aboutsummaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/box/bash-profile.sh (renamed from scripts/box/bash-aliases.sh)1
-rwxr-xr-xscripts/box/run-backup.env.sh (renamed from scripts/box/run-backup-template.sh)2
-rwxr-xr-xscripts/ci/provision.sh13
-rwxr-xr-xscripts/ci/setup.sh14
4 files changed, 22 insertions, 8 deletions
diff --git a/scripts/box/bash-aliases.sh b/scripts/box/bash-profile.sh
index 4ef035d..e24d333 100755
--- a/scripts/box/bash-aliases.sh
+++ b/scripts/box/bash-profile.sh
@@ -1,3 +1,4 @@
#!/usr/bin/env bash
alias l="ls -lahp --color"
+cd /home/vps/
diff --git a/scripts/box/run-backup-template.sh b/scripts/box/run-backup.env.sh
index 34184b9..e1ecdf0 100755
--- a/scripts/box/run-backup-template.sh
+++ b/scripts/box/run-backup.env.sh
@@ -2,6 +2,8 @@
export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}"
export BORG_PASSPHRASE="${BORG_PASSPHRASE}"
+# The configured $BORG_REPO is already the rsync.net remote.
+# No need to send the files after the backup is done.
borg create \
--verbose \
--stats \
diff --git a/scripts/ci/provision.sh b/scripts/ci/provision.sh
index 3ba89d9..56e481a 100755
--- a/scripts/ci/provision.sh
+++ b/scripts/ci/provision.sh
@@ -9,22 +9,21 @@ VPS_COMMIT_SHA="$(git rev-parse HEAD)"
export VPS_COMMIT_SHA
echo "Shutting down running containers and backing up data..."
ssh "$TLD" "cd /home/vps/ && docker-compose down"
-scp ./secrets/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub
-scp ./secrets/borg_remote "$TLD":/root/.ssh/id_rsa
-envsubst < ./scripts/box/run-backup-template.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh'
+scp ./secrets/borg/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub
+scp ./secrets/borg/borg_remote "$TLD":/root/.ssh/id_rsa
+envsubst < ./scripts/box/run-backup.env.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh'
ssh "$TLD" /home/vps/run-backup.sh
echo "Done."
echo "Running 'terraform plan' and storing the planfile..."
-# Terraform plan
terraform --version
terraform init
mkdir -p "../vps-state/secrets/plan-files/"
PLAN_FILE_NAME="$(date -Iseconds)-$VPS_COMMIT_SHA.tfplan"
PLAN_FILE_PATH="../vps-state/secrets/plan-files/$PLAN_FILE_NAME"
+
terraform plan -input=false -out="$PLAN_FILE_PATH"
-# Store on git repo
pushd ../vps-state/
git add "secrets/plan-files/$PLAN_FILE_NAME"
git commit -m "CI: add .tfplan plan file for CI run $VPS_COMMIT_SHA"
@@ -44,6 +43,10 @@ git push origin master
popd
echo "Done."
+echo "Running the Ansible playbook..."
+ansible-playbook provision.yaml
+echo "Done."
+
echo "Locking git-crypt repositories back..."
git crypt lock
pushd ../vps-state/
diff --git a/scripts/ci/setup.sh b/scripts/ci/setup.sh
index ee5ecf2..e6e85c9 100755
--- a/scripts/ci/setup.sh
+++ b/scripts/ci/setup.sh
@@ -18,9 +18,17 @@ popd
echo "Done."
# git smudge after git-crypt clears file permissions
-chmod 600 ./secrets/vps_box
-chmod 600 ./secrets/borg_remote
+chmod 600 ./secrets/ssh/vps-box-client
+chmod 600 ./secrets/borg/borg_remote
cat .envrc >> ~/.buildenv
source .envrc
-envsubst < ./ssh.conf >> ~/.ssh/config
+
+export SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
+export SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
+
+envsubst < ./cloud-config.env.yaml > ./cloud-config.yaml
+envsubst < ./ssh.env.conf >> ~/.ssh/config
+envsubst < ./hosts.env > ./hosts
+envsubst < ./docker-compose.env.yaml > ./docker-compose.yaml
+envsubst < ./user-data.env.sh > ./user-data.sh
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-23 05:33:45 +0000