diff options
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | provision.yaml | 19 | ||||
| -rwxr-xr-x | scripts/ci/provision.sh | 7 | ||||
| -rwxr-xr-x | scripts/ci/setup.sh | 4 | ||||
| -rwxr-xr-x | user-data.env.sh | 2 |
5 files changed, 18 insertions, 18 deletions
@@ -8,4 +8,6 @@ /docker-compose.yaml /cloud-config.yaml /hosts -/user-data.sh
\ No newline at end of file +/user-data.sh +/scripts/box/create-backup.sh +/scripts/box/restore-backup.sh
\ No newline at end of file diff --git a/provision.yaml b/provision.yaml index f35a94e..8559c27 100644 --- a/provision.yaml +++ b/provision.yaml @@ -15,22 +15,23 @@ apt: name: [ 'docker-compose', 'borgbackup' ] state: latest - - name: Create /home/vps/ base directory - file: - path: /home/vps/ - state: directory - name: Create symlink to attached volume file: src: /mnt/vps_persistent_volume dest: /home/vps/volumes state: link + - name: Copy local interpolated files to remote + copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }} + with_items: + - { src: './scripts/box/create-backup.sh', dest: '/home/vps/create-backup.sh', mode: '755' } + - { src: './scripts/box/restore-backup.sh', dest: '/home/vps/restore-backup.sh', mode: '755' } + - { src: './secrets/borg/borg-remote.pub', dest: '/root/.ssh/id_rsa.pub' } + - { src: './secrets/borg/borg-remote', dest: '/root/.ssh/id_rsa', mode: '400' } + - { src: './secrets/borg/known-hosts.txt', dest: '/root/.ssh/known_hosts' } + - { src: './scripts/box/bash-profile.sh', dest: '/root/.bash_profile' } + - { src: './docker-compose.yaml', dest: '/home/vps/docker-compose.yaml' } - name: Restore borg backup into fresh volume shell: /home/vps/restore-backup.sh - - name: Copy file - copy: src={{ item.src }} dest={{ item.dest }} - with_items: - - { src: './scripts/box/bash-profile.sh', dest: '/etc/profile.d/bash-profile.sh' } - - { src: './docker-compose.yaml', dest: '/home/vps/docker-compose.yaml' } - name: Start docker-compose docker_service: project_src: /home/vps/ diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh index 87bb4c5..232cb93 100755 --- a/scripts/ci/provision.sh +++ b/scripts/ci/provision.sh @@ -8,14 +8,13 @@ cd ../../ VPS_COMMIT_SHA="$(git rev-parse HEAD)" export VPS_COMMIT_SHA -# FIXME: use Ansible instead setup_borg_files() { local -r template_file="${1}" local -r destination_name="${2}" scp ./secrets/borg/borg-remote.pub "$TLD":/root/.ssh/id_rsa.pub scp ./secrets/borg/borg-remote "$TLD":/root/.ssh/id_rsa scp ./secrets/borg/known-hosts.txt "$TLD":/root/.ssh/known_hosts - ssh "$TLD" 'chmod 600 /root/.ssh/id_rsa' + ssh "$TLD" 'chmod 400 /root/.ssh/id_rsa' envsubst < "${template_file}" | ssh "$TLD" "cat > /home/vps/${destination_name} && chmod +x /home/vps/${destination_name}" ssh "$TLD" "chmod +x /home/vps/${destination_name}" } @@ -59,10 +58,6 @@ git push origin master popd echo "Done." -echo "Restoring data from backup into volume..." -setup_borg_files ./scripts/box/restore-backup.env.sh restore-backup.sh -echo "Done." - echo "Running the Ansible playbook..." ansible-playbook provision.yaml echo "Done." diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh index 63e3657..dbbf32a 100755 --- a/scripts/ci/setup.sh +++ b/scripts/ci/setup.sh @@ -18,7 +18,7 @@ popd echo "Done." # git smudge after git-crypt clears file permissions -chmod 600 ./secrets/ssh/vps-box-client +chmod 400 ./secrets/ssh/vps-box-client cat .envrc >> ~/.buildenv source .envrc @@ -32,3 +32,5 @@ envsubst < ./ssh.env.conf >> ~/.ssh/config envsubst < ./hosts.env > ./hosts envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml envsubst < ./user-data.env.sh > ./user-data.sh +envsubst < ./scripts/box/create-backup.env.sh > ./scripts/box/create-backup.sh +envsubst < ./scripts/box/restore-backup.env.sh > ./scripts/box/restore-backup.sh diff --git a/user-data.env.sh b/user-data.env.sh index d0c377c..f9da5d7 100755 --- a/user-data.env.sh +++ b/user-data.env.sh @@ -2,7 +2,7 @@ # shellcheck disable=SC2016 echo '$SSH_SERVER_PRIVATE_KEY' > /etc/ssh/vps-box-server -chmod 600 /etc/ssh/vps-box-server +chmod 400 /etc/ssh/vps-box-server echo '$SSH_SERVER_PUBLIC_KEY' > /etc/ssh/vps-box-server.pub echo 'HostKey /etc/ssh/vps-box-server' >> /etc/ssh/sshd_config echo 'Port $SSH_PORT' >> /etc/ssh/sshd_config |