BTCPay and documentation updates.

README.md

@@ -1,3 +1,13 @@
 # Documentation
 
-All documentation for this project can be found at the [sovereign-stack.org](https://www.sovereign-stack.org).
+The Sovereign Stack scripts in this repository are meant to be cloned to and executed from your management machine.
+
+You can update Sovereign Stack scripts on your management machine by running `git pull --all`. Generally, you want to use ONLY signed git tags for your deployments. Use `git checkout v0.1.0` for example to switch to a specific version of Sovereign Stack. The scripts ensure check to ensure that the code you're running on your management machine is GREATER THAN OR EQUAL TO each of your active deployments (TODO).
+
+Once your managent machine is using a specific version of code, you will want to run the various scripts. But before you can do that, you need to bring a bare-metal Ubuntu 22.04 cluster host under management. Generally speaking you will run `ss-cluster` to bring a new bare-metal host under management of your management machine. This can be run AFTER you have verified SSH access to the bare-metal hosts. The device SHOULD also have a DHCP Reservation and DNS records in place. 
+
+After you have taken a machine under management, you can run `ss-deploy` it. All Sovereign Stack scripts execute against your current lxc remote. (Run `lxc remote list` to see your remotes). This will deploy Sovereign Stack software to your active remote in accordance with the various cluster, project, and site defintions. These files are stubbed out for the user automatically and documetnation guides the user through the process.
+
+It is the responsiblity of the management machine (i.e,. system owner) to run the scripts on a regular and ongoing basis to ensure active deployments stay up-to-date with the Sovereign Stack master branch.
+
+All other documentation for this project can be found at the [sovereign-stack.org](https://www.sovereign-stack.org).

cluster.sh

@@ -167,7 +167,7 @@ ssh -t "ubuntu@$FQDN" "
 
 # install lxd as a snap if it's not installed. We only really use the LXC part of this package.
 if ! snap list | grep -q lxd; then
-    sudo -A snap install lxd
+    sudo snap install lxd --candidate
     sleep 4
 fi
 "
@@ -196,7 +196,7 @@ networks:
     dns.mode: "none"
   #managed: true
   description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-}
-  # lxdbrSS is an isolated bridge; no Internet access.
+  # lxdbrSS is an isolated inter-vm network segment with no outbount Internet access.
 
 cluster:
   server_name: ${CLUSTER_NAME}

defaults.sh

@@ -2,9 +2,8 @@
 
 set -eu
 
-export DEPLOY_WWW_SERVER=false
 export WWW_SERVER_MAC_ADDRESS=
-export DEPLOY_BTCPPAY_SERVER=false
+
 
 export DEPLOY_GHOST=true
 export DEPLOY_NOSTR_RELAY=true
@@ -13,8 +12,8 @@ export DEPLOY_NEXTCLOUD=false
 export DEPLOY_GITEA=false
 
 export WWW_HOSTNAME="www"
-export BTCPAY_HOSTNAME="btcpay"
-export BTCPAY_HOSTNAME_IN_CERT="tip"
+export BTCPAY_HOSTNAME="btcpayserver"
+export BTCPAY_HOSTNAME_IN_CERT="btcpay"
 export NEXTCLOUD_HOSTNAME="nextcloud"
 export GITEA_HOSTNAME="git"
 export NOSTR_HOSTNAME="relay"
@@ -58,8 +57,6 @@ BTCPAY_INSTANCE_TYPE="t2.medium"
 export WWW_INSTANCE_TYPE="$WWW_INSTANCE_TYPE"
 export BTCPAY_INSTANCE_TYPE="$BTCPAY_INSTANCE_TYPE"
 
-# TODO REMOVE SMTP_PASSWORD ONCE VERIFIED NO LONGER NEEDED
-#export SMTP_PASSWORD=
 export GHOST_MYSQL_PASSWORD=
 export GHOST_MYSQL_ROOT_PASSWORD=
 export NEXTCLOUD_MYSQL_PASSWORD=
@@ -110,7 +107,7 @@ DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
 
 
 # run the docker stack.
-export GHOST_IMAGE="ghost:5.18.0"
+export GHOST_IMAGE="ghost:5.20.0"
 
 # TODO switch to mysql. May require intricate export work. THIS MUST BE COMPLETED BEFORE v1 RELEASE
 #https://forum.ghost.org/t/how-to-migrate-from-mariadb-10-to-mysql-8/29575

deploy.sh

@@ -29,16 +29,15 @@ VPS_HOSTING_TARGET=lxd
 RUN_CERT_RENEWAL=false
 RESTORE_WWW=false
 BACKUP_CERTS=true
-BACKUP_APPS=true
+BACKUP_APPS=false
 BACKUP_BTCPAY=false
 RESTORE_BTCPAY=false
 MIGRATE_WWW=false
 MIGRATE_BTCPAY=false
-USER_SKIP_WWW=false
-USER_SKIP_BTCPAY=false
+SKIP_WWW=false
+SKIP_BTCPAY=false
 UPDATE_BTCPAY=false
 RECONFIGURE_BTCPAY_SERVER=false
-DEPLOY_BTCPAY_SERVER=true
 CLUSTER_NAME="$(lxc remote get-default)"
 STOP_SERVICES=false
 
@@ -82,11 +81,11 @@ for i in "$@"; do
             shift
         ;;
         --skip-www)
-            USER_SKIP_WWW=true
+            SKIP_WWW=true
             shift
         ;;
         --skip-btcpay)
-            USER_SKIP_BTCPAY=true
+            SKIP_BTCPAY=true
             shift
         ;;
         --backup-ghost)
@@ -122,6 +121,7 @@ for i in "$@"; do
     esac
 done
 
+
 # set up our default paths.
 source ./defaults.sh
 
@@ -134,7 +134,7 @@ export STOP_SERVICES="$STOP_SERVICES"
 export BACKUP_CERTS="$BACKUP_CERTS"
 export BACKUP_APPS="$BACKUP_APPS"
 export RESTORE_BTCPAY="$RESTORE_BTCPAY"
-export BACKUP_BTCPAY="$RESTORE_BTCPAY"
+export BACKUP_BTCPAY="$BACKUP_BTCPAY"
 export MIGRATE_WWW="$MIGRATE_WWW"
 export MIGRATE_BTCPAY="$MIGRATE_BTCPAY"
 export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
@@ -283,10 +283,13 @@ function instantiate_vms {
         DDNS_HOST=
         MIGRATE_VPS=false
         if [ "$VIRTUAL_MACHINE" = www ]; then
-            if [ "$DEPLOY_WWW_SERVER" = false ] || [ "$USER_SKIP_WWW" = true ]; then
+            echo "GOT HERE!!!"
+            if [ "$SKIP_WWW" = true ]; then
                 continue
             fi
 
+            echo "AND HERE"
+            exit 1
             VPS_HOSTNAME="$WWW_HOSTNAME"
             MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS"
             DDNS_HOST="$WWW_HOSTNAME"
@@ -294,11 +297,7 @@ function instantiate_vms {
             if [ "$MIGRATE_WWW" = true ]; then
                 MIGRATE_VPS=true
             fi
-        elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$USER_SKIP_BTCPAY" = true ]; then
-            if [ "$DEPLOY_BTCPAY_SERVER" = false ]; then
-                continue
-            fi
-
+        elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then
             DDNS_HOST="$BTCPAY_HOSTNAME"
             VPS_HOSTNAME="$BTCPAY_HOSTNAME"
             MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS"
@@ -470,9 +469,7 @@ function stub_project_definition {
 
 # see https://www.sovereign-stack.org/project-definition for more info.
 
-export DEPLOY_WWW_SERVER=true
 export WWW_SERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
-export DEPLOY_BTCPAY_SERVER=true
 export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
 # export BTC_CHAIN=mainnet
 export PRIMARY_DOMAIN="CHANGE_ME"

deployment/btcpayserver/backup_btcpay.sh

@@ -7,6 +7,10 @@ cd "$(dirname "$0")"
 # the script executed here from the BTCPAY repo will automatically take services down
 # and bring them back up.
 
+echo "INFO!!!!!!!!!!! IN BTCPAY BACKUP SCRIPT."
+sleep 4
+
+
 ssh "$FQDN" "mkdir -p $REMOTE_HOME/backups; cd $REMOTE_HOME/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_HOME bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
 
 # TODO enable encrypted archives
@@ -19,4 +23,11 @@ ssh "$FQDN" "cd $REMOTE_HOME/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_HOME BTCPAY_DO
 ssh "$FQDN" "sudo cp /var/lib/docker/volumes/backup_datadir/_data/backup.tar.gz $REMOTE_HOME/backups/btcpay.tar.gz"
 ssh "$FQDN" "sudo chown ubuntu:ubuntu $REMOTE_HOME/backups/btcpay.tar.gz"
 
-scp "$FQDN:$REMOTE_HOME/backups/btcpay.tar.gz" "$LOCAL_BACKUP_PATH/$1.tar.gz"
+
+
+LOCAL_BACKUP_PATH="$SITE_PATH/backups/btcpayserver/$BACKUP_TIMESTAMP"
+mkdir -p "$LOCAL_BACKUP_PATH"
+scp "$FQDN:$REMOTE_HOME/backups/btcpay.tar.gz" "$LOCAL_BACKUP_PATH/$UNIX_BACKUP_TIMESTAMP.tar.gz"
+
+sleep 5
+echo "EXITING SCRIPT"

deployment/btcpayserver/bashrc

@@ -1,2 +0,0 @@
-# we append this text to the btcpay server /home/ubuntu/.bashrc so
-# logged in users have more common access to the variou

deployment/btcpayserver/bashrc.txt

@@ -0,0 +1,6 @@
+# we append this text to the btcpay server /home/ubuntu/.bashrc so
+# logged in users have more common access to the variou
+
+alias bitcoin-cli="bitcoin-cli.sh $@"
+alias lightning-cli="bitcoin-lightning-cli.sh $@"
+

deployment/btcpayserver/go.sh

@@ -46,7 +46,7 @@ fi
 # if the script gets this far, then we grab a regular backup.
 if [ "$BACKUP_BTCPAY"  = true ]; then
     # we just grab a regular backup
-    ./backup.sh "$UNIX_BACKUP_TIMESTAMP"
+    ./backup_btcpay.sh
 fi
 
 if [ "$RUN_SERVICES" = true ]; then

deployment/btcpayserver/stub_btcpay_setup.sh

@@ -41,23 +41,8 @@ export BTCPAYGEN_ADDITIONAL_FRAGMENTS="opt-save-storage-s;opt-add-btctransmuter;
 export BTCPAYGEN_REVERSEPROXY="nginx"
 export BTCPAY_ENABLE_SSH=false
 export BTCPAY_BASE_DIRECTORY=${REMOTE_HOME}
-
-EOL
-
-# can add opt-add-tor-relay; in BTCPAYGEN_ADDITIONAL_FRAGMENTS
-if [ "$VPS_HOSTING_TARGET" = lxd ]; then
-cat >> "$SITE_PATH/btcpay.sh" <<EOL
 export BTCPAYGEN_EXCLUDE_FRAGMENTS="nginx-https"
 export REVERSEPROXY_DEFAULT_HOST="$BTCPAY_USER_FQDN"
-EOL
-elif [ "$VPS_HOSTING_TARGET" = aws ]; then
-cat >> "$SITE_PATH/btcpay.sh" <<EOL
-export BTCPAY_ADDITIONAL_HOSTS="${BTCPAY_ADDITIONAL_HOSTNAMES}"
-export LETSENCRYPT_EMAIL="${CERTIFICATE_EMAIL_ADDRESS}"
-EOL
-fi
-
-cat >> "$SITE_PATH/btcpay.sh" <<EOL
 
 if [ "\$NBITCOIN_NETWORK" != regtest ]; then
     # run fast_sync if it's not been done before.
@@ -74,6 +59,11 @@ fi
 
 EOL
 
+# send an updated ~/.bashrc so we have quicker access to cli tools
+scp ./bashrc.txt "ubuntu@$FQDN:$REMOTE_HOME/.bashrc"
+ssh "$BTCPAY_FQDN" "chown ubuntu:ubuntu $REMOTE_HOME/.bashrc"
+ssh "$BTCPAY_FQDN" "chmod 0664 $REMOTE_HOME/.bashrc"
+
 # send the setup script to the remote machine.
 scp "$SITE_PATH/btcpay.sh" "ubuntu@$FQDN:$REMOTE_HOME/btcpay_setup.sh"
 ssh "$BTCPAY_FQDN" "chmod 0744 $REMOTE_HOME/btcpay_setup.sh"

deployment/www/stub/nginx_config.sh

@@ -115,12 +115,8 @@ EOL
 EOL
     fi
 
-    # REDIRECT FOR BTCPAY_USER_FQDN
-    if [ "$VPS_HOSTING_TARGET" = lxd ]; then
-        # gitea http to https redirect.
-        if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
-        
-        cat >>"$NGINX_CONF_PATH" <<EOL
+    # BTCPAY server http->https redirect
+    cat >>"$NGINX_CONF_PATH" <<EOL
     # http://${BTCPAY_USER_FQDN} redirect to https://${BTCPAY_USER_FQDN}
     server {
         listen 80;
@@ -131,10 +127,6 @@ EOL
 
 EOL
 
-        fi
-    fi
-    
-    
     if [ "$iteration" = 0 ]; then
         # TLS config for ghost.
         cat >>"$NGINX_CONF_PATH" <<EOL
@@ -219,12 +211,8 @@ EOL
 
 EOL
 
-    # SERVER block for BTCPAY Server
-    if [ "$VPS_HOSTING_TARGET" = lxd ]; then
-        if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
-        
-            cat >>"$NGINX_CONF_PATH" <<EOL
-    # http://${BTCPAY_USER_FQDN} redirect to https://${BTCPAY_USER_FQDN}
+    cat >>"$NGINX_CONF_PATH" <<EOL
+    # https server block for https://${BTCPAY_USER_FQDN}
     server {
         listen 443 ssl http2;
 
@@ -250,10 +238,6 @@ EOL
 
 EOL
 
-        fi
-    fi
-
-
     echo "    # set up cache paths for nginx caching" >>"$NGINX_CONF_PATH"
     for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
         STACK_NAME="$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"

install.sh

@@ -33,7 +33,7 @@ fi
 # install lxd as a snap if it's not installed. We only really use the client part of this package
 # on the management machine.
 if ! snap list | grep -q lxd; then
-    sudo snap install lxd
+    sudo snap install lxd --candidate
 fi
 
 # TODO WORK ON GETTING RID OF THIS DEPENDENCY