miaou
/
miaou-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
provisioning tool for building opinionated architecture
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
11 Tags
848 KiB
Tree: 0.1.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0.1.1'
${ noResults }
miaou-server/recipes/dmz/install.sh

95 lines
2.7 KiB
Raw Permalink Normal View History

second commit
9 months ago
fix set raw.dnsmasq breaks nftables
1 month ago
second commit
9 months ago
banner_exp
7 months ago
fix set raw.dnsmasq breaks nftables
1 month ago
second commit
9 months ago
  1. #!/bin/bash
  3. readonly EXPANDED_CONF="$MIAOU_CONFIGDIR/miaou.expanded.yaml"
  5. TARGET=$(yq '.target' "$EXPANDED_CONF")
  6. readonly TARGET
  8. function check() {
  9. container_exists "$CONTAINER" || return 1
  10. container_running "$CONTAINER" || return 2
  11. check_reverseproxy || return 4
  12. check_banner || return 5
  13. check_certbot || return 6
  14. }
  16. function check_reverseproxy() {
  17. lxc exec "$CONTAINER" -- bash <<EOF
  18. set -Eeuo pipefail
  19. dpkg -l nginx | grep -q ^ii
  20. systemctl is-active --quiet nginx
  21. nginx -tq
  22. EOF
  23. }
  25. function check_certbot() {
  26. lxc exec "$CONTAINER" -- bash <<EOF
  27. set -Eeuo pipefail
  28. dpkg -l certbot | grep -q ^ii
  29. dpkg -l python3-certbot-nginx | grep -q ^ii
  30. EOF
  31. }
  33. function check_banner() {
  34. if [[ $TARGET != "prod" ]]; then
  35. lxc exec "$CONTAINER" -- bash <<EOF
  36. set -Eeuo pipefail
  37. test -f /etc/nginx/snippets/banner_$TARGET.conf
  38. EOF
  39. fi
  40. }
  42. function install() {
  43. PREFIX="recipe:dmz:install"
  44. : $PREFIX
  46. echowarn "about to deploy new container <$CONTAINER> ..."
  48. if ! container_exists "$CONTAINER"; then
  49. echowarn "about to create new container <$CONTAINER> ..."
  50. lxc-miaou-create "$CONTAINER"
  51. echo OK
  52. fi
  54. if ! container_running "$CONTAINER"; then
  55. echowarn "about to start asleep container <$CONTAINER> ..."
  56. lxc start "$CONTAINER"
  57. echo OK
  58. fi
  60. credential_email=$(load_yaml_from_expanded credential.email)
  61. lxc exec "$CONTAINER" -- bash <<EOF
  62. set -Eeuo pipefail
  63. apt-get update && apt-get dist-upgrade -y
  64. apt-get install -y nginx ssl-cert libnginx-mod-http-subs-filter certbot python3-certbot-nginx
  66. echo "registering with your default credential email <$credential_email>"
  67. certbot register --agree-tos --email $credential_email --no-eff-email || echo "already resgistered!"
  69. rm /etc/nginx/sites-{enabled,available}/default -f
  70. systemctl enable nginx
  72. nginx -tq || rm /etc/nginx/sites-enabled/hosts
  73. systemctl start nginx
  74. EOF
  76. if [[ "$TARGET" != "prod" ]]; then
  77. echo "copying Nginx banner to container <$CONTAINER> ... "
  78. lxc file push --uid 0 --gid 0 "$MIAOU_BASEDIR/templates/nginx/snippets/banner_$TARGET.conf" "$CONTAINER/etc/nginx/snippets/banner_$TARGET.conf"
  79. lxc file push --uid 0 --gid 0 "$MIAOU_BASEDIR/templates/nginx/snippets/banner_exp.conf" "$CONTAINER/etc/nginx/snippets/banner_exp.conf"
  80. echo "copying files to container <$CONTAINER> ... OK"
  81. else
  82. echo "no Nginx banner on PROD!"
  83. fi
  84. }
  86. # MAIN
  87. . "$MIAOU_BASEDIR/lib/init.sh"
  89. arg1_required "$@"
  90. readonly CONTAINER="$1"
  92. check || (
  93. install
  94. check
  95. )