1
1

Compare commits

...

11 Commits

17 changed files with 343 additions and 135 deletions

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "deployment/project/clams-server"]
path = deployment/project/clams-server
url = https://github.com/farscapian/roygbiv-stack

View File

@ -25,7 +25,7 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
# create a base image if needed and instantiate a VM.
if [ -z "$MAC_ADDRESS_TO_PROVISION" ]; then
echo "ERROR: You MUST define a MAC Address for all your machines by setting WWW_SERVER_MAC_ADDRESS, BTCPAYSERVER_MAC_ADDRESS in your site definition."
echo "ERROR: You MUST define a MAC Address for all your machines in your project definition."
echo "INFO: IMPORTANT! You MUST have DHCP Reservations for these MAC addresses. You also need records established the DNS."
exit 1
fi
@ -36,6 +36,10 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
SSDATA_DISK_SIZE_GB=
DOCKER_DISK_SIZE_GB=
if [ "$VIRTUAL_MACHINE" = www ]; then
if [ "$SKIP_WWW" = true ]; then
exit 0
fi
VM_ID="w"
BACKUP_DISK_SIZE_GB="$WWW_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"
@ -43,11 +47,26 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
fi
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
if [ "$SKIP_BTCPAYSERVER" = true ]; then
exit 0
fi
VM_ID="b"
BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
fi
if [ "$VIRTUAL_MACHINE" = clamsserver ]; then
if [ "$SKIP_CLAMSSERVER" = true ]; then
exit 0
fi
VM_ID="c"
BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
fi
DOCKER_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""d"
if ! lxc storage volume list ss-base | grep -q "$DOCKER_VOLUME_NAME"; then

View File

@ -32,13 +32,17 @@ export BTCPAYSERVER_SSDATA_DISK_SIZE_GB=20
export BTCPAYSERVER_BACKUP_DISK_SIZE_GB=20
export BTCPAYSERVER_DOCKER_DISK_SIZE_GB=30
export CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
export CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
export CLAMSSERVER_DOCKER_DISK_SIZE_GB=100
export WWW_HOSTNAME="www"
export BTCPAY_HOSTNAME="btcpayserver"
export BTCPAY_SERVER_HOSTNAME="btcpayserver"
export CLAMS_SERVER_HOSTNAME="clamsserver"
export BTCPAY_HOSTNAME_IN_CERT="btcpay"
export NEXTCLOUD_HOSTNAME="nextcloud"
export GITEA_HOSTNAME="git"
export NOSTR_HOSTNAME="relay"
export CLAMS_HOSTNAME="clams"
export REGISTRY_URL="https://index.docker.io/v1"
@ -47,4 +51,6 @@ export BTCPAY_SERVER_CPU_COUNT="4"
export BTCPAY_SERVER_MEMORY_MB="4096"
export WWW_SERVER_CPU_COUNT="4"
export WWW_SERVER_MEMORY_MB="4096"
export CLAMS_SERVER_CPU_COUNT="4"
export CLAMS_SERVER_MEMORY_MB="4096"
export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"

16
deployment/domain_list.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
# the DOMAIN_LIST is a complete list of all our domains. We often iterate over this list.
DOMAIN_LIST="${PRIMARY_DOMAIN}"
if [ -n "$OTHER_SITES_LIST" ]; then
DOMAIN_LIST="${DOMAIN_LIST},${OTHER_SITES_LIST}"
fi
export DOMAIN_LIST="$DOMAIN_LIST"
export DOMAIN_COUNT=$(("$(echo "$DOMAIN_LIST" | tr -cd , | wc -c)"+1))
export OTHER_SITES_LIST="$OTHER_SITES_LIST"
export PRIMARY_WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
export BTCPAY_SERVER_FQDN="$BTCPAY_SERVER_HOSTNAME.$DOMAIN_NAME"
export CLAMS_SERVER_FQDN="$CLAMS_SERVER_HOSTNAME.$DOMAIN_NAME"

View File

@ -11,14 +11,30 @@ if lxc remote get-default -q | grep -q "local"; then
fi
KEEP_DOCKER_VOLUME=true
OTHER_SITES_LIST=
SKIP_BTCPAYSERVER=false
SKIP_WWW=false
SKIP_CLAMSSERVER=false
# grab any modifications from the command line.
for i in "$@"; do
case $i in
--destroy)
--purge)
KEEP_DOCKER_VOLUME=false
shift
;;
--skip-btcpayserver)
SKIP_BTCPAYSERVER=true
shift
;;
--skip-wwwserver)
SKIP_WWW=true
shift
;;
--skip-clamsserver)
SKIP_CLAMSSERVER=true
shift
;;
*)
echo "Unexpected option: $1"
exit 1
@ -26,6 +42,19 @@ for i in "$@"; do
esac
done
SERVERS=
if [ "$SKIP_BTCPAYSERVER" = false ]; then
SERVERS="btcpayserver"
fi
if [ "$SKIP_WWW" = false ]; then
SERVERS="www $SERVERS"
fi
if [ "$SKIP_CLAMSSERVER" = false ]; then
SERVERS="clamsserver $SERVERS"
fi
. ./deployment_defaults.sh
. ./remote_env.sh
@ -39,12 +68,14 @@ export SITE_PATH="$SITES_PATH/$PRIMARY_DOMAIN"
source "$SITE_PATH/site.conf"
source ./project/domain_env.sh
SKIP=btcpayserver
for VIRTUAL_MACHINE in www btcpayserver; do
source ./domain_list.sh
for VIRTUAL_MACHINE in $SERVERS; do
LXD_NAME="$VIRTUAL_MACHINE-${PRIMARY_DOMAIN//./-}"
if lxc list | grep -q "$LXD_NAME"; then
bash -c "./up.sh --stop --skip-$SKIP"
bash -c "./stop.sh --server=$VIRTUAL_MACHINE"
lxc stop "$LXD_NAME"
@ -63,6 +94,8 @@ for VIRTUAL_MACHINE in www btcpayserver; do
VM_ID=w
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
VM_ID="b"
elif [ "$VIRTUAL_MACHINE" = clamsserver ]; then
VM_ID="c"
fi
# d for docker; b for backup; s for ss-data
@ -77,13 +110,13 @@ for VIRTUAL_MACHINE in www btcpayserver; do
fi
fi
done
else
# we maintain the volumes
# TODO make a snapshot on all the zfs storage volumes.
echo "TODO: create snapshot of ZFS volumes and pull them to mgmt machine."
fi
SKIP=www
done
if lxc network list -q | grep -q ss-ovn; then
lxc network delete ss-ovn
fi
# TODO make a snapshot on all the zfs storage volumes.
fi

View File

@ -6,11 +6,10 @@ You are in the Sovereign Stack Management Environment (SSME). From here, you can
ss-up - Instantiate a deployment to your active project according to your
various remote.conf, project.conf, and site.conf files.
ss-down - Reverses ss-up. Takes the active project down. Non-destructive of user data,
unless you provide the --destroy flag.
unless you provide the --purge flag.
ss-update - This is just ss-down then ss-up.
ss-show - show the lxd resources associated with the current remote.
For more infomation about all these topics, consult the Sovereign Stack website starting with:
- https://www.sovereign-stack.org/tag/deployment-management/

View File

@ -49,3 +49,7 @@ export WWW_DOCKER_DISK_SIZE_GB="$WWW_DOCKER_DISK_SIZE_GB"
export BTCPAYSERVER_SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
export BTCPAYSERVER_BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
export BTCPAYSERVER_DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
export CLAMSSERVER_SSDATA_DISK_SIZE_GB="$CLAMSSERVER_SSDATA_DISK_SIZE_GB"
export CLAMSSERVER_BACKUP_DISK_SIZE_GB="$CLAMSSERVER_BACKUP_DISK_SIZE_GB"
export CLAMSSERVER_DOCKER_DISK_SIZE_GB="$CLAMSSERVER_DOCKER_DISK_SIZE_GB"

View File

@ -148,7 +148,7 @@ fi
# install dependencies.
ssh -t "ubuntu@$FQDN" 'sudo apt update && sudo apt upgrade -y && sudo apt install htop dnsutils nano -y'
if ! ssh "ubuntu@$FQDN" snap list | grep -q lxd; then
ssh -t "ubuntu@$FQDN" 'sudo snap install lxd --channel=latest/candidate'
ssh -t "ubuntu@$FQDN" 'sudo snap install lxd --channel=5.16/stable'
sleep 5
fi

View File

@ -65,6 +65,10 @@ for PROJECT_CHAIN in ${DEPLOYMENT_STRING//,/ }; do
BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30
BTCPAYSERVER_DOCKER_DISK_SIZE_GB=100
CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
CLAMSSERVER_DOCKER_DISK_SIZE_GB=20
elif [ "$BITCOIN_CHAIN" = mainnet ]; then
WWW_SSDATA_DISK_SIZE_GB=40
@ -75,6 +79,10 @@ for PROJECT_CHAIN in ${DEPLOYMENT_STRING//,/ }; do
BTCPAYSERVER_BACKUP_DISK_SIZE_GB=30
BTCPAYSERVER_DOCKER_DISK_SIZE_GB=500
CLAMSSERVER_SSDATA_DISK_SIZE_GB=20
CLAMSSERVER_BACKUP_DISK_SIZE_GB=20
CLAMSSERVER_DOCKER_DISK_SIZE_GB=400
fi
export WWW_SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"

61
deployment/stop.sh Executable file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# https://www.sovereign-stack.org/ss-down/
set -eu
cd "$(dirname "$0")"
if lxc remote get-default -q | grep -q "local"; then
echo "ERROR: you are on the local lxc remote. Nothing to take down"
exit 1
fi
SERVER_TO_STOP=
OTHER_SITES_LIST=
# grab any modifications from the command line.
for i in "$@"; do
case $i in
--server=*)
SERVER_TO_STOP="${i#*=}"
shift
;;
*)
echo "Unexpected option: $1"
exit 1
;;
esac
done
if [ -z "$SERVER_TO_STOP" ]; then
echo "ERROR: you MUST specify a server to stop with '--server=www' for example."
exit 1
fi
. ./deployment_defaults.sh
. ./remote_env.sh
. ./project_env.sh
# let's bring down services on the remote deployment if necessary.
export DOMAIN_NAME="$PRIMARY_DOMAIN"
export SITE_PATH="$SITES_PATH/$PRIMARY_DOMAIN"
source "$SITE_PATH/site.conf"
source ./project/domain_env.sh
source ./domain_list.sh
if [ "$SERVER_TO_STOP" = www ]; then
DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN" ./project/www/stop_docker_stacks.sh
fi
if [ "$SERVER_TO_STOP" = btcpayserver ]; then
ssh "$BTCPAY_SERVER_FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
fi
if [ "$SERVER_TO_STOP" = clamsserver ]; then
DOCKER_HOST="ssh://ubuntu@$CLAMS_SERVER_FQDN" ./project/clams-server/down.sh
fi

View File

@ -73,6 +73,13 @@ if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
EOF
elif [ "$VIRTUAL_MACHINE" = clamsserver ]; then
cat >> "$YAML_PATH" <<EOF
limits.cpu: "${CLAMS_SERVER_CPU_COUNT}"
limits.memory: "${CLAMS_SERVER_MEMORY_MB}MB"
EOF
fi
. ./target.sh
@ -209,14 +216,29 @@ if [ "$VIRTUAL_MACHINE" != base ]; then
match:
macaddress: ${MAC_ADDRESS_TO_PROVISION}
set-name: enp5s0
EOF
fi
# TODO try to get DHCP working reliably.
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0:
dhcp4: true
addresses:
- 10.10.10.66/24
EOF
fi
if [ "$VIRTUAL_MACHINE" = www ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0:
addresses:
- 10.10.10.65/24
EOF
fi
# All profiles get a root disk and cloud-init config.
cat >> "$YAML_PATH" <<EOF
description: Default LXD profile for ${FILENAME}
@ -262,11 +284,18 @@ else
nictype: macvlan
parent: ${DATA_PLANE_MACVLAN_INTERFACE}
type: nic
EOF
if [ "$VIRTUAL_MACHINE" = www ] || [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
cat >> "$YAML_PATH" <<EOF
enp6s0:
name: enp6s0
network: ss-ovn
type: nic
EOF
fi
cat >> "$YAML_PATH" <<EOF
name: ${PRIMARY_DOMAIN}
EOF

View File

@ -38,22 +38,22 @@ OTHER_SITES_LIST=
PRIMARY_DOMAIN=
RUN_CERT_RENEWAL=true
SKIP_BASE_IMAGE_CREATION=false
SKIP_WWW=false
RESTORE_WWW=false
RESTORE_CERTS=false
BACKUP_CERTS=false
BACKUP_BTCPAY=false
BACKUP_CERTS=false
BACKUP_APPS=false
BACKUP_BTCPAY=false
BACKUP_BTCPAY_ARCHIVE_PATH=
BACKUP_CERTS=true
BACKUP_BTCPAY=true
SKIP_BTCPAYSERVER=false
SKIP_WWW=false
SKIP_CLAMSSERVER=false
BACKUP_WWW_APPS=true
BACKUP_BTCPAY_ARCHIVE_PATH=
RESTORE_BTCPAY=false
SKIP_BTCPAY=false
UPDATE_BTCPAY=false
REMOTE_NAME="$(lxc remote get-default)"
STOP_SERVICES=false
USER_SAYS_YES=false
RESTART_FRONT_END=true
WWW_SERVER_MAC_ADDRESS=
BTCPAY_SERVER_MAC_ADDRESS=
CLAMS_SERVER_MAC_ADDRESS=
# grab any modifications from the command line.
for i in "$@"; do
@ -62,30 +62,26 @@ for i in "$@"; do
RESTORE_CERTS=true
shift
;;
--restore-www)
RESTORE_WWW=true
RESTORE_CERTS=true
shift
;;
--restore-btcpay)
RESTORE_BTCPAY=true
shift
;;
--backup-www)
BACKUP_CERTS=true
BACKUP_APPS=true
--skip-btcpayserver)
SKIP_BTCPAYSERVER=true
shift
;;
--skip-wwwserver)
SKIP_WWW=true
shift
;;
--skip-clamsserver)
SKIP_CLAMSSERVER=true
shift
;;
--backup-btcpayserver)
BACKUP_BTCPAY=true
shift
;;
--stop)
STOP_SERVICES=true
RESTART_FRONT_END=false
shift
;;
--backup-archive-path=*)
BACKUP_BTCPAY_ARCHIVE_PATH="${i#*=}"
shift
@ -94,14 +90,6 @@ for i in "$@"; do
UPDATE_BTCPAY=true
shift
;;
--skip-www)
SKIP_WWW=true
shift
;;
--skip-btcpayserver)
SKIP_BTCPAY=true
shift
;;
--skip-base-image)
SKIP_BASE_IMAGE_CREATION=true
shift
@ -134,10 +122,7 @@ fi
. ./remote_env.sh
export REGISTRY_DOCKER_IMAGE="registry:2"
export RESTORE_WWW="$RESTORE_WWW"
export STOP_SERVICES="$STOP_SERVICES"
export BACKUP_CERTS="$BACKUP_CERTS"
export BACKUP_APPS="$BACKUP_APPS"
export RESTORE_BTCPAY="$RESTORE_BTCPAY"
export BACKUP_BTCPAY="$BACKUP_BTCPAY"
export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
@ -145,8 +130,8 @@ export REMOTE_NAME="$REMOTE_NAME"
export REMOTE_PATH="$REMOTES_PATH/$REMOTE_NAME"
export USER_SAYS_YES="$USER_SAYS_YES"
export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
export RESTART_FRONT_END="$RESTART_FRONT_END"
export RESTORE_CERTS="$RESTORE_CERTS"
export BACKUP_WWW_APPS="$BACKUP_WWW_APPS"
# todo convert this to Trezor-T
SSH_PUBKEY_PATH="$SSH_HOME/id_rsa.pub"
@ -171,7 +156,6 @@ function new_pass {
gpg --gen-random --armor 1 25
}
function stub_site_definition {
mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites"
@ -195,7 +179,7 @@ DOMAIN_NAME="${DOMAIN_NAME}"
SITE_LANGUAGE_CODES="en"
DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
DEPLOY_GHOST=true
DEPLOY_CLAMS=false
DEPLOY_NEXTCLOUD=false
DEPLOY_NOSTR=false
NOSTR_ACCOUNT_PUBKEY=
@ -207,6 +191,12 @@ NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
GITEA_MYSQL_PASSWORD="$(new_pass)"
GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
#GHOST_DEPLOY_SMTP=true
#MAILGUN_FROM_ADDRESS=false
#MAILGUN_SMTP_USERNAME=
#MAILGUN_SMTP_PASSWORD=
EOL
chmod 0744 "$SITE_DEFINITION_PATH"
@ -221,6 +211,10 @@ EOL
PROJECT_NAME="$(lxc info | grep "project:" | awk '{print $2}')"
export PROJECT_NAME="$PROJECT_NAME"
export PROJECT_PATH="$PROJECTS_PATH/$PROJECT_NAME"
export SKIP_BTCPAYSERVER="$SKIP_BTCPAYSERVER"
export SKIP_WWW="$SKIP_WWW"
export SKIP_CLAMSSERVER="$SKIP_CLAMSSERVER"
mkdir -p "$PROJECT_PATH" "$REMOTE_PATH/projects"
@ -246,10 +240,15 @@ WWW_SERVER_MAC_ADDRESS=
# WWW_SERVER_CPU_COUNT="6"
# WWW_SERVER_MEMORY_MB="4096"
BTCPAYSERVER_MAC_ADDRESS=
BTCPAY_SERVER_MAC_ADDRESS=
# BTCPAY_SERVER_CPU_COUNT="4"
# BTCPAY_SERVER_MEMORY_MB="4096"
CLAMS_SERVER_MAC_ADDRESS=
# CLAMS_SERVER_CPU_COUNT="4"
# CLAMS_SERVER_MEMORY_MB="4096"
EOL
chmod 0744 "$PROJECT_DEFINITION_PATH"
@ -267,30 +266,25 @@ if [ -z "$PRIMARY_DOMAIN" ]; then
fi
if [ -z "$WWW_SERVER_MAC_ADDRESS" ]; then
echo "ERROR: the WWW_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
exit 1
echo "WARNING: the WWW_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
fi
if [ -z "$BTCPAYSERVER_MAC_ADDRESS" ]; then
echo "ERROR: the BTCPAYSERVER_MAC_ADDRESS is not specified. Check your project.conf."
exit 1
if [ -z "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
echo "WARNING: the BTCPAY_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
fi
# the DOMAIN_LIST is a complete list of all our domains. We often iterate over this list.
DOMAIN_LIST="${PRIMARY_DOMAIN}"
if [ -n "$OTHER_SITES_LIST" ]; then
DOMAIN_LIST="${DOMAIN_LIST},${OTHER_SITES_LIST}"
if [ -z "$CLAMS_SERVER_MAC_ADDRESS" ]; then
echo "WARNING: the CLAMS_SERVER_MAC_ADDRESS is not specified. Check your project.conf."
fi
export DOMAIN_LIST="$DOMAIN_LIST"
export DOMAIN_COUNT=$(("$(echo "$DOMAIN_LIST" | tr -cd , | wc -c)"+1))
source ./domain_list.sh
# let's provision our primary domain first.
export DOMAIN_NAME="$PRIMARY_DOMAIN"
export PRIMARY_DOMAIN="$PRIMARY_DOMAIN"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
export PRIMARY_WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
stub_site_definition
@ -310,13 +304,17 @@ if ! lxc image list --format csv | grep -q "$DOCKER_BASE_IMAGE_NAME"; then
fi
fi
for VIRTUAL_MACHINE in www btcpayserver; do
for VIRTUAL_MACHINE in www btcpayserver clamsserver; do
if [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ "$SKIP_BTCPAY" = true ]; then
if [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ -z "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
continue
fi
if [ "$VIRTUAL_MACHINE" = www ] && [ "$SKIP_WWW" = true ]; then
if [ "$VIRTUAL_MACHINE" = clamsserver ] && [ -z "$CLAMS_SERVER_MAC_ADDRESS" ]; then
continue
fi
if [ "$VIRTUAL_MACHINE" = www ] && [ -z "$WWW_SERVER_MAC_ADDRESS" ]; then
continue
fi
@ -365,20 +363,20 @@ for VIRTUAL_MACHINE in www btcpayserver; do
export VPS_HOSTNAME="$VPS_HOSTNAME"
export FQDN="$VPS_HOSTNAME.$DOMAIN_NAME"
if [ "$VIRTUAL_MACHINE" = www ]; then
if [ "$SKIP_WWW" = true ]; then
echo "INFO: Skipping WWW due to command line argument."
continue
fi
if [ "$VIRTUAL_MACHINE" = www ] && [ -n "$WWW_SERVER_MAC_ADDRESS" ]; then
FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$WWW_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS"
elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then
FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$BTCPAY_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS"
elif [ "$VIRTUAL_MACHINE" = btcpayserver ] && [ -n "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
FQDN="$BTCPAY_SERVER_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$BTCPAY_SERVER_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$BTCPAY_SERVER_MAC_ADDRESS"
elif [ "$VIRTUAL_MACHINE" = clamsserver ] && [ -n "$CLAMS_SERVER_MAC_ADDRESS" ]; then
FQDN="$CLAMS_SERVER_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$CLAMS_SERVER_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$CLAMS_SERVER_MAC_ADDRESS"
elif [ "$VIRTUAL_MACHINE" = "$BASE_IMAGE_VM_NAME" ]; then
export FQDN="$BASE_IMAGE_VM_NAME"
@ -394,16 +392,6 @@ for VIRTUAL_MACHINE in www btcpayserver; do
./deploy_vm.sh
if [ "$VIRTUAL_MACHINE" = www ]; then
# this tells our local docker client to target the remote endpoint via SSH
export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
# enable docker swarm mode so we can support docker stacks.
if docker info | grep -q "Swarm: inactive"; then
docker swarm init --advertise-addr enp6s0
fi
fi
done
# let's stub out the rest of our site definitions, if any.
@ -415,14 +403,52 @@ for DOMAIN_NAME in ${OTHER_SITES_LIST//,/ }; do
stub_site_definition
done
# now let's run the www and btcpay-specific provisioning scripts.
if [ "$SKIP_WWW" = false ]; then
./project/www/go.sh
if [ "$SKIP_BTCPAYSERVER" = false ]; then
if [ -n "$BTCPAY_SERVER_MAC_ADDRESS" ]; then
export DOCKER_HOST="ssh://ubuntu@$BTCPAY_SERVER_FQDN"
./project/btcpayserver/go.sh
fi
fi
export DOMAIN_NAME="$PRIMARY_DOMAIN"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
if [ "$SKIP_BTCPAY" = false ]; then
./project/btcpayserver/go.sh
fi
if [ "$SKIP_WWW" = false ]; then
# now let's run the www and btcpay-specific provisioning scripts.
if [ -n "$WWW_SERVER_MAC_ADDRESS" ]; then
export DOCKER_HOST="ssh://ubuntu@$WWW_FQDN"
# enable docker swarm mode so we can support docker stacks.
if docker info | grep -q "Swarm: inactive"; then
docker swarm init --advertise-addr enp6s0
fi
./project/www/go.sh
fi
fi
# don't run clams stuff if user specifies --skip-btcpayserver
if [ "$SKIP_CLAMSSERVER" = false ]; then
# now let's run the www and btcpay-specific provisioning scripts.
if [ -n "$CLAMS_SERVER_MAC_ADDRESS" ]; then
export DOCKER_HOST="ssh://ubuntu@$CLAMS_SERVER_FQDN"
# enable docker swarm mode so we can support docker stacks.
if docker info | grep -q "Swarm: inactive"; then
docker swarm init
fi
# set the active env to our CLAMS_FQDN
cat >./project/clams-server/active_env.txt <<EOL
${CLAMS_SERVER_FQDN}
EOL
# and we have to set our environment file as well.
cat > ./project/clams-server/environments/"$CLAMS_SERVER_FQDN" <<EOL
DOCKER_HOST=ssh://ubuntu@${CLAMS_SERVER_FQDN}
DOMAIN_NAME=${PRIMARY_DOMAIN}
ENABLE_TLS=true
BTC_CHAIN=${BITCOIN_CHAIN}
CLN_COUNT=1
EOL
bash -c "./project/clams-server/up.sh -y"
fi
fi

View File

@ -5,18 +5,6 @@ cd "$(dirname "$0")"
. ./target.sh
# # As part of the install script, we pull down any other sovereign-stack git repos
# PROJECTS_SCRIPTS_REPO_URL="https://git.sovereign-stack.org/ss/project"
# PROJECTS_SCRIPTS_PATH="$(pwd)/deployment/project"
# if [ ! -d "$PROJECTS_SCRIPTS_PATH" ]; then
# git clone "$PROJECTS_SCRIPTS_REPO_URL" "$PROJECTS_SCRIPTS_PATH"
# else
# cd "$PROJECTS_SCRIPTS_PATH" || exit 1
# git -c advice.detachedHead=false pull origin main
# git checkout "$TARGET_PROJECT_GIT_COMMIT"
# cd - || exit 1
# fi
# check if there are any uncommited changes. It's dangerous to
# alter production systems when you have commits to make or changes to stash.
if git update-index --refresh | grep -q "needs update"; then

View File

@ -11,15 +11,43 @@ if [ "$(hostname)" = ss-mgmt ]; then
exit 1
fi
# the DISK variable here tells us which disk (partition) the admin wants to use for
# lxd resources. By default, we provision the disk under / as a loop device. Admin
# can override with CLI modifications.
DISK="rpool/lxd"
DISK_OR_PARTITION=
DISK=loop
# grab any modifications from the command line.
for i in "$@"; do
case $i in
--disk-or-partition=*)
DISK_OR_PARTITION="${i#*=}"
shift
;;
*)
echo "Unexpected option: $1"
exit 1
;;
esac
done
# ensure the iptables forward policy is set to ACCEPT so your host can act as a router
# Note this is necessary if docker is running (or has been previuosly installed) on the
# same host running LXD.
sudo iptables -F FORWARD
sudo iptables -P FORWARD ACCEPT
# if the user didn't specify the disk or partition, we create a loop device under
# the user's home directory. If the user does specify a disk or partition, we will
# create the ZFS pool there.
if [ -z "$DISK_OR_PARTITION" ]; then
DISK="$DISK_OR_PARTITION"
fi
export DISK="$DISK"
# install lxd snap and initialize it
if ! snap list | grep -q lxd; then
sudo snap install lxd --channel=latest/candidate
sudo snap install lxd --channel=5.16/stable
sleep 5
# run lxd init
@ -219,17 +247,3 @@ fi
if [ "$ADDED_COMMAND" = true ]; then
echo "NOTICE! You need to run 'source ~/.bashrc' before continuing. After that, type 'ss-manage' to enter your management environment."
fi
. ./deployment/target.sh
# As part of the install script, we pull down any other sovereign-stack git repos
PROJECTS_SCRIPTS_REPO_URL="https://git.sovereign-stack.org/ss/project"
PROJECTS_SCRIPTS_PATH="$(pwd)/deployment/project"
if [ ! -d "$PROJECTS_SCRIPTS_PATH" ]; then
git clone "$PROJECTS_SCRIPTS_REPO_URL" "$PROJECTS_SCRIPTS_PATH"
else
cd "$PROJECTS_SCRIPTS_PATH"
git -c advice.detachedHead=false pull origin main
git checkout "$TARGET_PROJECT_GIT_COMMIT"
cd -
fi

View File

@ -2,7 +2,7 @@
# https://www.sovereign-stack.org/ss-manage/
set -exu
set -eu
cd "$(dirname "$0")"
# check to ensure dependencies are met.

View File

@ -6,6 +6,8 @@ alias ss-show='/home/ubuntu/sovereign-stack/deployment/show.sh $@'
alias ss-reset='/home/ubuntu/sovereign-stack/deployment/reset.sh $@'
alias ss-update='/home/ubuntu/sovereign-stack/deployment/update.sh $@'
alias ss-down='/home/ubuntu/sovereign-stack/deployment/down.sh $@'
alias ss-stop='/home/ubuntu/sovereign-stack/deployment/stop.sh $@'
alias ss-start='/home/ubuntu/sovereign-stack/deployment/start.sh $@'
alias ss-help='cat /home/ubuntu/sovereign-stack/deployment/help.txt'
alias ll='ls -lah'

View File

@ -5,7 +5,7 @@ cd "$(dirname "$0")"
# NOTE! This script MUST be executed as root.
sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg lsb-release
sudo apt-get install -y ca-certificates curl gnupg lsb-release jq bc
sudo mkdir -m 0755 -p /etc/apt/keyrings
@ -35,7 +35,7 @@ sleep 10
# install snap
if ! snap list | grep -q lxd; then
sudo snap install htop
sudo snap install lxd --channel=latest/candidate
sudo snap install lxd --channel=5.16/stable
sleep 6
# We just do an auto initialization. All we are using is the LXD client inside the management environment.