Compare commits
No commits in common. "08235de7983b55e1dce036c8b7e0a0e3dbd79038" and "0b38d6d63542d8773c546c8223d02402e74a4483" have entirely different histories.
08235de798
...
0b38d6d635
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -1,3 +0,0 @@
|
||||
[submodule "deployment/project/clams-server"]
|
||||
path = deployment/project/clams-server
|
||||
url = https://github.com/farscapian/roygbiv-stack
|
@ -25,7 +25,7 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
|
||||
|
||||
# create a base image if needed and instantiate a VM.
|
||||
if [ -z "$MAC_ADDRESS_TO_PROVISION" ]; then
|
||||
echo "ERROR: You MUST define a MAC Address for all your machines in your project definition."
|
||||
echo "ERROR: You MUST define a MAC Address for all your machines by setting WWW_SERVER_MAC_ADDRESS, BTCPAYSERVER_MAC_ADDRESS in your site definition."
|
||||
echo "INFO: IMPORTANT! You MUST have DHCP Reservations for these MAC addresses. You also need records established the DNS."
|
||||
exit 1
|
||||
fi
|
||||
@ -36,10 +36,6 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
|
||||
SSDATA_DISK_SIZE_GB=
|
||||
DOCKER_DISK_SIZE_GB=
|
||||
if [ "$VIRTUAL_MACHINE" = www ]; then
|
||||
if [ "$SKIP_WWW" = true ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
VM_ID="w"
|
||||
BACKUP_DISK_SIZE_GB="$WWW_BACKUP_DISK_SIZE_GB"
|
||||
SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"
|
||||
@ -47,27 +43,12 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
|
||||
fi
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
|
||||
if [ "$SKIP_BTCPAYSERVER" = true ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
VM_ID="b"
|
||||
BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
|
||||
SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
|
||||
DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
|
||||
fi
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = clamsserver ]; then
|
||||
if [ "$SKIP_CLAMSSERVER" = true ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
VM_ID="c"
|
||||
BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
|
||||
SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
|
||||
DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
|
||||
fi
|
||||
|
||||
DOCKER_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""d"
|
||||
if ! lxc storage volume list ss-base | grep -q "$DOCKER_VOLUME_NAME"; then
|
||||
lxc storage volume create ss-base "$DOCKER_VOLUME_NAME" --type=block
|
||||
|
@ -32,17 +32,13 @@ export BTCPAYSERVER_SSDATA_DISK_SIZE_GB=20
|
||||
export BTCPAYSERVER_BACKUP_DISK_SIZE_GB=20
|
||||
export BTCPAYSERVER_DOCKER_DISK_SIZE_GB=30
|
||||
|
||||
export CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
|
||||
export CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
|
||||
export CLAMSSERVER_DOCKER_DISK_SIZE_GB=100
|
||||
|
||||
export WWW_HOSTNAME="www"
|
||||
export BTCPAY_SERVER_HOSTNAME="btcpayserver"
|
||||
export CLAMS_SERVER_HOSTNAME="clamsserver"
|
||||
export BTCPAY_HOSTNAME="btcpayserver"
|
||||
export BTCPAY_HOSTNAME_IN_CERT="btcpay"
|
||||
export NEXTCLOUD_HOSTNAME="nextcloud"
|
||||
export GITEA_HOSTNAME="git"
|
||||
export NOSTR_HOSTNAME="relay"
|
||||
export CLAMS_HOSTNAME="clams"
|
||||
|
||||
export REGISTRY_URL="https://index.docker.io/v1"
|
||||
|
||||
@ -51,6 +47,4 @@ export BTCPAY_SERVER_CPU_COUNT="4"
|
||||
export BTCPAY_SERVER_MEMORY_MB="4096"
|
||||
export WWW_SERVER_CPU_COUNT="4"
|
||||
export WWW_SERVER_MEMORY_MB="4096"
|
||||
export CLAMS_SERVER_CPU_COUNT="4"
|
||||
export CLAMS_SERVER_MEMORY_MB="4096"
|
||||
export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"
|
||||
|
@ -1,16 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
# the DOMAIN_LIST is a complete list of all our domains. We often iterate over this list.
|
||||
DOMAIN_LIST="${PRIMARY_DOMAIN}"
|
||||
if [ -n "$OTHER_SITES_LIST" ]; then
|
||||
DOMAIN_LIST="${DOMAIN_LIST},${OTHER_SITES_LIST}"
|
||||
fi
|
||||
|
||||
export DOMAIN_LIST="$DOMAIN_LIST"
|
||||
export DOMAIN_COUNT=$(("$(echo "$DOMAIN_LIST" | tr -cd , | wc -c)"+1))
|
||||
export OTHER_SITES_LIST="$OTHER_SITES_LIST"
|
||||
|
||||
export PRIMARY_WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
|
||||
export BTCPAY_SERVER_FQDN="$BTCPAY_SERVER_HOSTNAME.$DOMAIN_NAME"
|
||||
export CLAMS_SERVER_FQDN="$CLAMS_SERVER_HOSTNAME.$DOMAIN_NAME"
|
@ -11,30 +11,14 @@ if lxc remote get-default -q | grep -q "local"; then
|
||||
fi
|
||||
|
||||
KEEP_DOCKER_VOLUME=true
|
||||
OTHER_SITES_LIST=
|
||||
SKIP_BTCPAYSERVER=false
|
||||
SKIP_WWW=false
|
||||
SKIP_CLAMSSERVER=false
|
||||
|
||||
# grab any modifications from the command line.
|
||||
for i in "$@"; do
|
||||
case $i in
|
||||
--purge)
|
||||
--destroy)
|
||||
KEEP_DOCKER_VOLUME=false
|
||||
shift
|
||||
;;
|
||||
--skip-btcpayserver)
|
||||
SKIP_BTCPAYSERVER=true
|
||||
shift
|
||||
;;
|
||||
--skip-wwwserver)
|
||||
SKIP_WWW=true
|
||||
shift
|
||||
;;
|
||||
--skip-clamsserver)
|
||||
SKIP_CLAMSSERVER=true
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
echo "Unexpected option: $1"
|
||||
exit 1
|
||||
@ -42,19 +26,6 @@ for i in "$@"; do
|
||||
esac
|
||||
done
|
||||
|
||||
SERVERS=
|
||||
if [ "$SKIP_BTCPAYSERVER" = false ]; then
|
||||
SERVERS="btcpayserver"
|
||||
fi
|
||||
|
||||
if [ "$SKIP_WWW" = false ]; then
|
||||
SERVERS="www $SERVERS"
|
||||
fi
|
||||
|
||||
if [ "$SKIP_CLAMSSERVER" = false ]; then
|
||||
SERVERS="clamsserver $SERVERS"
|
||||
fi
|
||||
|
||||
. ./deployment_defaults.sh
|
||||
|
||||
. ./remote_env.sh
|
||||
@ -68,14 +39,12 @@ export SITE_PATH="$SITES_PATH/$PRIMARY_DOMAIN"
|
||||
source "$SITE_PATH/site.conf"
|
||||
source ./project/domain_env.sh
|
||||
|
||||
source ./domain_list.sh
|
||||
|
||||
for VIRTUAL_MACHINE in $SERVERS; do
|
||||
|
||||
SKIP=btcpayserver
|
||||
for VIRTUAL_MACHINE in www btcpayserver; do
|
||||
LXD_NAME="$VIRTUAL_MACHINE-${PRIMARY_DOMAIN//./-}"
|
||||
|
||||
if lxc list | grep -q "$LXD_NAME"; then
|
||||
bash -c "./stop.sh --server=$VIRTUAL_MACHINE"
|
||||
bash -c "./up.sh --stop --skip-$SKIP"
|
||||
|
||||
lxc stop "$LXD_NAME"
|
||||
|
||||
@ -94,8 +63,6 @@ for VIRTUAL_MACHINE in $SERVERS; do
|
||||
VM_ID=w
|
||||
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
|
||||
VM_ID="b"
|
||||
elif [ "$VIRTUAL_MACHINE" = clamsserver ]; then
|
||||
VM_ID="c"
|
||||
fi
|
||||
|
||||
# d for docker; b for backup; s for ss-data
|
||||
@ -110,13 +77,13 @@ for VIRTUAL_MACHINE in $SERVERS; do
|
||||
fi
|
||||
fi
|
||||
done
|
||||
else
|
||||
# we maintain the volumes
|
||||
# TODO make a snapshot on all the zfs storage volumes.
|
||||
echo "TODO: create snapshot of ZFS volumes and pull them to mgmt machine."
|
||||
fi
|
||||
|
||||
SKIP=www
|
||||
done
|
||||
|
||||
if lxc network list -q | grep -q ss-ovn; then
|
||||
lxc network delete ss-ovn
|
||||
fi
|
||||
|
||||
# TODO make a snapshot on all the zfs storage volumes.
|
@ -6,10 +6,11 @@ You are in the Sovereign Stack Management Environment (SSME). From here, you can
|
||||
ss-up - Instantiate a deployment to your active project according to your
|
||||
various remote.conf, project.conf, and site.conf files.
|
||||
ss-down - Reverses ss-up. Takes the active project down. Non-destructive of user data,
|
||||
unless you provide the --purge flag.
|
||||
unless you provide the --destroy flag.
|
||||
ss-update - This is just ss-down then ss-up.
|
||||
ss-show - show the lxd resources associated with the current remote.
|
||||
|
||||
For more infomation about all these topics, consult the Sovereign Stack website starting with:
|
||||
|
||||
- https://www.sovereign-stack.org/tag/deployment-management/
|
||||
|
||||
|
@ -49,7 +49,3 @@ export WWW_DOCKER_DISK_SIZE_GB="$WWW_DOCKER_DISK_SIZE_GB"
|
||||
export BTCPAYSERVER_SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
|
||||
export BTCPAYSERVER_BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
|
||||
export BTCPAYSERVER_DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
|
||||
|
||||
export CLAMSSERVER_SSDATA_DISK_SIZE_GB="$CLAMSSERVER_SSDATA_DISK_SIZE_GB"
|
||||
export CLAMSSERVER_BACKUP_DISK_SIZE_GB="$CLAMSSERVER_BACKUP_DISK_SIZE_GB"
|
||||
export CLAMSSERVER_DOCKER_DISK_SIZE_GB="$CLAMSSERVER_DOCKER_DISK_SIZE_GB"
|
@ -148,7 +148,7 @@ fi
|
||||
# install dependencies.
|
||||
ssh -t "ubuntu@$FQDN" 'sudo apt update && sudo apt upgrade -y && sudo apt install htop dnsutils nano -y'
|
||||
if ! ssh "ubuntu@$FQDN" snap list | grep -q lxd; then
|
||||
ssh -t "ubuntu@$FQDN" 'sudo snap install lxd --channel=5.16/stable'
|
||||
ssh -t "ubuntu@$FQDN" 'sudo snap install lxd --channel=latest/candidate'
|
||||
sleep 5
|
||||
fi
|
||||
|
||||
|
@ -65,10 +65,6 @@ for PROJECT_CHAIN in ${DEPLOYMENT_STRING//,/ }; do
|
||||
BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30
|
||||
BTCPAYSERVER_DOCKER_DISK_SIZE_GB=100
|
||||
|
||||
CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
|
||||
CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
|
||||
CLAMSSERVER_DOCKER_DISK_SIZE_GB=20
|
||||
|
||||
elif [ "$BITCOIN_CHAIN" = mainnet ]; then
|
||||
|
||||
WWW_SSDATA_DISK_SIZE_GB=40
|
||||
@ -79,10 +75,6 @@ for PROJECT_CHAIN in ${DEPLOYMENT_STRING//,/ }; do
|
||||
BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30
|
||||
BTCPAYSERVER_DOCKER_DISK_SIZE_GB=500
|
||||
|
||||
CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
|
||||
CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
|
||||
CLAMSSERVER_DOCKER_DISK_SIZE_GB=400
|
||||
|
||||
fi
|
||||
|
||||
export WWW_SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"
|
||||
|
@ -1,61 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# https://www.sovereign-stack.org/ss-down/
|
||||
|
||||
set -eu
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
if lxc remote get-default -q | grep -q "local"; then
|
||||
echo "ERROR: you are on the local lxc remote. Nothing to take down"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SERVER_TO_STOP=
|
||||
OTHER_SITES_LIST=
|
||||
|
||||
# grab any modifications from the command line.
|
||||
for i in "$@"; do
|
||||
case $i in
|
||||
--server=*)
|
||||
SERVER_TO_STOP="${i#*=}"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
echo "Unexpected option: $1"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "$SERVER_TO_STOP" ]; then
|
||||
echo "ERROR: you MUST specify a server to stop with '--server=www' for example."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
. ./deployment_defaults.sh
|
||||
|
||||
. ./remote_env.sh
|
||||
|
||||
. ./project_env.sh
|
||||
|
||||
# let's bring down services on the remote deployment if necessary.
|
||||
export DOMAIN_NAME="$PRIMARY_DOMAIN"
|
||||
export SITE_PATH="$SITES_PATH/$PRIMARY_DOMAIN"
|
||||
|
||||
source "$SITE_PATH/site.conf"
|
||||
source ./project/domain_env.sh
|
||||
|
||||
source ./domain_list.sh
|
||||
|
||||
if [ "$SERVER_TO_STOP" = www ]; then
|
||||
DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN" ./project/www/stop_docker_stacks.sh
|
||||
fi
|
||||
|
||||
if [ "$SERVER_TO_STOP" = btcpayserver ]; then
|
||||
ssh "$BTCPAY_SERVER_FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
|
||||
fi
|
||||
|
||||
if [ "$SERVER_TO_STOP" = clamsserver ]; then
|
||||
DOCKER_HOST="ssh://ubuntu@$CLAMS_SERVER_FQDN" ./project/clams-server/down.sh
|
||||
fi
|
@ -73,13 +73,6 @@ if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
|
||||
|
||||
EOF
|
||||
|
||||
elif [ "$VIRTUAL_MACHINE" = clamsserver ]; then
|
||||
cat >> "$YAML_PATH" <<EOF
|
||||
limits.cpu: "${CLAMS_SERVER_CPU_COUNT}"
|
||||
limits.memory: "${CLAMS_SERVER_MEMORY_MB}MB"
|
||||
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
. ./target.sh
|
||||
@ -216,29 +209,14 @@ if [ "$VIRTUAL_MACHINE" != base ]; then
|
||||
match:
|
||||
macaddress: ${MAC_ADDRESS_TO_PROVISION}
|
||||
set-name: enp5s0
|
||||
EOF
|
||||
fi
|
||||
|
||||
# TODO try to get DHCP working reliably.
|
||||
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
|
||||
cat >> "$YAML_PATH" <<EOF
|
||||
enp6s0:
|
||||
addresses:
|
||||
- 10.10.10.66/24
|
||||
dhcp4: true
|
||||
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = www ]; then
|
||||
cat >> "$YAML_PATH" <<EOF
|
||||
enp6s0:
|
||||
addresses:
|
||||
- 10.10.10.65/24
|
||||
|
||||
EOF
|
||||
fi
|
||||
|
||||
|
||||
# All profiles get a root disk and cloud-init config.
|
||||
cat >> "$YAML_PATH" <<EOF
|
||||
description: Default LXD profile for ${FILENAME}
|
||||
@ -284,18 +262,11 @@ else
|
||||
nictype: macvlan
|
||||
parent: ${DATA_PLANE_MACVLAN_INTERFACE}
|
||||
type: nic
|
||||
EOF
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
|
||||
cat >> "$YAML_PATH" <<EOF
|
||||
enp6s0:
|
||||
name: enp6s0
|
||||
network: ss-ovn
|
||||
type: nic
|
||||
EOF
|
||||
fi
|
||||
|
||||
cat >> "$YAML_PATH" <<EOF
|
||||
name: ${PRIMARY_DOMAIN}
|
||||
EOF
|
||||
|
||||
|
186
deployment/up.sh
186
deployment/up.sh
@ -38,22 +38,22 @@ OTHER_SITES_LIST=
|
||||
PRIMARY_DOMAIN=
|
||||
RUN_CERT_RENEWAL=true
|
||||
SKIP_BASE_IMAGE_CREATION=false
|
||||
RESTORE_CERTS=false
|
||||
BACKUP_CERTS=true
|
||||
BACKUP_BTCPAY=true
|
||||
SKIP_BTCPAYSERVER=false
|
||||
SKIP_WWW=false
|
||||
SKIP_CLAMSSERVER=false
|
||||
BACKUP_WWW_APPS=true
|
||||
RESTORE_WWW=false
|
||||
RESTORE_CERTS=false
|
||||
BACKUP_CERTS=false
|
||||
BACKUP_BTCPAY=false
|
||||
BACKUP_CERTS=false
|
||||
BACKUP_APPS=false
|
||||
BACKUP_BTCPAY=false
|
||||
BACKUP_BTCPAY_ARCHIVE_PATH=
|
||||
RESTORE_BTCPAY=false
|
||||
SKIP_BTCPAY=false
|
||||
UPDATE_BTCPAY=false
|
||||
REMOTE_NAME="$(lxc remote get-default)"
|
||||
STOP_SERVICES=false
|
||||
USER_SAYS_YES=false
|
||||
|
||||
WWW_SERVER_MAC_ADDRESS=
|
||||
BTCPAY_SERVER_MAC_ADDRESS=
|
||||
CLAMS_SERVER_MAC_ADDRESS=
|
||||
RESTART_FRONT_END=true
|
||||
|
||||
# grab any modifications from the command line.
|
||||
for i in "$@"; do
|
||||
@ -62,26 +62,30 @@ for i in "$@"; do
|
||||
RESTORE_CERTS=true
|
||||
shift
|
||||
;;
|
||||
--restore-www)
|
||||
RESTORE_WWW=true
|
||||
RESTORE_CERTS=true
|
||||
|
||||
shift
|
||||
;;
|
||||
--restore-btcpay)
|
||||
RESTORE_BTCPAY=true
|
||||
shift
|
||||
;;
|
||||
--skip-btcpayserver)
|
||||
SKIP_BTCPAYSERVER=true
|
||||
shift
|
||||
;;
|
||||
--skip-wwwserver)
|
||||
SKIP_WWW=true
|
||||
shift
|
||||
;;
|
||||
--skip-clamsserver)
|
||||
SKIP_CLAMSSERVER=true
|
||||
--backup-www)
|
||||
BACKUP_CERTS=true
|
||||
BACKUP_APPS=true
|
||||
shift
|
||||
;;
|
||||
--backup-btcpayserver)
|
||||
BACKUP_BTCPAY=true
|
||||
shift
|
||||
;;
|
||||
--stop)
|
||||
STOP_SERVICES=true
|
||||
RESTART_FRONT_END=false
|
||||
shift
|
||||
;;
|
||||
--backup-archive-path=*)
|
||||
BACKUP_BTCPAY_ARCHIVE_PATH="${i#*=}"
|
||||
shift
|
||||
@ -90,6 +94,14 @@ for i in "$@"; do
|
||||
UPDATE_BTCPAY=true
|
||||
shift
|
||||
;;
|
||||
--skip-www)
|
||||
SKIP_WWW=true
|
||||
shift
|
||||
;;
|
||||
--skip-btcpayserver)
|
||||
SKIP_BTCPAY=true
|
||||
shift
|
||||
;;
|
||||
--skip-base-image)
|
||||
SKIP_BASE_IMAGE_CREATION=true
|
||||
shift
|
||||
@ -122,7 +134,10 @@ fi
|
||||
. ./remote_env.sh
|
||||
|
||||
export REGISTRY_DOCKER_IMAGE="registry:2"
|
||||
export RESTORE_WWW="$RESTORE_WWW"
|
||||
export STOP_SERVICES="$STOP_SERVICES"
|
||||
export BACKUP_CERTS="$BACKUP_CERTS"
|
||||
export BACKUP_APPS="$BACKUP_APPS"
|
||||
export RESTORE_BTCPAY="$RESTORE_BTCPAY"
|
||||
export BACKUP_BTCPAY="$BACKUP_BTCPAY"
|
||||
export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
|
||||
@ -130,8 +145,8 @@ export REMOTE_NAME="$REMOTE_NAME"
|
||||
export REMOTE_PATH="$REMOTES_PATH/$REMOTE_NAME"
|
||||
export USER_SAYS_YES="$USER_SAYS_YES"
|
||||
export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
|
||||
export RESTART_FRONT_END="$RESTART_FRONT_END"
|
||||
export RESTORE_CERTS="$RESTORE_CERTS"
|
||||
export BACKUP_WWW_APPS="$BACKUP_WWW_APPS"
|
||||
|
||||
# todo convert this to Trezor-T
|
||||
SSH_PUBKEY_PATH="$SSH_HOME/id_rsa.pub"
|
||||
@ -156,6 +171,7 @@ function new_pass {
|
||||
gpg --gen-random --armor 1 25
|
||||
}
|
||||
|
||||
|
||||
function stub_site_definition {
|
||||
mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites"
|
||||
|
||||
@ -179,7 +195,7 @@ DOMAIN_NAME="${DOMAIN_NAME}"
|
||||
SITE_LANGUAGE_CODES="en"
|
||||
DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
||||
DEPLOY_GHOST=true
|
||||
|
||||
DEPLOY_CLAMS=false
|
||||
DEPLOY_NEXTCLOUD=false
|
||||
DEPLOY_NOSTR=false
|
||||
NOSTR_ACCOUNT_PUBKEY=
|
||||
@ -191,12 +207,6 @@ NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||
GITEA_MYSQL_PASSWORD="$(new_pass)"
|
||||
GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||
|
||||
|
||||
#GHOST_DEPLOY_SMTP=true
|
||||
#MAILGUN_FROM_ADDRESS=false
|
||||
#MAILGUN_SMTP_USERNAME=
|
||||
#MAILGUN_SMTP_PASSWORD=
|
||||
|
||||
EOL
|
||||
|
||||
chmod 0744 "$SITE_DEFINITION_PATH"
|
||||
@ -211,10 +221,6 @@ EOL
|
||||
PROJECT_NAME="$(lxc info | grep "project:" | awk '{print $2}')"
|
||||
export PROJECT_NAME="$PROJECT_NAME"
|
||||
export PROJECT_PATH="$PROJECTS_PATH/$PROJECT_NAME"
|
||||
export SKIP_BTCPAYSERVER="$SKIP_BTCPAYSERVER"
|
||||
export SKIP_WWW="$SKIP_WWW"
|
||||
export SKIP_CLAMSSERVER="$SKIP_CLAMSSERVER"
|
||||
|
||||
|
||||
mkdir -p "$PROJECT_PATH" "$REMOTE_PATH/projects"
|
||||
|
||||
@ -240,15 +246,10 @@ WWW_SERVER_MAC_ADDRESS=
|
||||
# WWW_SERVER_CPU_COUNT="6"
|
||||
# WWW_SERVER_MEMORY_MB="4096"
|
||||
|
||||
BTCPAY_SERVER_MAC_ADDRESS=
|
||||
BTCPAYSERVER_MAC_ADDRESS=
|
||||
# BTCPAY_SERVER_CPU_COUNT="4"
|
||||
# BTCPAY_SERVER_MEMORY_MB="4096"
|
||||
|
||||
CLAMS_SERVER_MAC_ADDRESS=
|
||||
# CLAMS_SERVER_CPU_COUNT="4"
|
||||
# CLAMS_SERVER_MEMORY_MB="4096"
|
||||
|
||||
|
||||
EOL
|
||||
|
||||
chmod 0744 "$PROJECT_DEFINITION_PATH"
|
||||
@ -266,25 +267,30 @@ if [ -z "$PRIMARY_DOMAIN" ]; then
|
||||
fi
|
||||
|
||||
if [ -z "$WWW_SERVER_MAC_ADDRESS" ]; then
|
||||
echo "WARNING: the WWW_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
|
||||
echo "ERROR: the WWW_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
if [ -z "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
|
||||
echo "WARNING: the BTCPAY_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
|
||||
if [ -z "$BTCPAYSERVER_MAC_ADDRESS" ]; then
|
||||
echo "ERROR: the BTCPAYSERVER_MAC_ADDRESS is not specified. Check your project.conf."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
if [ -z "$CLAMS_SERVER_MAC_ADDRESS" ]; then
|
||||
echo "WARNING: the CLAMS_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
|
||||
# the DOMAIN_LIST is a complete list of all our domains. We often iterate over this list.
|
||||
DOMAIN_LIST="${PRIMARY_DOMAIN}"
|
||||
if [ -n "$OTHER_SITES_LIST" ]; then
|
||||
DOMAIN_LIST="${DOMAIN_LIST},${OTHER_SITES_LIST}"
|
||||
fi
|
||||
|
||||
source ./domain_list.sh
|
||||
export DOMAIN_LIST="$DOMAIN_LIST"
|
||||
export DOMAIN_COUNT=$(("$(echo "$DOMAIN_LIST" | tr -cd , | wc -c)"+1))
|
||||
|
||||
# let's provision our primary domain first.
|
||||
export DOMAIN_NAME="$PRIMARY_DOMAIN"
|
||||
export PRIMARY_DOMAIN="$PRIMARY_DOMAIN"
|
||||
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
||||
export PRIMARY_WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
|
||||
|
||||
stub_site_definition
|
||||
|
||||
@ -304,17 +310,13 @@ if ! lxc image list --format csv | grep -q "$DOCKER_BASE_IMAGE_NAME"; then
|
||||
fi
|
||||
fi
|
||||
|
||||
for VIRTUAL_MACHINE in www btcpayserver clamsserver; do
|
||||
for VIRTUAL_MACHINE in www btcpayserver; do
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ -z "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
|
||||
if [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ "$SKIP_BTCPAY" = true ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = clamsserver ] && [ -z "$CLAMS_SERVER_MAC_ADDRESS" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = www ] && [ -z "$WWW_SERVER_MAC_ADDRESS" ]; then
|
||||
if [ "$VIRTUAL_MACHINE" = www ] && [ "$SKIP_WWW" = true ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
@ -363,20 +365,20 @@ for VIRTUAL_MACHINE in www btcpayserver clamsserver; do
|
||||
export VPS_HOSTNAME="$VPS_HOSTNAME"
|
||||
export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = www ] && [ -n "$WWW_SERVER_MAC_ADDRESS" ]; then
|
||||
if [ "$VIRTUAL_MACHINE" = www ]; then
|
||||
if [ "$SKIP_WWW" = true ]; then
|
||||
echo "INFO: Skipping WWW due to command line argument."
|
||||
continue
|
||||
fi
|
||||
|
||||
FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
|
||||
VPS_HOSTNAME="$WWW_HOSTNAME"
|
||||
MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS"
|
||||
|
||||
elif [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ -n "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
|
||||
FQDN="$BTCPAY_SERVER_HOSTNAME.$DOMAIN_NAME"
|
||||
VPS_HOSTNAME="$BTCPAY_SERVER_HOSTNAME"
|
||||
MAC_ADDRESS_TO_PROVISION="$BTCPAY_SERVER_MAC_ADDRESS"
|
||||
|
||||
elif [ "$VIRTUAL_MACHINE" = clamsserver ] && [ -n "$CLAMS_SERVER_MAC_ADDRESS" ]; then
|
||||
FQDN="$CLAMS_SERVER_HOSTNAME.$DOMAIN_NAME"
|
||||
VPS_HOSTNAME="$CLAMS_SERVER_HOSTNAME"
|
||||
MAC_ADDRESS_TO_PROVISION="$CLAMS_SERVER_MAC_ADDRESS"
|
||||
elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then
|
||||
FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
|
||||
VPS_HOSTNAME="$BTCPAY_HOSTNAME"
|
||||
MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS"
|
||||
|
||||
elif [ "$VIRTUAL_MACHINE" = "$BASE_IMAGE_VM_NAME" ]; then
|
||||
export FQDN="$BASE_IMAGE_VM_NAME"
|
||||
@ -392,6 +394,16 @@ for VIRTUAL_MACHINE in www btcpayserver clamsserver; do
|
||||
|
||||
./deploy_vm.sh
|
||||
|
||||
if [ "$VIRTUAL_MACHINE" = www ]; then
|
||||
# this tells our local docker client to target the remote endpoint via SSH
|
||||
export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
|
||||
|
||||
# enable docker swarm mode so we can support docker stacks.
|
||||
if docker info | grep -q "Swarm: inactive"; then
|
||||
docker swarm init --advertise-addr enp6s0
|
||||
fi
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
# let's stub out the rest of our site definitions, if any.
|
||||
@ -403,52 +415,14 @@ for DOMAIN_NAME in ${OTHER_SITES_LIST//,/ }; do
|
||||
stub_site_definition
|
||||
done
|
||||
|
||||
if [ "$SKIP_BTCPAYSERVER" = false ]; then
|
||||
if [ -n "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
|
||||
export DOCKER_HOST="ssh://ubuntu@$BTCPAY_SERVER_FQDN"
|
||||
./project/btcpayserver/go.sh
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$SKIP_WWW" = false ]; then
|
||||
# now let's run the www and btcpay-specific provisioning scripts.
|
||||
if [ -n "$WWW_SERVER_MAC_ADDRESS" ]; then
|
||||
export DOCKER_HOST="ssh://ubuntu@$WWW_FQDN"
|
||||
|
||||
# enable docker swarm mode so we can support docker stacks.
|
||||
if docker info | grep -q "Swarm: inactive"; then
|
||||
docker swarm init --advertise-addr enp6s0
|
||||
fi
|
||||
|
||||
if [ "$SKIP_WWW" = false ]; then
|
||||
./project/www/go.sh
|
||||
fi
|
||||
fi
|
||||
|
||||
# don't run clams stuff if user specifies --skip-btcpayserver
|
||||
if [ "$SKIP_CLAMSSERVER" = false ]; then
|
||||
# now let's run the www and btcpay-specific provisioning scripts.
|
||||
if [ -n "$CLAMS_SERVER_MAC_ADDRESS" ]; then
|
||||
export DOCKER_HOST="ssh://ubuntu@$CLAMS_SERVER_FQDN"
|
||||
|
||||
# enable docker swarm mode so we can support docker stacks.
|
||||
if docker info | grep -q "Swarm: inactive"; then
|
||||
docker swarm init
|
||||
fi
|
||||
|
||||
# set the active env to our CLAMS_FQDN
|
||||
cat >./project/clams-server/active_env.txt <<EOL
|
||||
${CLAMS_SERVER_FQDN}
|
||||
EOL
|
||||
|
||||
# and we have to set our environment file as well.
|
||||
cat > ./project/clams-server/environments/"$CLAMS_SERVER_FQDN" <<EOL
|
||||
DOCKER_HOST=ssh://ubuntu@${CLAMS_SERVER_FQDN}
|
||||
DOMAIN_NAME=${PRIMARY_DOMAIN}
|
||||
ENABLE_TLS=true
|
||||
BTC_CHAIN=${BITCOIN_CHAIN}
|
||||
CLN_COUNT=1
|
||||
EOL
|
||||
|
||||
bash -c "./project/clams-server/up.sh -y"
|
||||
fi
|
||||
|
||||
export DOMAIN_NAME="$PRIMARY_DOMAIN"
|
||||
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
||||
if [ "$SKIP_BTCPAY" = false ]; then
|
||||
./project/btcpayserver/go.sh
|
||||
fi
|
@ -5,6 +5,18 @@ cd "$(dirname "$0")"
|
||||
|
||||
. ./target.sh
|
||||
|
||||
# # As part of the install script, we pull down any other sovereign-stack git repos
|
||||
# PROJECTS_SCRIPTS_REPO_URL="https://git.sovereign-stack.org/ss/project"
|
||||
# PROJECTS_SCRIPTS_PATH="$(pwd)/deployment/project"
|
||||
# if [ ! -d "$PROJECTS_SCRIPTS_PATH" ]; then
|
||||
# git clone "$PROJECTS_SCRIPTS_REPO_URL" "$PROJECTS_SCRIPTS_PATH"
|
||||
# else
|
||||
# cd "$PROJECTS_SCRIPTS_PATH" || exit 1
|
||||
# git -c advice.detachedHead=false pull origin main
|
||||
# git checkout "$TARGET_PROJECT_GIT_COMMIT"
|
||||
# cd - || exit 1
|
||||
# fi
|
||||
|
||||
# check if there are any uncommited changes. It's dangerous to
|
||||
# alter production systems when you have commits to make or changes to stash.
|
||||
if git update-index --refresh | grep -q "needs update"; then
|
||||
|
52
install.sh
52
install.sh
@ -11,43 +11,15 @@ if [ "$(hostname)" = ss-mgmt ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DISK_OR_PARTITION=
|
||||
DISK=loop
|
||||
|
||||
# grab any modifications from the command line.
|
||||
for i in "$@"; do
|
||||
case $i in
|
||||
--disk-or-partition=*)
|
||||
DISK_OR_PARTITION="${i#*=}"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
echo "Unexpected option: $1"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
# ensure the iptables forward policy is set to ACCEPT so your host can act as a router
|
||||
# Note this is necessary if docker is running (or has been previuosly installed) on the
|
||||
# same host running LXD.
|
||||
sudo iptables -F FORWARD
|
||||
sudo iptables -P FORWARD ACCEPT
|
||||
|
||||
|
||||
# if the user didn't specify the disk or partition, we create a loop device under
|
||||
# the user's home directory. If the user does specify a disk or partition, we will
|
||||
# create the ZFS pool there.
|
||||
if [ -z "$DISK_OR_PARTITION" ]; then
|
||||
DISK="$DISK_OR_PARTITION"
|
||||
fi
|
||||
|
||||
# the DISK variable here tells us which disk (partition) the admin wants to use for
|
||||
# lxd resources. By default, we provision the disk under / as a loop device. Admin
|
||||
# can override with CLI modifications.
|
||||
DISK="rpool/lxd"
|
||||
export DISK="$DISK"
|
||||
|
||||
# install lxd snap and initialize it
|
||||
if ! snap list | grep -q lxd; then
|
||||
sudo snap install lxd --channel=5.16/stable
|
||||
sudo snap install lxd --channel=latest/candidate
|
||||
sleep 5
|
||||
|
||||
# run lxd init
|
||||
@ -247,3 +219,17 @@ fi
|
||||
if [ "$ADDED_COMMAND" = true ]; then
|
||||
echo "NOTICE! You need to run 'source ~/.bashrc' before continuing. After that, type 'ss-manage' to enter your management environment."
|
||||
fi
|
||||
|
||||
. ./deployment/target.sh
|
||||
|
||||
# As part of the install script, we pull down any other sovereign-stack git repos
|
||||
PROJECTS_SCRIPTS_REPO_URL="https://git.sovereign-stack.org/ss/project"
|
||||
PROJECTS_SCRIPTS_PATH="$(pwd)/deployment/project"
|
||||
if [ ! -d "$PROJECTS_SCRIPTS_PATH" ]; then
|
||||
git clone "$PROJECTS_SCRIPTS_REPO_URL" "$PROJECTS_SCRIPTS_PATH"
|
||||
else
|
||||
cd "$PROJECTS_SCRIPTS_PATH"
|
||||
git -c advice.detachedHead=false pull origin main
|
||||
git checkout "$TARGET_PROJECT_GIT_COMMIT"
|
||||
cd -
|
||||
fi
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# https://www.sovereign-stack.org/ss-manage/
|
||||
|
||||
set -eu
|
||||
set -exu
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
# check to ensure dependencies are met.
|
||||
|
@ -6,8 +6,6 @@ alias ss-show='/home/ubuntu/sovereign-stack/deployment/show.sh $@'
|
||||
alias ss-reset='/home/ubuntu/sovereign-stack/deployment/reset.sh $@'
|
||||
alias ss-update='/home/ubuntu/sovereign-stack/deployment/update.sh $@'
|
||||
alias ss-down='/home/ubuntu/sovereign-stack/deployment/down.sh $@'
|
||||
alias ss-stop='/home/ubuntu/sovereign-stack/deployment/stop.sh $@'
|
||||
alias ss-start='/home/ubuntu/sovereign-stack/deployment/start.sh $@'
|
||||
alias ss-help='cat /home/ubuntu/sovereign-stack/deployment/help.txt'
|
||||
|
||||
alias ll='ls -lah'
|
||||
|
@ -5,7 +5,7 @@ cd "$(dirname "$0")"
|
||||
|
||||
# NOTE! This script MUST be executed as root.
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y ca-certificates curl gnupg lsb-release jq bc
|
||||
sudo apt-get install -y ca-certificates curl gnupg lsb-release
|
||||
|
||||
sudo mkdir -m 0755 -p /etc/apt/keyrings
|
||||
|
||||
@ -35,7 +35,7 @@ sleep 10
|
||||
# install snap
|
||||
if ! snap list | grep -q lxd; then
|
||||
sudo snap install htop
|
||||
sudo snap install lxd --channel=5.16/stable
|
||||
sudo snap install lxd --channel=latest/candidate
|
||||
sleep 6
|
||||
|
||||
# We just do an auto initialization. All we are using is the LXD client inside the management environment.
|
||||
|
Loading…
Reference in New Issue
Block a user