diff options
| -rw-r--r-- | .gitignore | 5 | ||||
| -rw-r--r-- | TODOs.org | 2 | ||||
| -rw-r--r-- | logs/.gitignore | 3 | ||||
| -rw-r--r-- | logs/placeholder.txt | 1 | ||||
| -rwxr-xr-x | scripts/box/create-backup.env.sh | 2 | ||||
| -rwxr-xr-x | scripts/ci/mail.sh | 33 | ||||
| -rwxr-xr-x | scripts/ci/provision.sh | 11 | ||||
| -rw-r--r-- | secrets/envrc.sh | bin | 2397 -> 2738 bytes |
8 files changed, 54 insertions, 3 deletions
@@ -12,4 +12,7 @@ /user-data.sh /scripts/box/create-backup.sh /scripts/box/restore-backup.sh -/generated-known-hosts.txt
\ No newline at end of file +/generated-known-hosts.txt + +# Logs +/ansible-logs.txt
\ No newline at end of file @@ -312,6 +312,8 @@ Raspberry Pi vs VPS Imagine 2 Raspberry Pis, doing immutable blue/green deployments on it, with a large local of a few TBs! ** README with setup instructions +** Improve rotation of SSH port +Remove need for manual intervention * Resources ** [[https://github.com/mail-in-a-box/mailinabox][Mail-in-a-Box]] ** [[https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/][NSA-proof your e-mail in 2 hours]] diff --git a/logs/.gitignore b/logs/.gitignore new file mode 100644 index 0000000..af144f4 --- /dev/null +++ b/logs/.gitignore @@ -0,0 +1,3 @@ +* +!.gitignore +!placeholder.txt diff --git a/logs/placeholder.txt b/logs/placeholder.txt new file mode 100644 index 0000000..e126580 --- /dev/null +++ b/logs/placeholder.txt @@ -0,0 +1 @@ +Placeholder log file so =cat logs/*= won't fail after being trapped. diff --git a/scripts/box/create-backup.env.sh b/scripts/box/create-backup.env.sh index 2c97594..f5cd3b0 100755 --- a/scripts/box/create-backup.env.sh +++ b/scripts/box/create-backup.env.sh @@ -6,7 +6,9 @@ export BORG_PASSPHRASE="${BORG_PASSPHRASE}" # The configured $BORG_REPO is already the rsync remote. # No need to send the files after the backup is done. borg create \ + --verbose \ --stats \ + --progress \ --compression lzma,6 \ "${BORG_REPO}::{hostname}-{now}-${VPS_COMMIT_SHA}" \ "${VOLUME_HOME}"/* diff --git a/scripts/ci/mail.sh b/scripts/ci/mail.sh new file mode 100755 index 0000000..d15c5db --- /dev/null +++ b/scripts/ci/mail.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -Eeuo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" +cd ../../ + +VPS_COMMIT_SHA="${1:-}" +[[ -z "${VPS_COMMIT_SHA}" ]] && { + echo 'Error: missing $VPS_COMMIT_SHA positional argument.' + exit 2 +} + +SUBJECT="VPS CI run #${JOB_ID} logs" +ATTACHMENT_PATH='logs.txt' +BODY=$(cat <<EOF +CI run for commit ${VPS_COMMIT_SHA}. +See failed run: +https://builds.sr.ht/~euandreh/job/${JOB_ID} + +Logs are attached. + +EOF +) + +cat ./logs/*.txt > "${ATTACHMENT_PATH}" + +curl "${MAILGUN_URL}" \ + -s \ + --user "${MAILGUN_USER}" \ + -F from="${MAILGUN_FROM}" \ + -F to="${MAILGUN_TO}" \ + -F subject="${SUBJECT}" \ + -F text="${BODY}" \ + -F attachment="@${ATTACHMENT_PATH}" diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh index 8b058e2..ff71cb6 100755 --- a/scripts/ci/provision.sh +++ b/scripts/ci/provision.sh @@ -8,6 +8,13 @@ cd ../../ VPS_COMMIT_SHA="$(git rev-parse HEAD)" export VPS_COMMIT_SHA +mail_debug_log() { + echo "Sending logs via email..." + ./scripts/ci/mail.sh "${VPS_COMMIT_SHA}" + echo "Done." +} +trap mail_debug_log EXIT + create_known_hosts_file() { echo "${TLD},$(terraform output public_floating_ip) ssh-rsa $(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)" > ./generated-known-hosts.txt } @@ -29,7 +36,7 @@ echo "Shutting down running containers and backing up data..." create_known_hosts_file ssh "$TLD" "cd /home/vps/ && docker-compose down" setup_borg_files ./scripts/box/create-backup.env.sh create-backup.sh -ssh "$TLD" /home/vps/create-backup.sh +ssh "$TLD" /home/vps/create-backup.sh 2>&1 > ./logs/borg-create.txt echo "Done." echo "Initializing Terraform..." @@ -71,7 +78,7 @@ echo "Done." echo "Running the Ansible playbook..." create_known_hosts_file -ansible-playbook provision.yaml +ansible-playbook -vvv provision.yaml 2>&1 > ./logs/ansible.txt echo "Done." echo "Locking git-crypt repositories back..." diff --git a/secrets/envrc.sh b/secrets/envrc.sh Binary files differindex 12e65b4..62b27c6 100644 --- a/secrets/envrc.sh +++ b/secrets/envrc.sh |