ss/sovereign-stack
ss/sovereign-stack
1
1
Fork 1
Code Releases Activity

Compare commits

base: ss:08235de7983b55e1dce036c8b7e0a0e3dbd79038
Branches Tags
ss:incus
ss:master
ss:23.08
ss:v0.1.1
ss:v0.1.0
ss:v0.0.24
ss:v0.0.22
ss:v0.0.21
ss:v0.0.20
ss:list
ss:v0.0.19
ss:v0.0.18
ss:v0.0.17
ss:v0.0.16
ss:v0.0.15
..
compare: ss:0b38d6d63542d8773c546c8223d02402e74a4483
Branches Tags
ss:incus
ss:master
ss:23.08
ss:v0.1.1
ss:v0.1.0
ss:v0.0.24
ss:v0.0.22
ss:v0.0.21
ss:v0.0.20
ss:list
ss:v0.0.19
ss:v0.0.18
ss:v0.0.17
ss:v0.0.16
ss:v0.0.15

No commits in common. "08235de7983b55e1dce036c8b7e0a0e3dbd79038" and "0b38d6d63542d8773c546c8223d02402e74a4483" have entirely different histories.
08235de798 ... 0b38d6d635

17 changed files with 133 additions and 341 deletions
Show Stats Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -1,3 +0,0 @@
[submodule "deployment/project/clams-server"]
path = deployment/project/clams-server
url = https://github.com/farscapian/roygbiv-stack

21
deployment/deploy_vm.sh
View File

@ -25,7 +25,7 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
# create a base image if needed and instantiate a VM. # create a base image if needed and instantiate a VM.
if [ -z "$MAC_ADDRESS_TO_PROVISION" ]; then if [ -z "$MAC_ADDRESS_TO_PROVISION" ]; then
echo "ERROR: You MUST define a MAC Address for all your machines in your project definition." echo "ERROR: You MUST define a MAC Address for all your machines by setting WWW_SERVER_MAC_ADDRESS, BTCPAYSERVER_MAC_ADDRESS in your site definition."
echo "INFO: IMPORTANT! You MUST have DHCP Reservations for these MAC addresses. You also need records established the DNS." echo "INFO: IMPORTANT! You MUST have DHCP Reservations for these MAC addresses. You also need records established the DNS."
exit 1 exit 1
fi fi
@ -36,10 +36,6 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
SSDATA_DISK_SIZE_GB= SSDATA_DISK_SIZE_GB=
DOCKER_DISK_SIZE_GB= DOCKER_DISK_SIZE_GB=
if [ "$VIRTUAL_MACHINE" = www ]; then if [ "$VIRTUAL_MACHINE" = www ]; then
if [ "$SKIP_WWW" = true ]; then
exit 0
fi
VM_ID="w" VM_ID="w"
BACKUP_DISK_SIZE_GB="$WWW_BACKUP_DISK_SIZE_GB" BACKUP_DISK_SIZE_GB="$WWW_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB" SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"
@ -47,26 +43,11 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
fi fi
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
if [ "$SKIP_BTCPAYSERVER" = true ]; then
exit 0
fi
VM_ID="b" VM_ID="b"
BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB" BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB" SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB" DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
fi fi
if [ "$VIRTUAL_MACHINE" = clamsserver ]; then
if [ "$SKIP_CLAMSSERVER" = true ]; then
exit 0
fi
VM_ID="c"
BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
fi
DOCKER_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""d" DOCKER_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""d"
if ! lxc storage volume list ss-base | grep -q "$DOCKER_VOLUME_NAME"; then if ! lxc storage volume list ss-base | grep -q "$DOCKER_VOLUME_NAME"; then

10
deployment/deployment_defaults.sh
View File

@ -32,17 +32,13 @@ export BTCPAYSERVER_SSDATA_DISK_SIZE_GB=20
export BTCPAYSERVER_BACKUP_DISK_SIZE_GB=20 export BTCPAYSERVER_BACKUP_DISK_SIZE_GB=20
export BTCPAYSERVER_DOCKER_DISK_SIZE_GB=30 export BTCPAYSERVER_DOCKER_DISK_SIZE_GB=30
export CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
export CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
export CLAMSSERVER_DOCKER_DISK_SIZE_GB=100
export WWW_HOSTNAME="www" export WWW_HOSTNAME="www"
export BTCPAY_SERVER_HOSTNAME="btcpayserver" export BTCPAY_HOSTNAME="btcpayserver"
export CLAMS_SERVER_HOSTNAME="clamsserver"
export BTCPAY_HOSTNAME_IN_CERT="btcpay" export BTCPAY_HOSTNAME_IN_CERT="btcpay"
export NEXTCLOUD_HOSTNAME="nextcloud" export NEXTCLOUD_HOSTNAME="nextcloud"
export GITEA_HOSTNAME="git" export GITEA_HOSTNAME="git"
export NOSTR_HOSTNAME="relay" export NOSTR_HOSTNAME="relay"
export CLAMS_HOSTNAME="clams"
export REGISTRY_URL="https://index.docker.io/v1" export REGISTRY_URL="https://index.docker.io/v1"
@ -51,6 +47,4 @@ export BTCPAY_SERVER_CPU_COUNT="4"
export BTCPAY_SERVER_MEMORY_MB="4096" export BTCPAY_SERVER_MEMORY_MB="4096"
export WWW_SERVER_CPU_COUNT="4" export WWW_SERVER_CPU_COUNT="4"
export WWW_SERVER_MEMORY_MB="4096" export WWW_SERVER_MEMORY_MB="4096"
export CLAMS_SERVER_CPU_COUNT="4"
export CLAMS_SERVER_MEMORY_MB="4096"
export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io" export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"

16
deployment/domain_list.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
# the DOMAIN_LIST is a complete list of all our domains. We often iterate over this list.
DOMAIN_LIST="${PRIMARY_DOMAIN}"
if [ -n "$OTHER_SITES_LIST" ]; then
DOMAIN_LIST="${DOMAIN_LIST},${OTHER_SITES_LIST}"
fi
export DOMAIN_LIST="$DOMAIN_LIST"
export DOMAIN_COUNT=$(("$(echo "$DOMAIN_LIST" | tr -cd , | wc -c)"+1))
export OTHER_SITES_LIST="$OTHER_SITES_LIST"
export PRIMARY_WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
export BTCPAY_SERVER_FQDN="$BTCPAY_SERVER_HOSTNAME.$DOMAIN_NAME"
export CLAMS_SERVER_FQDN="$CLAMS_SERVER_HOSTNAME.$DOMAIN_NAME"

51
deployment/down.sh
View File

@ -11,30 +11,14 @@ if lxc remote get-default -q | grep -q "local"; then
fi fi
KEEP_DOCKER_VOLUME=true KEEP_DOCKER_VOLUME=true
OTHER_SITES_LIST=
SKIP_BTCPAYSERVER=false
SKIP_WWW=false
SKIP_CLAMSSERVER=false
# grab any modifications from the command line. # grab any modifications from the command line.
for i in "$@"; do for i in "$@"; do
case $i in case $i in
--purge) --destroy)
KEEP_DOCKER_VOLUME=false KEEP_DOCKER_VOLUME=false
shift shift
;; ;;
--skip-btcpayserver)
SKIP_BTCPAYSERVER=true
shift
;;
--skip-wwwserver)
SKIP_WWW=true
shift
;;
--skip-clamsserver)
SKIP_CLAMSSERVER=true
shift
;;
*) *)
echo "Unexpected option: $1" echo "Unexpected option: $1"
exit 1 exit 1
@ -42,19 +26,6 @@ for i in "$@"; do
esac esac
done done
SERVERS=
if [ "$SKIP_BTCPAYSERVER" = false ]; then
SERVERS="btcpayserver"
fi
if [ "$SKIP_WWW" = false ]; then
SERVERS="www $SERVERS"
fi
if [ "$SKIP_CLAMSSERVER" = false ]; then
SERVERS="clamsserver $SERVERS"
fi
. ./deployment_defaults.sh . ./deployment_defaults.sh
. ./remote_env.sh . ./remote_env.sh
@ -68,14 +39,12 @@ export SITE_PATH="$SITES_PATH/$PRIMARY_DOMAIN"
source "$SITE_PATH/site.conf" source "$SITE_PATH/site.conf"
source ./project/domain_env.sh source ./project/domain_env.sh
source ./domain_list.sh SKIP=btcpayserver
for VIRTUAL_MACHINE in www btcpayserver; do
for VIRTUAL_MACHINE in $SERVERS; do
LXD_NAME="$VIRTUAL_MACHINE-${PRIMARY_DOMAIN//./-}" LXD_NAME="$VIRTUAL_MACHINE-${PRIMARY_DOMAIN//./-}"
if lxc list | grep -q "$LXD_NAME"; then if lxc list | grep -q "$LXD_NAME"; then
bash -c "./stop.sh --server=$VIRTUAL_MACHINE" bash -c "./up.sh --stop --skip-$SKIP"
lxc stop "$LXD_NAME" lxc stop "$LXD_NAME"
@ -94,8 +63,6 @@ for VIRTUAL_MACHINE in $SERVERS; do
VM_ID=w VM_ID=w
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
VM_ID="b" VM_ID="b"
elif [ "$VIRTUAL_MACHINE" = clamsserver ]; then
VM_ID="c"
fi fi
# d for docker; b for backup; s for ss-data # d for docker; b for backup; s for ss-data
@ -110,13 +77,13 @@ for VIRTUAL_MACHINE in $SERVERS; do
fi fi
fi fi
done done
else
# we maintain the volumes
# TODO make a snapshot on all the zfs storage volumes.
echo "TODO: create snapshot of ZFS volumes and pull them to mgmt machine."
fi fi
SKIP=www
done done
if lxc network list -q | grep -q ss-ovn; then if lxc network list -q | grep -q ss-ovn; then
lxc network delete ss-ovn lxc network delete ss-ovn
fi fi
# TODO make a snapshot on all the zfs storage volumes.

3
deployment/help.txt
View File

@ -6,10 +6,11 @@ You are in the Sovereign Stack Management Environment (SSME). From here, you can
ss-up - Instantiate a deployment to your active project according to your ss-up - Instantiate a deployment to your active project according to your
various remote.conf, project.conf, and site.conf files. various remote.conf, project.conf, and site.conf files.
ss-down - Reverses ss-up. Takes the active project down. Non-destructive of user data, ss-down - Reverses ss-up. Takes the active project down. Non-destructive of user data,
unless you provide the --purge flag. unless you provide the --destroy flag.
ss-update - This is just ss-down then ss-up. ss-update - This is just ss-down then ss-up.
ss-show - show the lxd resources associated with the current remote. ss-show - show the lxd resources associated with the current remote.
For more infomation about all these topics, consult the Sovereign Stack website starting with: For more infomation about all these topics, consult the Sovereign Stack website starting with:
- https://www.sovereign-stack.org/tag/deployment-management/ - https://www.sovereign-stack.org/tag/deployment-management/

4
deployment/project_env.sh
View File

@ -49,7 +49,3 @@ export WWW_DOCKER_DISK_SIZE_GB="$WWW_DOCKER_DISK_SIZE_GB"
export BTCPAYSERVER_SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB" export BTCPAYSERVER_SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
export BTCPAYSERVER_BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB" export BTCPAYSERVER_BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
export BTCPAYSERVER_DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB" export BTCPAYSERVER_DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
export CLAMSSERVER_SSDATA_DISK_SIZE_GB="$CLAMSSERVER_SSDATA_DISK_SIZE_GB"
export CLAMSSERVER_BACKUP_DISK_SIZE_GB="$CLAMSSERVER_BACKUP_DISK_SIZE_GB"
export CLAMSSERVER_DOCKER_DISK_SIZE_GB="$CLAMSSERVER_DOCKER_DISK_SIZE_GB"

2
deployment/remote.sh
View File

@ -148,7 +148,7 @@ fi
# install dependencies. # install dependencies.
ssh -t "ubuntu@$FQDN" 'sudo apt update && sudo apt upgrade -y && sudo apt install htop dnsutils nano -y' ssh -t "ubuntu@$FQDN" 'sudo apt update && sudo apt upgrade -y && sudo apt install htop dnsutils nano -y'
if ! ssh "ubuntu@$FQDN" snap list | grep -q lxd; then if ! ssh "ubuntu@$FQDN" snap list | grep -q lxd; then
ssh -t "ubuntu@$FQDN" 'sudo snap install lxd --channel=5.16/stable' ssh -t "ubuntu@$FQDN" 'sudo snap install lxd --channel=latest/candidate'
sleep 5 sleep 5
fi fi

8
deployment/remote_env.sh
View File

@ -65,10 +65,6 @@ for PROJECT_CHAIN in ${DEPLOYMENT_STRING//,/ }; do
BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30 BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30
BTCPAYSERVER_DOCKER_DISK_SIZE_GB=100 BTCPAYSERVER_DOCKER_DISK_SIZE_GB=100
CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
CLAMSSERVER_DOCKER_DISK_SIZE_GB=20
elif [ "$BITCOIN_CHAIN" = mainnet ]; then elif [ "$BITCOIN_CHAIN" = mainnet ]; then
WWW_SSDATA_DISK_SIZE_GB=40 WWW_SSDATA_DISK_SIZE_GB=40
@ -79,10 +75,6 @@ for PROJECT_CHAIN in ${DEPLOYMENT_STRING//,/ }; do
BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30 BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30
BTCPAYSERVER_DOCKER_DISK_SIZE_GB=500 BTCPAYSERVER_DOCKER_DISK_SIZE_GB=500
CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
CLAMSSERVER_DOCKER_DISK_SIZE_GB=400
fi fi
export WWW_SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB" export WWW_SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"

61
deployment/stop.sh
View File

@ -1,61 +0,0 @@
#!/bin/bash
# https://www.sovereign-stack.org/ss-down/
set -eu
cd "$(dirname "$0")"
if lxc remote get-default -q | grep -q "local"; then
echo "ERROR: you are on the local lxc remote. Nothing to take down"
exit 1
fi
SERVER_TO_STOP=
OTHER_SITES_LIST=
# grab any modifications from the command line.
for i in "$@"; do
case $i in
--server=*)
SERVER_TO_STOP="${i#*=}"
shift
;;
*)
echo "Unexpected option: $1"
exit 1
;;
esac
done
if [ -z "$SERVER_TO_STOP" ]; then
echo "ERROR: you MUST specify a server to stop with '--server=www' for example."
exit 1
fi
. ./deployment_defaults.sh
. ./remote_env.sh
. ./project_env.sh
# let's bring down services on the remote deployment if necessary.
export DOMAIN_NAME="$PRIMARY_DOMAIN"
export SITE_PATH="$SITES_PATH/$PRIMARY_DOMAIN"
source "$SITE_PATH/site.conf"
source ./project/domain_env.sh
source ./domain_list.sh
if [ "$SERVER_TO_STOP" = www ]; then
DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN" ./project/www/stop_docker_stacks.sh
fi
if [ "$SERVER_TO_STOP" = btcpayserver ]; then
ssh "$BTCPAY_SERVER_FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
fi
if [ "$SERVER_TO_STOP" = clamsserver ]; then
DOCKER_HOST="ssh://ubuntu@$CLAMS_SERVER_FQDN" ./project/clams-server/down.sh
fi

33
deployment/stub_lxc_profile.sh
View File

@ -73,13 +73,6 @@ if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
EOF EOF
elif [ "$VIRTUAL_MACHINE" = clamsserver ]; then
cat >> "$YAML_PATH" <<EOF
limits.cpu: "${CLAMS_SERVER_CPU_COUNT}"
limits.memory: "${CLAMS_SERVER_MEMORY_MB}MB"
EOF
fi fi
. ./target.sh . ./target.sh
@ -216,29 +209,14 @@ if [ "$VIRTUAL_MACHINE" != base ]; then
match: match:
macaddress: ${MAC_ADDRESS_TO_PROVISION} macaddress: ${MAC_ADDRESS_TO_PROVISION}
set-name: enp5s0 set-name: enp5s0
EOF
fi
# TODO try to get DHCP working reliably.
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0: enp6s0:
addresses: dhcp4: true
- 10.10.10.66/24
EOF EOF
fi fi
if [ "$VIRTUAL_MACHINE" = www ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0:
addresses:
- 10.10.10.65/24
EOF
fi
# All profiles get a root disk and cloud-init config. # All profiles get a root disk and cloud-init config.
cat >> "$YAML_PATH" <<EOF cat >> "$YAML_PATH" <<EOF
description: Default LXD profile for ${FILENAME} description: Default LXD profile for ${FILENAME}
@ -284,18 +262,11 @@ else
nictype: macvlan nictype: macvlan
parent: ${DATA_PLANE_MACVLAN_INTERFACE} parent: ${DATA_PLANE_MACVLAN_INTERFACE}
type: nic type: nic
EOF
if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0: enp6s0:
name: enp6s0 name: enp6s0
network: ss-ovn network: ss-ovn
type: nic type: nic
EOF
fi
cat >> "$YAML_PATH" <<EOF
name: ${PRIMARY_DOMAIN} name: ${PRIMARY_DOMAIN}
EOF EOF

190
deployment/up.sh
View File

@ -38,22 +38,22 @@ OTHER_SITES_LIST=
PRIMARY_DOMAIN= PRIMARY_DOMAIN=
RUN_CERT_RENEWAL=true RUN_CERT_RENEWAL=true
SKIP_BASE_IMAGE_CREATION=false SKIP_BASE_IMAGE_CREATION=false
RESTORE_CERTS=false
BACKUP_CERTS=true
BACKUP_BTCPAY=true
SKIP_BTCPAYSERVER=false
SKIP_WWW=false SKIP_WWW=false
SKIP_CLAMSSERVER=false RESTORE_WWW=false
BACKUP_WWW_APPS=true RESTORE_CERTS=false
BACKUP_BTCPAY_ARCHIVE_PATH= BACKUP_CERTS=false
BACKUP_BTCPAY=false
BACKUP_CERTS=false
BACKUP_APPS=false
BACKUP_BTCPAY=false
BACKUP_BTCPAY_ARCHIVE_PATH=
RESTORE_BTCPAY=false RESTORE_BTCPAY=false
SKIP_BTCPAY=false
UPDATE_BTCPAY=false UPDATE_BTCPAY=false
REMOTE_NAME="$(lxc remote get-default)" REMOTE_NAME="$(lxc remote get-default)"
STOP_SERVICES=false
USER_SAYS_YES=false USER_SAYS_YES=false
RESTART_FRONT_END=true
WWW_SERVER_MAC_ADDRESS=
BTCPAY_SERVER_MAC_ADDRESS=
CLAMS_SERVER_MAC_ADDRESS=
# grab any modifications from the command line. # grab any modifications from the command line.
for i in "$@"; do for i in "$@"; do
@ -62,26 +62,30 @@ for i in "$@"; do
RESTORE_CERTS=true RESTORE_CERTS=true
shift shift
;; ;;
--restore-www)
RESTORE_WWW=true
RESTORE_CERTS=true
shift
;;
--restore-btcpay) --restore-btcpay)
RESTORE_BTCPAY=true RESTORE_BTCPAY=true
shift shift
;; ;;
--skip-btcpayserver) --backup-www)
SKIP_BTCPAYSERVER=true BACKUP_CERTS=true
shift BACKUP_APPS=true
;;
--skip-wwwserver)
SKIP_WWW=true
shift
;;
--skip-clamsserver)
SKIP_CLAMSSERVER=true
shift shift
;; ;;
--backup-btcpayserver) --backup-btcpayserver)
BACKUP_BTCPAY=true BACKUP_BTCPAY=true
shift shift
;; ;;
--stop)
STOP_SERVICES=true
RESTART_FRONT_END=false
shift
;;
--backup-archive-path=*) --backup-archive-path=*)
BACKUP_BTCPAY_ARCHIVE_PATH="${i#*=}" BACKUP_BTCPAY_ARCHIVE_PATH="${i#*=}"
shift shift
@ -90,6 +94,14 @@ for i in "$@"; do
UPDATE_BTCPAY=true UPDATE_BTCPAY=true
shift shift
;; ;;
--skip-www)
SKIP_WWW=true
shift
;;
--skip-btcpayserver)
SKIP_BTCPAY=true
shift
;;
--skip-base-image) --skip-base-image)
SKIP_BASE_IMAGE_CREATION=true SKIP_BASE_IMAGE_CREATION=true
shift shift
@ -122,7 +134,10 @@ fi
. ./remote_env.sh . ./remote_env.sh
export REGISTRY_DOCKER_IMAGE="registry:2" export REGISTRY_DOCKER_IMAGE="registry:2"
export RESTORE_WWW="$RESTORE_WWW"
export STOP_SERVICES="$STOP_SERVICES"
export BACKUP_CERTS="$BACKUP_CERTS" export BACKUP_CERTS="$BACKUP_CERTS"
export BACKUP_APPS="$BACKUP_APPS"
export RESTORE_BTCPAY="$RESTORE_BTCPAY" export RESTORE_BTCPAY="$RESTORE_BTCPAY"
export BACKUP_BTCPAY="$BACKUP_BTCPAY" export BACKUP_BTCPAY="$BACKUP_BTCPAY"
export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL" export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
@ -130,8 +145,8 @@ export REMOTE_NAME="$REMOTE_NAME"
export REMOTE_PATH="$REMOTES_PATH/$REMOTE_NAME" export REMOTE_PATH="$REMOTES_PATH/$REMOTE_NAME"
export USER_SAYS_YES="$USER_SAYS_YES" export USER_SAYS_YES="$USER_SAYS_YES"
export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH" export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
export RESTART_FRONT_END="$RESTART_FRONT_END"
export RESTORE_CERTS="$RESTORE_CERTS" export RESTORE_CERTS="$RESTORE_CERTS"
export BACKUP_WWW_APPS="$BACKUP_WWW_APPS"
# todo convert this to Trezor-T # todo convert this to Trezor-T
SSH_PUBKEY_PATH="$SSH_HOME/id_rsa.pub" SSH_PUBKEY_PATH="$SSH_HOME/id_rsa.pub"
@ -156,6 +171,7 @@ function new_pass {
gpg --gen-random --armor 1 25 gpg --gen-random --armor 1 25
} }
function stub_site_definition { function stub_site_definition {
mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites" mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites"
@ -179,7 +195,7 @@ DOMAIN_NAME="${DOMAIN_NAME}"
SITE_LANGUAGE_CODES="en" SITE_LANGUAGE_CODES="en"
DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)" DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
DEPLOY_GHOST=true DEPLOY_GHOST=true
DEPLOY_CLAMS=false
DEPLOY_NEXTCLOUD=false DEPLOY_NEXTCLOUD=false
DEPLOY_NOSTR=false DEPLOY_NOSTR=false
NOSTR_ACCOUNT_PUBKEY= NOSTR_ACCOUNT_PUBKEY=
@ -191,12 +207,6 @@ NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
GITEA_MYSQL_PASSWORD="$(new_pass)" GITEA_MYSQL_PASSWORD="$(new_pass)"
GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)" GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
#GHOST_DEPLOY_SMTP=true
#MAILGUN_FROM_ADDRESS=false
#MAILGUN_SMTP_USERNAME=
#MAILGUN_SMTP_PASSWORD=
EOL EOL
chmod 0744 "$SITE_DEFINITION_PATH" chmod 0744 "$SITE_DEFINITION_PATH"
@ -211,10 +221,6 @@ EOL
PROJECT_NAME="$(lxc info | grep "project:" | awk '{print $2}')" PROJECT_NAME="$(lxc info | grep "project:" | awk '{print $2}')"
export PROJECT_NAME="$PROJECT_NAME" export PROJECT_NAME="$PROJECT_NAME"
export PROJECT_PATH="$PROJECTS_PATH/$PROJECT_NAME" export PROJECT_PATH="$PROJECTS_PATH/$PROJECT_NAME"
export SKIP_BTCPAYSERVER="$SKIP_BTCPAYSERVER"
export SKIP_WWW="$SKIP_WWW"
export SKIP_CLAMSSERVER="$SKIP_CLAMSSERVER"
mkdir -p "$PROJECT_PATH" "$REMOTE_PATH/projects" mkdir -p "$PROJECT_PATH" "$REMOTE_PATH/projects"
@ -240,15 +246,10 @@ WWW_SERVER_MAC_ADDRESS=
# WWW_SERVER_CPU_COUNT="6" # WWW_SERVER_CPU_COUNT="6"
# WWW_SERVER_MEMORY_MB="4096" # WWW_SERVER_MEMORY_MB="4096"
BTCPAY_SERVER_MAC_ADDRESS= BTCPAYSERVER_MAC_ADDRESS=
# BTCPAY_SERVER_CPU_COUNT="4" # BTCPAY_SERVER_CPU_COUNT="4"
# BTCPAY_SERVER_MEMORY_MB="4096" # BTCPAY_SERVER_MEMORY_MB="4096"
CLAMS_SERVER_MAC_ADDRESS=
# CLAMS_SERVER_CPU_COUNT="4"
# CLAMS_SERVER_MEMORY_MB="4096"
EOL EOL
chmod 0744 "$PROJECT_DEFINITION_PATH" chmod 0744 "$PROJECT_DEFINITION_PATH"
@ -266,25 +267,30 @@ if [ -z "$PRIMARY_DOMAIN" ]; then
fi fi
if [ -z "$WWW_SERVER_MAC_ADDRESS" ]; then if [ -z "$WWW_SERVER_MAC_ADDRESS" ]; then
echo "WARNING: the WWW_SERVER_MAC_ADDRESS is not specified. Check your project.conf." echo "ERROR: the WWW_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
exit 1
fi fi
if [ -z "$BTCPAY_SERVER_MAC_ADDRESS" ]; then if [ -z "$BTCPAYSERVER_MAC_ADDRESS" ]; then
echo "WARNING: the BTCPAY_SERVER_MAC_ADDRESS is not specified. Check your project.conf." echo "ERROR: the BTCPAYSERVER_MAC_ADDRESS is not specified. Check your project.conf."
exit 1
fi fi
# the DOMAIN_LIST is a complete list of all our domains. We often iterate over this list.
if [ -z "$CLAMS_SERVER_MAC_ADDRESS" ]; then DOMAIN_LIST="${PRIMARY_DOMAIN}"
echo "WARNING: the CLAMS_SERVER_MAC_ADDRESS is not specified. Check your project.conf." if [ -n "$OTHER_SITES_LIST" ]; then
DOMAIN_LIST="${DOMAIN_LIST},${OTHER_SITES_LIST}"
fi fi
source ./domain_list.sh export DOMAIN_LIST="$DOMAIN_LIST"
export DOMAIN_COUNT=$(("$(echo "$DOMAIN_LIST" | tr -cd , | wc -c)"+1))
# let's provision our primary domain first. # let's provision our primary domain first.
export DOMAIN_NAME="$PRIMARY_DOMAIN" export DOMAIN_NAME="$PRIMARY_DOMAIN"
export PRIMARY_DOMAIN="$PRIMARY_DOMAIN" export PRIMARY_DOMAIN="$PRIMARY_DOMAIN"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME" export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
export PRIMARY_WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
stub_site_definition stub_site_definition
@ -304,17 +310,13 @@ if ! lxc image list --format csv | grep -q "$DOCKER_BASE_IMAGE_NAME"; then
fi fi
fi fi
for VIRTUAL_MACHINE in www btcpayserver clamsserver; do for VIRTUAL_MACHINE in www btcpayserver; do
if [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ -z "$BTCPAY_SERVER_MAC_ADDRESS" ]; then if [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ "$SKIP_BTCPAY" = true ]; then
continue continue
fi fi
if [ "$VIRTUAL_MACHINE" = clamsserver ] && [ -z "$CLAMS_SERVER_MAC_ADDRESS" ]; then if [ "$VIRTUAL_MACHINE" = www ] && [ "$SKIP_WWW" = true ]; then
continue
fi
if [ "$VIRTUAL_MACHINE" = www ] && [ -z "$WWW_SERVER_MAC_ADDRESS" ]; then
continue continue
fi fi
@ -363,20 +365,20 @@ for VIRTUAL_MACHINE in www btcpayserver clamsserver; do
export VPS_HOSTNAME="$VPS_HOSTNAME" export VPS_HOSTNAME="$VPS_HOSTNAME"
export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME" export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
if [ "$VIRTUAL_MACHINE" = www ] && [ -n "$WWW_SERVER_MAC_ADDRESS" ]; then if [ "$VIRTUAL_MACHINE" = www ]; then
if [ "$SKIP_WWW" = true ]; then
echo "INFO: Skipping WWW due to command line argument."
continue
fi
FQDN="$WWW_HOSTNAME.$DOMAIN_NAME" FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$WWW_HOSTNAME" VPS_HOSTNAME="$WWW_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS" MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS"
elif [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ -n "$BTCPAY_SERVER_MAC_ADDRESS" ]; then elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then
FQDN="$BTCPAY_SERVER_HOSTNAME.$DOMAIN_NAME" FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$BTCPAY_SERVER_HOSTNAME" VPS_HOSTNAME="$BTCPAY_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$BTCPAY_SERVER_MAC_ADDRESS" MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS"
elif [ "$VIRTUAL_MACHINE" = clamsserver ] && [ -n "$CLAMS_SERVER_MAC_ADDRESS" ]; then
FQDN="$CLAMS_SERVER_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$CLAMS_SERVER_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$CLAMS_SERVER_MAC_ADDRESS"
elif [ "$VIRTUAL_MACHINE" = "$BASE_IMAGE_VM_NAME" ]; then elif [ "$VIRTUAL_MACHINE" = "$BASE_IMAGE_VM_NAME" ]; then
export FQDN="$BASE_IMAGE_VM_NAME" export FQDN="$BASE_IMAGE_VM_NAME"
@ -392,6 +394,16 @@ for VIRTUAL_MACHINE in www btcpayserver clamsserver; do
./deploy_vm.sh ./deploy_vm.sh
if [ "$VIRTUAL_MACHINE" = www ]; then
# this tells our local docker client to target the remote endpoint via SSH
export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
# enable docker swarm mode so we can support docker stacks.
if docker info | grep -q "Swarm: inactive"; then
docker swarm init --advertise-addr enp6s0
fi
fi
done done
# let's stub out the rest of our site definitions, if any. # let's stub out the rest of our site definitions, if any.
@ -403,52 +415,14 @@ for DOMAIN_NAME in ${OTHER_SITES_LIST//,/ }; do
stub_site_definition stub_site_definition
done done
if [ "$SKIP_BTCPAYSERVER" = false ]; then
if [ -n "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
export DOCKER_HOST="ssh://ubuntu@$BTCPAY_SERVER_FQDN"
./project/btcpayserver/go.sh
fi
fi
# now let's run the www and btcpay-specific provisioning scripts.
if [ "$SKIP_WWW" = false ]; then if [ "$SKIP_WWW" = false ]; then
# now let's run the www and btcpay-specific provisioning scripts. ./project/www/go.sh
if [ -n "$WWW_SERVER_MAC_ADDRESS" ]; then
export DOCKER_HOST="ssh://ubuntu@$WWW_FQDN"
# enable docker swarm mode so we can support docker stacks.
if docker info | grep -q "Swarm: inactive"; then
docker swarm init --advertise-addr enp6s0
fi
./project/www/go.sh
fi
fi fi
# don't run clams stuff if user specifies --skip-btcpayserver export DOMAIN_NAME="$PRIMARY_DOMAIN"
if [ "$SKIP_CLAMSSERVER" = false ]; then export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
# now let's run the www and btcpay-specific provisioning scripts. if [ "$SKIP_BTCPAY" = false ]; then
if [ -n "$CLAMS_SERVER_MAC_ADDRESS" ]; then ./project/btcpayserver/go.sh
export DOCKER_HOST="ssh://ubuntu@$CLAMS_SERVER_FQDN" fi
# enable docker swarm mode so we can support docker stacks.
if docker info | grep -q "Swarm: inactive"; then
docker swarm init
fi
# set the active env to our CLAMS_FQDN
cat >./project/clams-server/active_env.txt <<EOL
${CLAMS_SERVER_FQDN}
EOL
# and we have to set our environment file as well.
cat > ./project/clams-server/environments/"$CLAMS_SERVER_FQDN" <<EOL
DOCKER_HOST=ssh://ubuntu@${CLAMS_SERVER_FQDN}
DOMAIN_NAME=${PRIMARY_DOMAIN}
ENABLE_TLS=true
BTC_CHAIN=${BITCOIN_CHAIN}
CLN_COUNT=1
EOL
bash -c "./project/clams-server/up.sh -y"
fi
fi

12
deployment/update.sh
View File

@ -5,6 +5,18 @@ cd "$(dirname "$0")"
. ./target.sh . ./target.sh
# # As part of the install script, we pull down any other sovereign-stack git repos
# PROJECTS_SCRIPTS_REPO_URL="https://git.sovereign-stack.org/ss/project"
# PROJECTS_SCRIPTS_PATH="$(pwd)/deployment/project"
# if [ ! -d "$PROJECTS_SCRIPTS_PATH" ]; then
# git clone "$PROJECTS_SCRIPTS_REPO_URL" "$PROJECTS_SCRIPTS_PATH"
# else
# cd "$PROJECTS_SCRIPTS_PATH" || exit 1
# git -c advice.detachedHead=false pull origin main
# git checkout "$TARGET_PROJECT_GIT_COMMIT"
# cd - || exit 1
# fi
# check if there are any uncommited changes. It's dangerous to # check if there are any uncommited changes. It's dangerous to
# alter production systems when you have commits to make or changes to stash. # alter production systems when you have commits to make or changes to stash.
if git update-index --refresh | grep -q "needs update"; then if git update-index --refresh | grep -q "needs update"; then

52
install.sh
View File

@ -11,43 +11,15 @@ if [ "$(hostname)" = ss-mgmt ]; then
exit 1 exit 1
fi fi
DISK_OR_PARTITION= # the DISK variable here tells us which disk (partition) the admin wants to use for
DISK=loop # lxd resources. By default, we provision the disk under / as a loop device. Admin
# can override with CLI modifications.
# grab any modifications from the command line. DISK="rpool/lxd"
for i in "$@"; do
case $i in
--disk-or-partition=*)
DISK_OR_PARTITION="${i#*=}"
shift
;;
*)
echo "Unexpected option: $1"
exit 1
;;
esac
done
# ensure the iptables forward policy is set to ACCEPT so your host can act as a router
# Note this is necessary if docker is running (or has been previuosly installed) on the
# same host running LXD.
sudo iptables -F FORWARD
sudo iptables -P FORWARD ACCEPT
# if the user didn't specify the disk or partition, we create a loop device under
# the user's home directory. If the user does specify a disk or partition, we will
# create the ZFS pool there.
if [ -z "$DISK_OR_PARTITION" ]; then
DISK="$DISK_OR_PARTITION"
fi
export DISK="$DISK" export DISK="$DISK"
# install lxd snap and initialize it # install lxd snap and initialize it
if ! snap list | grep -q lxd; then if ! snap list | grep -q lxd; then
sudo snap install lxd --channel=5.16/stable sudo snap install lxd --channel=latest/candidate
sleep 5 sleep 5
# run lxd init # run lxd init
@ -247,3 +219,17 @@ fi
if [ "$ADDED_COMMAND" = true ]; then if [ "$ADDED_COMMAND" = true ]; then
echo "NOTICE! You need to run 'source ~/.bashrc' before continuing. After that, type 'ss-manage' to enter your management environment." echo "NOTICE! You need to run 'source ~/.bashrc' before continuing. After that, type 'ss-manage' to enter your management environment."
fi fi
. ./deployment/target.sh
# As part of the install script, we pull down any other sovereign-stack git repos
PROJECTS_SCRIPTS_REPO_URL="https://git.sovereign-stack.org/ss/project"
PROJECTS_SCRIPTS_PATH="$(pwd)/deployment/project"
if [ ! -d "$PROJECTS_SCRIPTS_PATH" ]; then
git clone "$PROJECTS_SCRIPTS_REPO_URL" "$PROJECTS_SCRIPTS_PATH"
else
cd "$PROJECTS_SCRIPTS_PATH"
git -c advice.detachedHead=false pull origin main
git checkout "$TARGET_PROJECT_GIT_COMMIT"
cd -
fi

2
manage.sh
View File

@ -2,7 +2,7 @@
# https://www.sovereign-stack.org/ss-manage/ # https://www.sovereign-stack.org/ss-manage/
set -eu set -exu
cd "$(dirname "$0")" cd "$(dirname "$0")"
# check to ensure dependencies are met. # check to ensure dependencies are met.

2
management/bash_aliases
View File

@ -6,8 +6,6 @@ alias ss-show='/home/ubuntu/sovereign-stack/deployment/show.sh $@'
alias ss-reset='/home/ubuntu/sovereign-stack/deployment/reset.sh $@' alias ss-reset='/home/ubuntu/sovereign-stack/deployment/reset.sh $@'
alias ss-update='/home/ubuntu/sovereign-stack/deployment/update.sh $@' alias ss-update='/home/ubuntu/sovereign-stack/deployment/update.sh $@'
alias ss-down='/home/ubuntu/sovereign-stack/deployment/down.sh $@' alias ss-down='/home/ubuntu/sovereign-stack/deployment/down.sh $@'
alias ss-stop='/home/ubuntu/sovereign-stack/deployment/stop.sh $@'
alias ss-start='/home/ubuntu/sovereign-stack/deployment/start.sh $@'
alias ss-help='cat /home/ubuntu/sovereign-stack/deployment/help.txt' alias ss-help='cat /home/ubuntu/sovereign-stack/deployment/help.txt'
alias ll='ls -lah' alias ll='ls -lah'

4
management/provision.sh
View File

@ -5,7 +5,7 @@ cd "$(dirname "$0")"
# NOTE! This script MUST be executed as root. # NOTE! This script MUST be executed as root.
sudo apt-get update sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg lsb-release jq bc sudo apt-get install -y ca-certificates curl gnupg lsb-release
sudo mkdir -m 0755 -p /etc/apt/keyrings sudo mkdir -m 0755 -p /etc/apt/keyrings
@ -35,7 +35,7 @@ sleep 10
# install snap # install snap
if ! snap list | grep -q lxd; then if ! snap list | grep -q lxd; then
sudo snap install htop sudo snap install htop
sudo snap install lxd --channel=5.16/stable sudo snap install lxd --channel=latest/candidate
sleep 6 sleep 6
# We just do an auto initialization. All we are using is the LXD client inside the management environment. # We just do an auto initialization. All we are using is the LXD client inside the management environment.