diff options
author | EuAndreh <eu@euandre.org> | 2020-08-10 12:15:49 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2020-08-10 12:45:43 -0300 |
commit | 100ab568e3aeb512e86fd1155a73454d22e24895 (patch) | |
tree | 1d7ff9168b8cfc60e173f2a19f30938bc68d0f6e /scripts | |
parent | WIP: Move to Vultr and NixOS (diff) | |
download | toph-100ab568e3aeb512e86fd1155a73454d22e24895.tar.gz toph-100ab568e3aeb512e86fd1155a73454d22e24895.tar.xz |
Migration: Remove Ansible and Docker code, move only to NixOS
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/box/bash-profile.sh | 5 | ||||
-rwxr-xr-x | scripts/box/create-backup.env.sh | 14 | ||||
-rwxr-xr-x | scripts/box/restore-backup.env.sh | 21 | ||||
-rwxr-xr-x | scripts/box/user-data.env.sh | 11 | ||||
-rwxr-xr-x | scripts/ci/deploy.sh | 105 | ||||
-rwxr-xr-x | scripts/ci/mail.sh | 51 | ||||
-rwxr-xr-x | scripts/ci/setup.sh | 26 | ||||
-rwxr-xr-x | scripts/local/rotate-ssh-keys.sh | 11 |
8 files changed, 0 insertions, 244 deletions
diff --git a/scripts/box/bash-profile.sh b/scripts/box/bash-profile.sh deleted file mode 100755 index c024dbd..0000000 --- a/scripts/box/bash-profile.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC2164 - -alias l="ls -lahp --color" -cd /home/vps/ diff --git a/scripts/box/create-backup.env.sh b/scripts/box/create-backup.env.sh deleted file mode 100755 index f5cd3b0..0000000 --- a/scripts/box/create-backup.env.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}" -export BORG_PASSPHRASE="${BORG_PASSPHRASE}" -# The configured $BORG_REPO is already the rsync remote. -# No need to send the files after the backup is done. -borg create \ - --verbose \ - --stats \ - --progress \ - --compression lzma,6 \ - "${BORG_REPO}::{hostname}-{now}-${VPS_COMMIT_SHA}" \ - "${VOLUME_HOME}"/* diff --git a/scripts/box/restore-backup.env.sh b/scripts/box/restore-backup.env.sh deleted file mode 100755 index 151ded5..0000000 --- a/scripts/box/restore-backup.env.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}" -export BORG_PASSPHRASE="${BORG_PASSPHRASE}" - -pushd "$(mktemp -d)" || exit 1 - -# It is actually being used below using the DOLLAR interpolation -# shellcheck disable=SC2034 -ARCHIVE="$(borg list "${BORG_REPO}" --last 1 --short)" - -echo "Extracting archive ${DOLLAR}{ARCHIVE}" -borg extract \ - --verbose \ - --progress \ - "${BORG_REPO}::${DOLLAR}{ARCHIVE}" -echo "Done." - -mv home/vps/volumes/* /home/vps/volumes/ -popd || exit 1 diff --git a/scripts/box/user-data.env.sh b/scripts/box/user-data.env.sh deleted file mode 100755 index f9da5d7..0000000 --- a/scripts/box/user-data.env.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC2016 - -echo '$SSH_SERVER_PRIVATE_KEY' > /etc/ssh/vps-box-server -chmod 400 /etc/ssh/vps-box-server -echo '$SSH_SERVER_PUBLIC_KEY' > /etc/ssh/vps-box-server.pub -echo 'HostKey /etc/ssh/vps-box-server' >> /etc/ssh/sshd_config -echo 'Port $SSH_PORT' >> /etc/ssh/sshd_config -systemctl restart sshd - -# SSH logs on /var/log/auth.log diff --git a/scripts/ci/deploy.sh b/scripts/ci/deploy.sh deleted file mode 100755 index 9be5758..0000000 --- a/scripts/ci/deploy.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash ../../shell.nix -# shellcheck shell=bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ -PROJECT_ROOT="${PWD}" - -finish-phase() { - local -r exit_code="${?}" - - cd "${PROJECT_ROOT}" - - if [[ "${exit_code}" = 0 ]]; then - echo "Finished successfully." - else - echo "TRAPPED ERROR!" - fi - echo "Running final steps..." - - echo "Sending logs via email..." - ./scripts/ci/mail.sh "${exit_code}" - echo "Done." - - echo "Storing file changes to '.tfstate' files..." - pushd ../vps-state/ - git add . - git commit -m "CI: fallback add all after deploy.sh failure for CI run $VPS_COMMIT_SHA" ||: - git push origin master - popd - echo "Done." - - echo "Locking git-crypt repositories back..." - git crypt lock - pushd ../vps-state/ - git crypt lock - popd - echo "Done." - - echo "Finished cleanup." -} -trap finish-phase EXIT - -create-known-hosts-file() { - echo "${TLD},$(terraform output public_floating_ip) ssh-rsa $(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" > ./generated/generated-known-hosts.txt -} - -echo "Interpolating files with envsubst..." -envsubst < ./ssh.env.conf >> ~/.ssh/config -envsubst < ./hosts.env > ./generated/hosts -envsubst < ./docker-compose.env.yaml > ./generated/docker-compose.yaml -envsubst < ./provision.env.yaml > ./generated/provision.yaml -envsubst < ./scripts/box/user-data.env.sh > ./generated/user-data.sh -envsubst < ./scripts/box/create-backup.env.sh > ./generated/create-backup.sh -envsubst < ./scripts/box/restore-backup.env.sh > ./generated/restore-backup.sh -echo "Done." - -echo "Running the Ansible shutdown.yaml playbook..." -create-known-hosts-file -ansible-playbook -v shutdown.yaml > ./logs/ansible-shutdown.txt -echo "Done." - -echo "Initializing Terraform..." -terraform --version -terraform init -echo "Done." - -if [[ "${DESTROY_VPS:-}" != "" ]]; then - echo "Destroying existing infrastructure..." - terraform destroy -input=false -auto-approve > ./logs/terraform-destroy.txt 2>&1 -else - echo 'Refreshing view on existing infrastructure...' - terraform refresh > ./logs/terraform-refresh.txt 2>&1 -fi -echo "Done." - -echo "Running 'terraform plan' and storing the planfile..." -mkdir -p "../vps-state/secrets/plan-files/" -PLAN_FILE_NAME="$(date -Iseconds)-${VPS_COMMIT_SHA}.tfplan" -PLAN_FILE_PATH="../vps-state/secrets/plan-files/${PLAN_FILE_NAME}" -terraform plan -input=false -out="${PLAN_FILE_PATH}" > ./logs/terraform-plan.txt 2>&1 -pushd ../vps-state/ -git add "secrets/plan-files/${PLAN_FILE_NAME}" -git commit -m "CI: add .tfplan plan file for CI run ${VPS_COMMIT_SHA}" -git push origin master -popd -echo "Done." - -echo "Running 'terraform apply'..." -terraform apply -input=false -auto-approve "${PLAN_FILE_PATH}" > ./logs/terraform-apply.txt 2>&1 -echo "Done." - -echo "Storing .tfstate file..." -pushd ../vps-state/ -git add secrets/terraform.tfstate secrets/terraform.tfstate.backup -git commit -m "CI: update Terraform .tfstate files for CI run ${VPS_COMMIT_SHA}" --allow-empty -git push origin master -popd -echo "Done." - -echo "Running the Ansible provision.yaml playbook..." -create-known-hosts-file -cp ./generated/provision.yaml ./provision.yaml -ansible-playbook -v provision.yaml > ./logs/ansible-provision.txt -echo "Done." diff --git a/scripts/ci/mail.sh b/scripts/ci/mail.sh deleted file mode 100755 index 9caebd4..0000000 --- a/scripts/ci/mail.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ - -EXIT_CODE="${1:-}" - -[[ -z "${EXIT_CODE}" ]] && { - # shellcheck disable=SC2016 - echo 'Error: missing $EXIT positional argument.' - exit 2 -} - -if [[ "${EXIT_CODE}" = 0 ]]; then - SUBJECT_SUFFIX=' (successful build)' -else - SUBJECT_SUFFIX=' (FAILED BUILD)' -fi - -SUBJECT="VPS CI run #${JOB_ID} logs${SUBJECT_SUFFIX}" -ATTACHMENT_PATH='logs.txt' -BODY=$(cat <<EOF -CI run for commit ${VPS_COMMIT_SHA}. -See run: -https://builds.sr.ht/~euandreh/job/${JOB_ID} - -Logs are attached. - -EOF -) - -tail -n +1 ./logs/*.txt > "${ATTACHMENT_PATH}" - -[[ "${USER}" = "build" ]] || { - echo "Not running on CI." - echo "Early exit on sending email logs." - exit -} - -gpg --always-trust \ - -r "${GPG_TO}" \ - -e "${ATTACHMENT_PATH}" - -curl "${MAILGUN_URL}" \ - -s \ - --user "${MAILGUN_USER}" \ - -F from="${MAILGUN_FROM}" \ - -F to="${MAILGUN_TO}" \ - -F subject="${SUBJECT}" \ - -F text="${BODY}" \ - -F attachment="@${ATTACHMENT_PATH}.gpg" diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh deleted file mode 100755 index d876df7..0000000 --- a/scripts/ci/setup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash ../../shell.nix -# shellcheck shell=bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ - -echo "Unlocking git-crypt repos..." -git crypt unlock -# Assumes vps-state was already cloned -pushd ../vps-state/ -git crypt unlock -git remote set-url origin git@git.sr.ht:~euandreh/vps-state -popd -# git smudge after git-crypt clears file permissions -chmod 400 ./secrets/ssh/vps-box-client -echo "Done." - -echo "cd ./vps/ && source .envrc && cd ../" >> ~/.buildenv - -source .envrc - -git config --global user.email "${GIT_CI_USER}" -git config --global user.name "sr.ht CI" - -curl https://euandre.org/public-key.txt | gpg --import diff --git a/scripts/local/rotate-ssh-keys.sh b/scripts/local/rotate-ssh-keys.sh deleted file mode 100755 index 323d27c..0000000 --- a/scripts/local/rotate-ssh-keys.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" -cd ../../ - -rm -f ./secrets/ssh/* -ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-client -C "${SSH_EMAIL}" -ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-server -C "${SSH_EMAIL}" - -git add ./secrets/ssh/ -git commit -m "Script: rotate SSH keys" |