#!/bin/bash set -exu cd "$(dirname "$0")" LATEST_GIT_COMMIT="$(cat ./project/.git/refs/heads/main)" export LATEST_GIT_COMMIT="$LATEST_GIT_COMMIT" # check to ensure dependencies are met. for cmd in wait-for-it dig rsync sshfs lxc; do if ! command -v "$cmd" >/dev/null 2>&1; then echo "This script requires \"${cmd}\" to be installed. Please run 'install.sh'." exit 1 fi done # do a spot check; if we are on production warn. if lxc remote get-default | grep -q "production"; then echo "WARNING: You are running command against a production system!" echo "" # check if there are any uncommited changes. It's dangerous to # alter production systems when you have commits to make or changes to stash. if git update-index --refresh | grep -q "needs update"; then echo "ERROR: You have uncommited changes! You MUST commit or stash all changes to continue." exit 1 fi RESPONSE= read -r -p " Are you sure you want to continue (y) ": RESPONSE if [ "$RESPONSE" != "y" ]; then echo "STOPPING." exit 1 fi fi PRIMARY_DOMAIN= RUN_CERT_RENEWAL=true SKIP_WWW=false RESTORE_WWW=false RESTORE_CERTS=false BACKUP_CERTS=false BACKUP_BTCPAY=false BACKUP_CERTS=false BACKUP_APPS=false BACKUP_BTCPAY=false BACKUP_BTCPAY_ARCHIVE_PATH= RESTORE_BTCPAY=false SKIP_BTCPAY=false UPDATE_BTCPAY=false REMOTE_NAME="$(lxc remote get-default)" STOP_SERVICES=false USER_SAYS_YES=false RESTART_FRONT_END=true # grab any modifications from the command line. for i in "$@"; do case $i in --restore-certs) RESTORE_CERTS=true shift ;; --restore-www) RESTORE_WWW=true RESTORE_CERTS=true shift ;; --restore-btcpay) RESTORE_BTCPAY=true shift ;; --backup-www) BACKUP_CERTS=true BACKUP_APPS=true shift ;; --backup-btcpayserver) BACKUP_BTCPAY=true shift ;; --stop) STOP_SERVICES=true RESTART_FRONT_END=false shift ;; --backup-archive-path=*) BACKUP_BTCPAY_ARCHIVE_PATH="${i#*=}" shift ;; --update-btcpay) UPDATE_BTCPAY=true shift ;; --skip-www) SKIP_WWW=true shift ;; --skip-btcpayserver) SKIP_BTCPAY=true shift ;; --no-cert-renew) RUN_CERT_RENEWAL=false shift ;; -y) USER_SAYS_YES=true shift ;; *) echo "Unexpected option: $1" exit 1 ;; esac done if [ "$RESTORE_BTCPAY" = true ] && [ -z "$BACKUP_BTCPAY_ARCHIVE_PATH" ]; then echo "ERROR: Use the '--backup-archive-path=/path/to/btcpay/archive.tar.gz' option when restoring btcpay server." exit 1 fi if [ "$RESTORE_BTCPAY" = true ] && [ ! -f "$BACKUP_BTCPAY_ARCHIVE_PATH" ]; then echo "ERROR: The backup archive path you specified DOES NOT exist!" exit 1 fi . ./remote_env.sh export REGISTRY_DOCKER_IMAGE="registry:2" export RESTORE_WWW="$RESTORE_WWW" export STOP_SERVICES="$STOP_SERVICES" export BACKUP_CERTS="$BACKUP_CERTS" export BACKUP_APPS="$BACKUP_APPS" export RESTORE_BTCPAY="$RESTORE_BTCPAY" export BACKUP_BTCPAY="$BACKUP_BTCPAY" export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL" export REMOTE_NAME="$REMOTE_NAME" export REMOTE_PATH="$REMOTES_PATH/$REMOTE_NAME" export USER_SAYS_YES="$USER_SAYS_YES" export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH" export RESTART_FRONT_END="$RESTART_FRONT_END" export RESTORE_CERTS="$RESTORE_CERTS" # todo convert this to Trezor-T SSH_PUBKEY_PATH="$SSH_HOME/id_rsa.pub" export SSH_PUBKEY_PATH="$SSH_PUBKEY_PATH" if [ ! -f "$SSH_PUBKEY_PATH" ]; then # generate a new SSH key for the base vm image. ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N "" fi # ensure our remote path is created. mkdir -p "$REMOTE_PATH" REMOTE_DEFINITION="$REMOTE_PATH/remote.conf" if [ ! -f "$REMOTE_DEFINITION" ]; then echo "ERROR: The remote definition could not be found. You may need to re-run 'ss-remote'." exit 1 fi export REMOTE_DEFINITION="$REMOTE_DEFINITION" source "$REMOTE_DEFINITION" export LXD_REMOTE_PASSWORD="$LXD_REMOTE_PASSWORD" export DEPLOYMENT_STRING="$DEPLOYMENT_STRING" # this is our password generation mechanism. Relying on GPG for secure password generation function new_pass { gpg --gen-random --armor 1 25 } function stub_site_definition { mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites" # create a symlink from the PROJECT_PATH/sites/DOMAIN_NAME to the ss-sites/domain name DOMAIN_SYMLINK_PATH="$PROJECT_PATH/sites/$DOMAIN_NAME" if [ ! -L "$DOMAIN_SYMLINK_PATH" ]; then ln -r -s "$SITE_PATH" "$DOMAIN_SYMLINK_PATH" fi if [ ! -f "$SITE_PATH/site.conf" ]; then # check to see if the enf file exists. exist if not. SITE_DEFINITION_PATH="$SITE_PATH/site.conf" if [ ! -f "$SITE_DEFINITION_PATH" ]; then # stub out a site.conf with new passwords. cat >"$SITE_DEFINITION_PATH" <"$PROJECT_DEFINITION_PATH" < /home/ubuntu/.ss-githead" else echo "INFO: Skipping www VM." fi export DOMAIN_NAME="$PRIMARY_DOMAIN" export SITE_PATH="$SITES_PATH/$DOMAIN_NAME" if [ "$SKIP_BTCPAY" = false ]; then ./project/btcpayserver/go.sh ssh ubuntu@"$BTCPAY_FQDN" "echo $LATEST_GIT_COMMIT > /home/ubuntu/.ss-githead" else echo "INFO: Skipping the btcpayserver VM." fi