/log/letsencrypt \
            certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$WWW_FQDN" -d "$BTCPAY_USER_FQDN" -d "$NEXTCLOUD_FQDN" -d "$GITEA_FQDN" -d "$NOSTR_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
    done
 fi
--- a/deployment/www/go.sh
+++ b/deployment/www/go.sh
@ -1,8 +1,25 @@
 #!/bin/bash
-set -exuo
+set -exu
 cd "$(dirname "$0")"
 # Create the nginx config file which covers all domains.
 bash -c ./stub_nginxconf.sh
 # redirect all docker commands to the remote host.
 export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
 for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
    export DOMAIN_NAME="$DOMAIN_NAME"
    export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
    # source the site path so we know what features it has.
    source ../../reset_env.sh
    source "$SITE_PATH/site_definition"
    source ../../domain_env.sh
    ### Let's check to ensure all the requiredsettings are set.
    if [ "$DEPLOY_GHOST" = true ]; then
        if [ -z "$GHOST_MYSQL_PASSWORD" ]; then
            echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site_definition."
@ -66,29 +83,27 @@ if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
        exit 1
    fi
 bash -c ./stub_nginxconf.sh
    TOR_CONFIG_PATH=
 ssh "$WWW_FQDN" mkdir -p "$REMOTE_HOME/ghost_site" "$REMOTE_HOME/ghost_db"
    if [ "$DEPLOY_NEXTCLOUD" = true ]; then
-    ssh "$WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
+        ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
-    ssh "$WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs"
+        ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs"
-    ssh "$WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html"
+        ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html"
    fi
    if [ "$DEPLOY_GITEA" = true ]; then
        ssh "$FQDN" "mkdir -p $REMOTE_GITEA_PATH/data $REMOTE_GITEA_PATH/db"
    fi
 done
 ### The next series of commands 
 # stop services.
 if docker stack list --format "{{.Name}}" | grep -q webstack; then
    docker stack rm webstack
    sleep 15
 fi
 if [ "$BACKUP_WWW"  = true ]; then
    ./backup.sh
 fi
@ -98,8 +113,11 @@ if [ "$RESTORE_WWW" = true ]; then
    # just created, we know that we'll deploy fresh.
    ./restore.sh
 else
    if [ "$RUN_CERT_RENEWAL" = true ]; then
        ./generate_certs.sh
    fi
 fi
 if [ "$DEPLOY_ONION_SITE" = true ]; then
@ -108,8 +126,8 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
    # if the tor folder doesn't exist, we provision a new one. Otherwise you need to restore.
    # this is how we generate a new torv3 endpoint.
-    if ! ssh "$WWW_FQDN" "[ -d $REMOTE_HOME/tor/www ]"; then
+    if ! ssh "$PRIMARY_WWW_FQDN" "[ -d $REMOTE_HOME/tor/www ]"; then
-        ssh "$WWW_FQDN" "mkdir -p $REMOTE_HOME/tor"
+        ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_HOME/tor"
        TOR_CONFIG_PATH="$(pwd)/tor/torrc-init"
        export TOR_CONFIG_PATH="$TOR_CONFIG_PATH"
        docker stack deploy -c ./tor.yml torstack
@ -118,37 +136,31 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
        sleep 20
    fi
-    ONION_ADDRESS="$(ssh "$WWW_FQDN" sudo cat "${REMOTE_HOME}"/tor/www/hostname)"
+    ONION_ADDRESS="$(ssh "$PRIMARY_WWW_FQDN" sudo cat "${REMOTE_HOME}"/tor/www/hostname)"
    export ONION_ADDRESS="$ONION_ADDRESS"
    # # Since we run a separate ghost process, we create a new directory and symlink it to the original
-    # if ! ssh "$WWW_FQDN" "[ -L $REMOTE_HOME/tor_ghost ]"; then
+    # if ! ssh "$PRIMARY_WWW_FQDN" "[ -L $REMOTE_HOME/tor_ghost ]"; then
-    #     ssh "$WWW_FQDN" ln -s "$REMOTE_HOME/ghost_site/themes $REMOTE_HOME/tor_ghost/themes"
+    #     ssh "$PRIMARY_WWW_FQDN" ln -s "$REMOTE_HOME/ghost_site/themes $REMOTE_HOME/tor_ghost/themes"
    # fi
 fi
 #if [ "$RUN_SERVICES" = true ]; then
 mkdir -p "$SITE_PATH/stacks"
 DOCKER_YAML_PATH="$SITE_PATH/stacks/www.yml"
 export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
 bash -c ./stub_docker_yml.sh
-docker stack deploy -c "$DOCKER_YAML_PATH" webstack
+# # start a browser session; point it to port 80 to ensure HTTPS redirect.
 # wait-for-it -t 320 "$PRIMARY_WWW_FQDN:80"
 # wait-for-it -t 320 "$PRIMARY_WWW_FQDN:443"
-# start a browser session; point it to port 80 to ensure HTTPS redirect.
+# # open bowser tabs.
-wait-for-it -t 320 "$WWW_FQDN:80"
+# if [ "$DEPLOY_GHOST" = true ]; then
-wait-for-it -t 320 "$WWW_FQDN:443"
+#     xdg-open "http://$PRIMARY_WWW_FQDN" > /dev/null 2>&1
 # open bowser tabs.
 if [ "$DEPLOY_GHOST" = true ]; then
    xdg-open "http://$WWW_FQDN" > /dev/null 2>&1
 fi
 if [ "$DEPLOY_NEXTCLOUD" = true ]; then
    xdg-open "http://$NEXTCLOUD_FQDN" > /dev/null 2>&1
 fi
 if [ "$DEPLOY_GITEA" = true ]; then
    xdg-open "http://$GITEA_FQDN" > /dev/null 2>&1
 fi
 # fi
 # if [ "$DEPLOY_NEXTCLOUD" = true ]; then
 #     xdg-open "http://$NEXTCLOUD_FQDN" > /dev/null 2>&1
 # fi
 # if [ "$DEPLOY_GITEA" = true ]; then
 #     xdg-open "http://$GITEA_FQDN" > /dev/null 2>&1
 # fi
 # #fi
--- a/deployment/www/restore.sh
+++ b/deployment/www/restore.sh
@ -7,13 +7,13 @@ set -exu
 # indeed, our first step is the delete the home directory on the remote server.
 # delete the home directory so we know we are restoring all files from the duplicity archive.
-ssh "$WWW_FQDN" sudo rm -rf "$REMOTE_HOME/*"
+ssh "$PRIMARY_WWW_FQDN" sudo rm -rf "$REMOTE_HOME/*"
 # scp our local backup directory to the remote machine
-ssh "$WWW_FQDN" mkdir -p "$REMOTE_BACKUP_PATH"
+ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_BACKUP_PATH"
 # TODO instead of scp the files up there, lets' mount the local backup folder to a remote folder then just run a duplicity restore.
-scp -r "$LOCAL_BACKUP_PATH/" "$WWW_FQDN:$REMOTE_HOME/backups/$VIRTUAL_MACHINE"
+scp -r "$LOCAL_BACKUP_PATH" "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH"
 # now we run duplicity to restore the archive.
-ssh "$WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/" "$REMOTE_HOME/"
+ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/$BACKUP_TIMESTAMP" "$REMOTE_HOME/"
--- a/deployment/www/stub_docker_yml.sh
+++ b/deployment/www/stub_docker_yml.sh
@ -1,17 +1,96 @@
 #!/bin/bash
-set -eu
+set -eux
 cd "$(dirname "$0")"
 if [ "$DEPLOY_ONION_SITE" = true ]; then
    if [ -z "$ONION_ADDRESS" ]; then
        echo "ERROR: ONION_ADDRESS is not defined."
        exit 1
    fi
 fi
 ssh "$PRIMARY_WWW_FQDN" sudo rm -rf /home/ubuntu/ghost
 sleep 4
 #https://github.com/fiatjaf/expensive-relay
 # NOSTR RELAY WHICH REQUIRES PAYMENTS.
 DOCKER_YAML_PATH="$PROJECT_PATH/nginx.yml"
 cat > "$DOCKER_YAML_PATH" <<EOL
 version: "3.8"
 services:
  nginx:
    image: ${NGINX_IMAGE}
    ports:
      - 0.0.0.0:443:443
      - 0.0.0.0:80:80
    networks:
 EOL
    for i in $(seq 0 $DOMAIN_COUNT); do
        cat >> "$DOCKER_YAML_PATH" <<EOL
        - ghostnet-$i
 EOL
    done
        cat >> "$DOCKER_YAML_PATH" <<EOL
    volumes:
      - ${REMOTE_HOME}/letsencrypt:/etc/letsencrypt:ro
    configs:
      - source: nginx-config
        target: /etc/nginx/nginx.conf
    deploy:
      restart_policy:
        condition: on-failure
 configs:
  nginx-config:
    file: ${PROJECT_PATH}/nginx.conf
 EOL
    cat >> "$DOCKER_YAML_PATH" <<EOL
 networks:
 EOL
    for i in $(seq 0 $DOMAIN_COUNT); do
        cat >> "$DOCKER_YAML_PATH" <<EOL
  ghostnet-$i:
    attachable: true
 EOL
    done
 docker stack deploy -c "$DOCKER_YAML_PATH" "reverse-proxy"
 # iterate over all our domains and create the nginx config file.
 domain_number=0
 for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
    export DOMAIN_NAME="$DOMAIN_NAME"
    export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
    ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_HOME/ghost/$DOMAIN_NAME/ghost" "$REMOTE_HOME/ghost/$DOMAIN_NAME/db"
    # source the site path so we know what features it has.
    source ../../reset_env.sh
    source "$SITE_PATH/site_definition"
    source ../../domain_env.sh
    STACK_TAG="ghost-$domain_number"
    # todo append domain number or port number.
    mkdir -p "$SITE_PATH/webstack"
    DOCKER_YAML_PATH="$SITE_PATH/webstack/$STACK_TAG.yml"
    export DOCKER_YAML_PATH="$DOCKER_YAML_PATH"
    # if [ "$DEPLOY_ONION_SITE" = true ]; then
    #     if [ -z "$ONION_ADDRESS" ]; then
    #         echo "ERROR: ONION_ADDRESS is not defined."
    #         exit 1
    #     fi
    # fi
    # here's the NGINX config. We support ghost and nextcloud.
    echo "" > "$DOCKER_YAML_PATH"
@ -24,17 +103,17 @@ EOL
    # This is the ghost for HTTPS (not over Tor)
    cat >>"$DOCKER_YAML_PATH" <<EOL
-  ghost:
+  ghost-${domain_number}:
    image: ${GHOST_IMAGE}
    networks:
-      - ghost-net
+      - ghostnet-${domain_number}
-      - ghostdb-net
+      - ghostdbnet-${domain_number}
    volumes:
-      - ${REMOTE_HOME}/ghost_site:/var/lib/ghost/content
+      - ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/ghost:/var/lib/ghost/content
    environment:
-      - url=https://${WWW_FQDN}
+      - url=https://${PRIMARY_WWW_FQDN}
      - database__client=mysql
-      - database__connection__host=ghostdb
+      - database__connection__host=ghostdb-${domain_number}
      - database__connection__user=ghost
      - database__connection__password=\${GHOST_MYSQL_PASSWORD}
      - database__connection__database=ghost
@ -44,12 +123,12 @@ cat >>"$DOCKER_YAML_PATH" <<EOL
      restart_policy:
        condition: on-failure
-  ghostdb:
+  ghostdb-${domain_number}:
    image: ${GHOST_DB_IMAGE}
    networks:
-      - ghostdb-net
+      - ghostdbnet-${domain_number}
    volumes:
-      - ${REMOTE_HOME}/ghost_db:/var/lib/mysql
+      - ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/db:/var/lib/mysql
    environment:
       - MYSQL_ROOT_PASSWORD=\${GHOST_MYSQL_ROOT_PASSWORD}
       - MYSQL_DATABASE=ghost
@ -62,199 +141,166 @@ cat >>"$DOCKER_YAML_PATH" <<EOL
 EOL
-if [ "$DEPLOY_NEXTCLOUD" = true ]; then
+#     if [ "$DEPLOY_NEXTCLOUD" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
-  nextcloud-db:
+#   nextcloud-db:
-    image: ${NEXTCLOUD_DB_IMAGE}
+#     image: ${NEXTCLOUD_DB_IMAGE}
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF
+#     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF
-    networks:
+#     networks:
-      - nextclouddb-net
+#       - nextclouddb-net
-    volumes:
+#     volumes:
-      - ${REMOTE_HOME}/nextcloud/db/data:/var/lib/mysql
+#       - ${REMOTE_HOME}/nextcloud/db/data:/var/lib/mysql
-    environment:
+#     environment:
-      - MARIADB_ROOT_PASSWORD=\${NEXTCLOUD_MYSQL_ROOT_PASSWORD}
+#       - MARIADB_ROOT_PASSWORD=\${NEXTCLOUD_MYSQL_ROOT_PASSWORD}
-      - MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
+#       - MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
-      - MYSQL_DATABASE=nextcloud
+#       - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
+#       - MYSQL_USER=nextcloud
-    deploy:
+#     deploy:
-      restart_policy:
+#       restart_policy:
-        condition: on-failure
+#         condition: on-failure
-  nextcloud:
+#   nextcloud:
-    image: ${NEXTCLOUD_IMAGE}
+#     image: ${NEXTCLOUD_IMAGE}
-    networks:
+#     networks:
-      - nextclouddb-net
+#       - nextclouddb-net
-      - nextcloud-net
+#       - nextcloud-net
-    volumes:
+#     volumes:
-      - ${REMOTE_HOME}/nextcloud/html:/var/www/html
+#       - ${REMOTE_HOME}/nextcloud/html:/var/www/html
-    environment:
+#     environment:
-      - MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
+#       - MYSQL_PASSWORD=\${NEXTCLOUD_MYSQL_PASSWORD}
-      - MYSQL_DATABASE=nextcloud
+#       - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
+#       - MYSQL_USER=nextcloud
-      - MYSQL_HOST=nextcloud-db
+#       - MYSQL_HOST=nextcloud-db
-      - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN_NAME}
+#       - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN_NAME}
-      - OVERWRITEHOST=${NEXTCLOUD_FQDN}
+#       - OVERWRITEHOST=${NEXTCLOUD_FQDN}
-      - OVERWRITEPROTOCOL=https
+#       - OVERWRITEPROTOCOL=https
-      - SERVERNAME=${NEXTCLOUD_FQDN}
+#       - SERVERNAME=${NEXTCLOUD_FQDN}
-    deploy:
+#     deploy:
-      restart_policy:
+#       restart_policy:
-        condition: on-failure
+#         condition: on-failure
-EOL
+# EOL
-fi
+#     fi
-if [ "$DEPLOY_NOSTR" = true ]; then
+#     if [ "$DEPLOY_GITEA" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
-  # TODO
+#   gitea:
 #     image: ${GITEA_IMAGE}
 #     volumes:
 #       - ${REMOTE_GITEA_PATH}/data:/data
 #       - /etc/timezone:/etc/timezone:ro
 #       - /etc/localtime:/etc/localtime:ro
 #     environment:
 #       - USER_UID=1000
 #       - USER_GID=1000
 #       - ROOT_URL=https://${GITEA_FQDN}
 #       - GITEA__database__DB_TYPE=mysql
 #       - GITEA__database__HOST=gitea-db:3306
 #       - GITEA__database__NAME=gitea
 #       - GITEA__database__USER=gitea
 #       - GITEA__PASSWD=\${GITEA_MYSQL_PASSWORD}
 #     networks:
 #       - gitea-net
 #       - giteadb-net
 #     deploy:
 #       restart_policy:
 #         condition: on-failure
-
+#   gitea-db:
-EOL
+#     image: ${GITEA_DB_IMAGE}
-fi
+#     networks:
-
+#       - giteadb-net
-if [ "$DEPLOY_GITEA" = true ]; then
+#     volumes:
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#       - ${REMOTE_GITEA_PATH}/db:/var/lib/mysql
-  gitea:
+#     environment:
-    image: ${GITEA_IMAGE}
+#       - MYSQL_ROOT_PASSWORD=\${GITEA_MYSQL_ROOT_PASSWORD}
-    volumes:
+#       - MYSQL_PASSWORD=\${GITEA_MYSQL_PASSWORD}
-      - ${REMOTE_GITEA_PATH}/data:/data
+#       - MYSQL_DATABASE=gitea
-      - /etc/timezone:/etc/timezone:ro
+#       - MYSQL_USER=gitea
-      - /etc/localtime:/etc/localtime:ro
+#     deploy:
-    environment:
+#       restart_policy:
-      - USER_UID=1000
+#         condition: on-failure
-      - USER_GID=1000
+# EOL
-      - ROOT_URL=https://${GITEA_FQDN}
+#     fi
      - GITEA__database__DB_TYPE=mysql
      - GITEA__database__HOST=gitea-db:3306
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__PASSWD=\${GITEA_MYSQL_PASSWORD}
    networks:
      - gitea-net
      - giteadb-net
    deploy:
      restart_policy:
        condition: on-failure
  gitea-db:
    image: ${GITEA_DB_IMAGE}
    networks:
      - giteadb-net
    volumes:
      - ${REMOTE_GITEA_PATH}/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=\${GITEA_MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=\${GITEA_MYSQL_PASSWORD}
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
    deploy:
      restart_policy:
        condition: on-failure
 EOL
 fi
-if [ "$DEPLOY_ONION_SITE" = true ]; then
+#     if [ "$DEPLOY_ONION_SITE" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
-  # a hidden service that routes to the nginx container at http://onionurl.onion server block
+#   # a hidden service that routes to the nginx container at http://onionurl.onion server block
-  tor-onion:
+#   tor-onion:
-    image: tor:latest
+#     image: tor:latest
-    networks:
+#     networks:
-      - tor-net
+#       - tor-net
-    volumes:
+#     volumes:
-      - ${REMOTE_HOME}/tor:/var/lib/tor
+#       - ${REMOTE_HOME}/tor:/var/lib/tor
-      - tor-logs:/var/log/tor
+#       - tor-logs:/var/log/tor
-    configs:
+#     configs:
-      - source: tor-config
+#       - source: tor-config
-        target: /etc/tor/torrc
+#         target: /etc/tor/torrc
-        mode: 0644
+#         mode: 0644
-    deploy:
+#     deploy:
-      mode: replicated
+#       mode: replicated
-      replicas: 1
+#       replicas: 1
-      restart_policy:
+#       restart_policy:
-        condition: on-failure
+#         condition: on-failure
-  tor-ghost:
+#   tor-ghost:
-    image: ${GHOST_IMAGE}
+#     image: ${GHOST_IMAGE}
-    networks:
+#     networks:
-      - ghostdb-net
+#       - ghostdb-net
-      - ghost-net
+#       - ghost-net
-    volumes:
+#     volumes:
-      - ${REMOTE_HOME}/tor_ghost:/var/lib/ghost/content
+#       - ${REMOTE_HOME}/tor_ghost:/var/lib/ghost/content
-    environment:
+#     environment:
-      - url=https://${ONION_ADDRESS}
+#       - url=https://${ONION_ADDRESS}
-      - database__client=mysql
+#       - database__client=mysql
-      - database__connection__host=ghostdb
+#       - database__connection__host=ghostdb
-      - database__connection__user=ghost
+#       - database__connection__user=ghost
-      - database__connection__password=\${GHOST_MYSQL_PASSWORD}
+#       - database__connection__password=\${GHOST_MYSQL_PASSWORD}
-      - database__connection__database=ghost
+#       - database__connection__database=ghost
-    deploy:
+#     deploy:
-      restart_policy:
+#       restart_policy:
-        condition: on-failure
+#         condition: on-failure
-EOL
+# EOL
-fi
+#     fi
-#https://github.com/fiatjaf/expensive-relay
+#     if [ "$DEPLOY_ONION_SITE" = true ]; then
-# NOSTR RELAY WHICH REQUIRES PAYMENTS.
+# cat >>"$DOCKER_YAML_PATH" <<EOL
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#       - torghost-net
-  nginx:
+# EOL
-    image: ${NGINX_IMAGE}
+#     fi
    ports:
      - 0.0.0.0:443:443
      - 0.0.0.0:80:80
    networks:
      - ghost-net
 EOL
-if [ "$DEPLOY_ONION_SITE" = true ]; then
+#     if [ "$DEPLOY_NEXTCLOUD" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+# cat >>"$DOCKER_YAML_PATH" <<EOL
-      - torghost-net
+#       - nextcloud-net
-EOL
+# EOL
-fi
+#     fi
-if [ "$DEPLOY_NEXTCLOUD" = true ]; then
+#     if [ "$DEPLOY_GITEA" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+# cat >>"$DOCKER_YAML_PATH" <<EOL
-      - nextcloud-net
+#       - gitea-net
-EOL
+# EOL
-fi
+#     fi
-if [ "$DEPLOY_GITEA" = true ]; then
+#     if [ "$DEPLOY_ONION_SITE" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+# cat >>"$DOCKER_YAML_PATH" <<EOL
-      - gitea-net
+#       - tor-net
-EOL
+# EOL
-fi
+#     fi
-if [ "$DEPLOY_ONION_SITE" = true ]; then
+#     if [ "$DEPLOY_ONION_SITE" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
      - tor-net
 EOL
 fi
-# the rest of the nginx config
+# volumes:
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#   tor-data:
-    volumes:
+#   tor-logs:
      - ${REMOTE_HOME}/letsencrypt:/etc/letsencrypt:ro
    configs:
      - source: nginx-config
        target: /etc/nginx/nginx.conf
    deploy:
      restart_policy:
        condition: on-failure
-EOL
+# EOL
-
+#     fi
-if [ "$DEPLOY_ONION_SITE" = true ]; then
+#     #-------------------------
 cat >>"$DOCKER_YAML_PATH" <<EOL
 volumes:
  tor-data:
  tor-logs:
 EOL
 fi
 #-------------------------
 # networks ----------------------
    cat >>"$DOCKER_YAML_PATH" <<EOL
@ -263,46 +309,46 @@ EOL
    if [ "$DEPLOY_GHOST" = true ]; then
        cat >>"$DOCKER_YAML_PATH" <<EOL
-  ghost-net:
+    ghostnet-${domain_number}:
-  ghostdb-net:
+      name: "reverse-proxy_ghostnet-${domain_number}"
      external: true
    ghostdbnet-${domain_number}:
 EOL
    fi
-if [ "$DEPLOY_NEXTCLOUD" = true ]; then
+#     if [ "$DEPLOY_NEXTCLOUD" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
-  nextclouddb-net:
+#   nextclouddb-net:
-  nextcloud-net:
+#   nextcloud-net:
-EOL
+# EOL
-fi
+#     fi
-if [ "$DEPLOY_GITEA" = true ]; then
+#     if [ "$DEPLOY_GITEA" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
-  gitea-net:
+#   gitea-net:
-  giteadb-net:
+#   giteadb-net:
-EOL
+# EOL
-fi
+#     fi
-if [ "$DEPLOY_ONION_SITE" = true ]; then
+#     if [ "$DEPLOY_ONION_SITE" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
-  tor-net:
+#   tor-net:
-  torghost-net:
+#   torghost-net:
-EOL
+# EOL
-fi
+#     fi
-# -------------------------------
+#     # -------------------------------
-# configs ----------------------
+#     if [ "$DEPLOY_ONION_SITE" = true ]; then
-cat >>"$DOCKER_YAML_PATH" <<EOL
+#         cat >>"$DOCKER_YAML_PATH" <<EOL
 #   tor-config:
 #     file: $(pwd)/tor/torrc
 # EOL
 #     fi
 #     # -----------------------------
 configs:
  nginx-config:
    file: ${PROJECT_PATH}/nginx.conf
 EOL
-if [ "$DEPLOY_ONION_SITE" = true ]; then
+    docker stack deploy -c "$DOCKER_YAML_PATH" "$STACK_TAG"
-cat >>"$DOCKER_YAML_PATH" <<EOL
+
-  tor-config:
+    domain_number=$((domain_number+1))
-    file: $(pwd)/tor/torrc
+done
 EOL
 fi
 # -----------------------------
--- a/deployment/www/stub_nginxconf.sh
+++ b/deployment/www/stub_nginxconf.sh
@ -4,16 +4,28 @@ set -eu
 cd "$(dirname "$0")"
 if [ "$DEPLOY_ONION_SITE" = true ]; then
    if [ -z "$ONION_ADDRESS" ]; then
        echo "ERROR: ONION_ADDRESS is not defined."
        exit 1
    fi
 fi
 # here's the NGINX config. We support ghost and nextcloud.
 NGINX_CONF_PATH="$PROJECT_PATH/nginx.conf"
 # clear the existing nginx config.
 echo "" > "$NGINX_CONF_PATH"
 # iterate over all our domains and create the nginx config file.
 iteration=0
 echo "DOMAIN_LIST: $DOMAIN_LIST"
 for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
    export DOMAIN_NAME="$DOMAIN_NAME"
    export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
    export CONTAINER_TLS_PATH="/etc/letsencrypt/${DOMAIN_NAME}/live/${DOMAIN_NAME}"
    # source the site path so we know what features it has.
    source ../../reset_env.sh
    source "$SITE_PATH/site_definition"
    source ../../domain_env.sh
    echo "Doing DOMAIN_NAME: $DOMAIN_NAME"
    if [ $iteration = 0 ]; then
        cat >>"$NGINX_CONF_PATH" <<EOL
 events {
    worker_connections  1024;
@ -31,7 +43,6 @@ http {
    proxy_busy_buffers_size         256k;
    client_header_buffer_size       500k;
    large_client_header_buffers     4 500k;
    http2_max_field_size       500k;
    http2_max_header_size           500k;
    # Needed websocket support (used by Ledger hardware wallets)
@ -43,11 +54,11 @@ http {
    # return 403 for all non-explicit hostnames
    server {
       listen 80 default_server;
-       return 403;
+       return 301 https://${WWW_FQDN}\$request_uri;
    }
 EOL
-
+    fi
    # ghost http to https redirects.
    cat >>"$NGINX_CONF_PATH" <<EOL
@ -124,6 +135,8 @@ EOL
        fi
    fi
    if [ "$iteration" = 0 ]; then
        # TLS config for ghost.
        cat >>"$NGINX_CONF_PATH" <<EOL
    # global TLS settings
@ -143,31 +156,39 @@ cat >>"$NGINX_CONF_PATH" <<EOL
    server {
        listen 443 default_server;
-        ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+        ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
        return 403;
    }
    # maybe helps with Twitter cards.
-    map \$http_user_agent \$og_prefix {
+    #map \$http_user_agent \$og_prefix {
-        ~*(googlebot|twitterbot)/  /open-graph;
+    #    ~*(googlebot|twitterbot)/  /open-graph;
-    }
+    #}
 EOL
    fi
-    # https://${DOMAIN_NAME} redirect to https://${FQDN}
+        cat >>"$NGINX_CONF_PATH" <<EOL
    # https://${DOMAIN_NAME} redirect to https://${WWW_FQDN}
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
-        ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+        ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
        server_name ${DOMAIN_NAME};
        # catch all; send request to ${WWW_FQDN}
        location / {
            return 301 https://${WWW_FQDN}\$request_uri;
        }
 EOL
-###########################################
+
    if [ "$DEPLOY_NOSTR" = true ]; then
        cat >>"$NGINX_CONF_PATH" <<EOL
@ -183,21 +204,14 @@ cat >>"$NGINX_CONF_PATH" <<EOL
 EOL
    fi
 cat >>"$NGINX_CONF_PATH" <<EOL
        # catch all; send request to ${WWW_FQDN}
        location / {
            return 301 https://${WWW_FQDN}\$request_uri;
        }
 EOL
 #####################################################
    cat >>"$NGINX_CONF_PATH" <<EOL
    }
    #access_log /var/log/nginx/ghost-access.log;
    #error_log /var/log/nginx/ghost-error.log;
 EOL
 if [ "$ENABLE_NGINX_CACHING" = true ]; then
 cat >>"$NGINX_CONF_PATH" <<EOL
    # main TLS listener; proxies requests to ghost service. NGINX configured to cache
@ -206,7 +220,6 @@ EOL
    fi
    # SERVER block for BTCPAY Server
    if [ "$VPS_HOSTING_TARGET" = lxd ]; then
        # gitea http to https redirect.
@ -218,9 +231,9 @@ if [ "$VPS_HOSTING_TARGET" = lxd ]; then
        listen 443 ssl http2;
        ssl on;
-        ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+        ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
        server_name ${BTCPAY_USER_FQDN};
@ -245,23 +258,15 @@ fi
 # the open server block for the HTTPS listener
    cat >>"$NGINX_CONF_PATH" <<EOL
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
-        ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+        ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
        server_name ${WWW_FQDN};
 EOL
@ -284,7 +289,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
            proxy_set_header X-Forwarded-For    \$proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto  \$scheme;
            proxy_intercept_errors  on;
-            proxy_pass http://ghost:2368;
+            proxy_pass http://ghost-${iteration}:2368;
        }
 EOL
@ -306,7 +311,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
            proxy_set_header X-Forwarded-For    \$proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto  \$scheme;
            proxy_intercept_errors  on;
-            proxy_pass http://ghost:2368;
+            proxy_pass http://ghost-${iteration}:2368;
 EOL
    if [ "$ENABLE_NGINX_CACHING" = true ]; then
@ -354,7 +359,7 @@ EOL
        #     proxy_set_header X-Forwarded-For    \$proxy_add_x_forwarded_for;
        #     proxy_set_header X-Forwarded-Proto  \$scheme;
        #     proxy_intercept_errors  on;
-        #     proxy_pass http://ghost:2368\$og_prefix\$request_uri;
+        #     proxy_pass http://ghost-${iteration}::2368\$og_prefix\$request_uri;
        # }
 # this is the closing server block for the ghost HTTPS segment
@ -394,9 +399,9 @@ cat >>"$NGINX_CONF_PATH" <<EOL
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
-        ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+        ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
-        ssl_trusted_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+        ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
        server_name ${NEXTCLOUD_FQDN};
@ -422,6 +427,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
        }
    }
 EOL
    fi
@ -449,6 +455,9 @@ cat >>"$NGINX_CONF_PATH" <<EOL
 EOL
    fi
    iteration=$((iteration+1))
 done
 # add the closing brace.
 cat >>"$NGINX_CONF_PATH" <<EOL
 }
--- a/domain_env.sh
+++ b/domain_env.sh
@ -0,0 +1,18 @@
 #!/bin/bash
 set -ex
 # TODO, ensure VPS_HOSTING_TARGET is in range.
 export NEXTCLOUD_FQDN="$NEXTCLOUD_HOSTNAME.$DOMAIN_NAME"
 export BTCPAY_FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
 export BTCPAY_USER_FQDN="$BTCPAY_HOSTNAME_IN_CERT.$DOMAIN_NAME"
 export WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
 export GITEA_FQDN="$GITEA_HOSTNAME.$DOMAIN_NAME"
 export NOSTR_FQDN="$NOSTR_HOSTNAME.$DOMAIN_NAME"
 export ADMIN_ACCOUNT_USERNAME="info"
 export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME"
 export REMOTE_NEXTCLOUD_PATH="$REMOTE_HOME/nextcloud"
 export REMOTE_GITEA_PATH="$REMOTE_HOME/gitea"
 export BTC_CHAIN="$BTC_CHAIN"
 export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE"
 export BTCPAY_ADDITIONAL_HOSTNAMES="$BTCPAY_ADDITIONAL_HOSTNAMES"
--- a/reset.sh
+++ b/reset.sh
@ -2,13 +2,14 @@
 set -x
 CLUSTER_NAME="development"
 SSH_ENDPOINT_HOSTNAME="atlantis"
 SSH_ENDPOINT_DOMAIN_NAME="ancapistan.io"
 TEST_DOMAIN="ancapistan.casa"
 CLUSTER_NAME="development"
 export LXD_VM_NAME="${TEST_DOMAIN//./-}"
 if [ -n "$TEST_DOMAIN" ]; then
    lxc delete --force www-"$LXD_VM_NAME"
    lxc delete --force btcpay-"$LXD_VM_NAME"
    lxc delete --force sovereign-stack
@ -16,6 +17,8 @@ lxc delete --force sovereign-stack-base
    lxc profile delete www-"$LXD_VM_NAME"
    lxc profile delete btcpay-"$LXD_VM_NAME"
 fi
 lxc profile delete sovereign-stack
 lxc image rm sovereign-stack-base
@ -30,6 +33,7 @@ lxc remote remove "$CLUSTER_NAME"
 source "$HOME/.bashrc"
-./cluster.sh create "$CLUSTER_NAME" "$SSH_ENDPOINT_HOSTNAME.$SSH_ENDPOINT_DOMAIN_NAME" --data-plane-interface=enp89s0
+./cluster.sh create "$CLUSTER_NAME" "$SSH_ENDPOINT_HOSTNAME.$SSH_ENDPOINT_DOMAIN_NAME" 
 #--data-plane-interface=enp89s0
 #./deploy.sh
--- a/reset_env.sh
+++ b/reset_env.sh
@ -0,0 +1,22 @@
 #!/bin/bash
 set -ex
 export DOMAIN_NAME=
 export DUPLICITY_BACKUP_PASSPHRASE=
 export BTCPAY_HOSTNAME_IN_CERT=
 export DEPLOY_GHOST=true
 export DEPLOY_NEXTCLOUD=true
 export DEPLOY_NOSTR=false
 export NOSTR_ACCOUNT_PUBKEY=
 export DEPLOY_GITEA=false
 export DEPLOY_ONION_SITE=false
 export GHOST_MYSQL_PASSWORD=
 export GHOST_MYSQL_ROOT_PASSWORD=
 export NEXTCLOUD_MYSQL_PASSWORD=
 export NEXTCLOUD_MYSQL_ROOT_PASSWORD=
 export GITEA_MYSQL_PASSWORD=
 export GITEA_MYSQL_ROOT_PASSWORD=
 SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 source "$SCRIPT_DIR/defaults.sh"