From 6b6af477cb7296279d317cf584a0020e0201156d Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Tue, 28 May 2019 02:14:05 -0300 Subject: Split scripts into CI and VPS box --- bash_aliases.sh | 3 --- ci-setup.sh | 21 --------------------- deploy.sh | 2 +- provision.sh | 34 ---------------------------------- run-backup-template.sh | 11 ----------- scripts/box/bash-aliases.sh | 3 +++ scripts/box/run-backup-template.sh | 11 +++++++++++ scripts/ci/provision.sh | 35 +++++++++++++++++++++++++++++++++++ scripts/ci/setup.sh | 22 ++++++++++++++++++++++ 9 files changed, 72 insertions(+), 70 deletions(-) delete mode 100644 bash_aliases.sh delete mode 100755 ci-setup.sh delete mode 100755 provision.sh delete mode 100755 run-backup-template.sh create mode 100755 scripts/box/bash-aliases.sh create mode 100755 scripts/box/run-backup-template.sh create mode 100755 scripts/ci/provision.sh create mode 100755 scripts/ci/setup.sh diff --git a/bash_aliases.sh b/bash_aliases.sh deleted file mode 100644 index 4ef035d..0000000 --- a/bash_aliases.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -alias l="ls -lahp --color" diff --git a/ci-setup.sh b/ci-setup.sh deleted file mode 100755 index 4c38993..0000000 --- a/ci-setup.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -# shellcheck shell=bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" - -echo "Unlocking git-crypt repos..." -git crypt unlock -# Assumes vps-state was already cloned -pushd ../vps-state/ -git crypt unlock -popd -echo "Done." - -# git smudge after git-crypt clears file permissions -chmod 600 ./secrets/vps_box -chmod 600 ./secrets/borg_remote -cat .envrc >> ~/.buildenv - -source .envrc -envsubst < ./ssh.conf >> ~/.ssh/config diff --git a/deploy.sh b/deploy.sh index 5a37541..9172803 100755 --- a/deploy.sh +++ b/deploy.sh @@ -31,7 +31,7 @@ echo "Done." echo "Copy over files..." ssh "$TLD" mkdir -p /home/vps/ ssh "$TLD" 'grep /home/vps/ /root/.profile || echo "cd /home/vps/" >> /root/.profile' -scp bash_aliases.sh "$TLD":/root/.bash_aliases +scp ./scripts/box/bash-aliases.sh "$TLD":/root/.bash_aliases envsubst < docker-compose.yaml | ssh "$TLD" 'cat > /home/vps/docker-compose.yaml' echo "Done." diff --git a/provision.sh b/provision.sh deleted file mode 100755 index a4b077b..0000000 --- a/provision.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -# shellcheck shell=bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" - -echo "Shutting down running containers and backing up data..." -ssh "$TLD" "cd /home/vps/ && docker-compose down" -scp ./secrets/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub -scp ./secrets/borg_remote "$TLD":/root/.ssh/id_rsa -VPS_COMMIT_SHA="$(git rev-parse HEAD)" envsubst < run-backup-template.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh' -ssh "$TLD" /home/vps/run-backup.sh -echo "Done." - -echo "Running 'terraform apply'..." -terraform --version -terraform init -terraform apply -echo "Done." - -echo "Storing .tfstate file" -pushd ../vps-state/ -git add secrets/terraform.tfstate secrets/terraform.tfstate.backup -git commit -m "CI: update Terraform .tfstate files" -git push origin master -popd -echo "Done." - -echo "Locking git-crypt repositories back..." -git crypt lock -pushd ../vps-state/ -git crypt lock -popd -echo "Done." diff --git a/run-backup-template.sh b/run-backup-template.sh deleted file mode 100755 index 34184b9..0000000 --- a/run-backup-template.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}" -export BORG_PASSPHRASE="${BORG_PASSPHRASE}" -borg create \ - --verbose \ - --stats \ - --progress \ - --compression lzma,6 \ - "${BORG_REPO}::{hostname}-{now}-${VPS_COMMIT_SHA}" \ - "${VOLUME_HOME}" diff --git a/scripts/box/bash-aliases.sh b/scripts/box/bash-aliases.sh new file mode 100755 index 0000000..4ef035d --- /dev/null +++ b/scripts/box/bash-aliases.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +alias l="ls -lahp --color" diff --git a/scripts/box/run-backup-template.sh b/scripts/box/run-backup-template.sh new file mode 100755 index 0000000..34184b9 --- /dev/null +++ b/scripts/box/run-backup-template.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}" +export BORG_PASSPHRASE="${BORG_PASSPHRASE}" +borg create \ + --verbose \ + --stats \ + --progress \ + --compression lzma,6 \ + "${BORG_REPO}::{hostname}-{now}-${VPS_COMMIT_SHA}" \ + "${VOLUME_HOME}" diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh new file mode 100755 index 0000000..9572ea7 --- /dev/null +++ b/scripts/ci/provision.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash +# shellcheck shell=bash +set -Eeuo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" +cd ../../ + +echo "Shutting down running containers and backing up data..." +ssh "$TLD" "cd /home/vps/ && docker-compose down" +scp ./secrets/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub +scp ./secrets/borg_remote "$TLD":/root/.ssh/id_rsa +VPS_COMMIT_SHA="$(git rev-parse HEAD)" envsubst < ./scripts/box/run-backup-template.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh' +ssh "$TLD" /home/vps/run-backup.sh +echo "Done." + +echo "Running 'terraform apply'..." +terraform --version +terraform init +terraform apply +echo "Done." + +echo "Storing .tfstate file" +pushd ../vps-state/ +git add secrets/terraform.tfstate secrets/terraform.tfstate.backup +git commit -m "CI: update Terraform .tfstate files" +git push origin master +popd +echo "Done." + +echo "Locking git-crypt repositories back..." +git crypt lock +pushd ../vps-state/ +git crypt lock +popd +echo "Done." diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh new file mode 100755 index 0000000..b6ab06f --- /dev/null +++ b/scripts/ci/setup.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash +# shellcheck shell=bash +set -Eeuo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" +cd ../../ + +echo "Unlocking git-crypt repos..." +git crypt unlock +# Assumes vps-state was already cloned +pushd ../vps-state/ +git crypt unlock +popd +echo "Done." + +# git smudge after git-crypt clears file permissions +chmod 600 ./secrets/vps_box +chmod 600 ./secrets/borg_remote +cat .envrc >> ~/.buildenv + +source .envrc +envsubst < ./ssh.conf >> ~/.ssh/config -- cgit v1.2.3