diff options
| author | EuAndreh <eu@euandre.org> | 2019-05-28 02:14:05 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2019-05-28 02:20:00 -0300 |
| commit | 6b6af477cb7296279d317cf584a0020e0201156d (patch) | |
| tree | cc016501a7bfd2324e97c4437537eb261a296b2a /scripts | |
| parent | Remove git rev-parse from .envrc (diff) | |
| download | server-6b6af477cb7296279d317cf584a0020e0201156d.tar.gz server-6b6af477cb7296279d317cf584a0020e0201156d.tar.xz | |
Split scripts into CI and VPS box
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/box/bash-aliases.sh | 3 | ||||
| -rwxr-xr-x | scripts/box/run-backup-template.sh | 11 | ||||
| -rwxr-xr-x | scripts/ci/provision.sh | 35 | ||||
| -rwxr-xr-x | scripts/ci/setup.sh | 22 |
4 files changed, 71 insertions, 0 deletions
diff --git a/scripts/box/bash-aliases.sh b/scripts/box/bash-aliases.sh new file mode 100755 index 0000000..4ef035d --- /dev/null +++ b/scripts/box/bash-aliases.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +alias l="ls -lahp --color" diff --git a/scripts/box/run-backup-template.sh b/scripts/box/run-backup-template.sh new file mode 100755 index 0000000..34184b9 --- /dev/null +++ b/scripts/box/run-backup-template.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}" +export BORG_PASSPHRASE="${BORG_PASSPHRASE}" +borg create \ + --verbose \ + --stats \ + --progress \ + --compression lzma,6 \ + "${BORG_REPO}::{hostname}-{now}-${VPS_COMMIT_SHA}" \ + "${VOLUME_HOME}" diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh new file mode 100755 index 0000000..9572ea7 --- /dev/null +++ b/scripts/ci/provision.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash +# shellcheck shell=bash +set -Eeuo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" +cd ../../ + +echo "Shutting down running containers and backing up data..." +ssh "$TLD" "cd /home/vps/ && docker-compose down" +scp ./secrets/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub +scp ./secrets/borg_remote "$TLD":/root/.ssh/id_rsa +VPS_COMMIT_SHA="$(git rev-parse HEAD)" envsubst < ./scripts/box/run-backup-template.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh' +ssh "$TLD" /home/vps/run-backup.sh +echo "Done." + +echo "Running 'terraform apply'..." +terraform --version +terraform init +terraform apply +echo "Done." + +echo "Storing .tfstate file" +pushd ../vps-state/ +git add secrets/terraform.tfstate secrets/terraform.tfstate.backup +git commit -m "CI: update Terraform .tfstate files" +git push origin master +popd +echo "Done." + +echo "Locking git-crypt repositories back..." +git crypt lock +pushd ../vps-state/ +git crypt lock +popd +echo "Done." diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh new file mode 100755 index 0000000..b6ab06f --- /dev/null +++ b/scripts/ci/setup.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash +# shellcheck shell=bash +set -Eeuo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" +cd ../../ + +echo "Unlocking git-crypt repos..." +git crypt unlock +# Assumes vps-state was already cloned +pushd ../vps-state/ +git crypt unlock +popd +echo "Done." + +# git smudge after git-crypt clears file permissions +chmod 600 ./secrets/vps_box +chmod 600 ./secrets/borg_remote +cat .envrc >> ~/.buildenv + +source .envrc +envsubst < ./ssh.conf >> ~/.ssh/config |