aboutsummaryrefslogtreecommitdiff
path: root/deploy.sh (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use Ansible instead of Bash for provisioningEuAndreh2019-06-051-41/+0
| | | | | | | | | | | | | | | | | | The deployment is not quite working, and I'm unable to test right now: DigitalOcean is returning 503 for my requests. As of this commit, I can run =ansible-playbook provider.yml= more than once and it will actually be idempotent. Notes: - SSH fingerprint are now taken from the public key file instead of manually supplying it in the terraform template using the =digitalocean_ssh_key= resource; - use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets created by Terraform; - use the =filename.env.extension= to create the concrete files in CI; - use the =user_data= to add the know SSH key pair to the newly created Droplet; - add =rotate-ssh-keys.sh= utils;
* Split scripts into CI and VPS boxEuAndreh2019-05-281-1/+1
|
* Add cd to /home/vps/ in profileEuAndreh2019-05-271-0/+1
| | | | | Just a nice to have when SSH'ing interactively, doesn't have and effect on non-interactive SSH commands.
* Use ssh pipe and cat instead of hacky temporary file descriptorEuAndreh2019-05-271-3/+1
| | | | Taken from http://compgroups.net/comp.unix.shell/-scp-dev-fd-63-not-a-regular-file/3063561
* Add bash_aliases.sh and scp it when deploying a new boxEuAndreh2019-05-271-0/+1
|
* Use more robust Bash cd approachEuAndreh2019-05-261-1/+1
|
* Prepare builds.sr.ht CI environment before running build tasksEuAndreh2019-05-261-3/+0
| | | | Make content of .envrc available to subsequent build jobs.
* Disable shellcheck 2139 offenseEuAndreh2019-05-261-0/+1
|
* Remove extra newline at "Done.\n" messagesEuAndreh2019-05-261-3/+3
|
* Automate provisioning and deployment of VPSEuAndreh2019-05-261-7/+27
| | | | | | | | | | | | | | | | | | | | | | | | In order to perform that I had to remove Terraform's =.tfstate= files from the repository. Terraform does support "backends" for storing the state files, but I settled for storing it on a separate repo (vps-state). For now it solves the state management problem: - it has history of states; - all state files are GPG encrypted; - there's no coordination however, but only the CI should perform a deploy in order to avoid race conditions. I had to add GPG and SSH keys to sr.ht to achieve that: - SSH public key to my profile to authorize it to push to vps-state repo; - SSH private key to the secret builds.sr.ht environment to enable push to the repository from the pipeline; - GPG public key to git-crypt to make it possible for the pipeline to unlock the encrypted content; - GPG private key to the secret builds.sr.ht environment to enable decrypting git-crypt content from the pipeline. In order to avoid divergent environment from local and CI, the ./provision.sh script is ran through nix-shell.
* Pull Docker images before running docker-compose upEuAndreh2019-05-251-0/+1
|
* Fix docker-compose.yaml rename referencesEuAndreh2019-05-251-3/+3
|
* Restart docker-compose after deploymentEuAndreh2019-05-251-0/+5
|
* Remove provisioning from TerraformEuAndreh2019-05-251-0/+17
generated by cgit v1.2.3 (git 2.50.1) at 2025-08-14 12:11:39 +0000