You can not select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
					
					
						
							95 lines
						
					
					
						
							2.7 KiB
						
					
					
				
			
		
		
		
			
			
			
				
					
				
				
					
				
			
		
		
	
	
							95 lines
						
					
					
						
							2.7 KiB
						
					
					
				| #!/bin/bash | |
|  | |
| readonly EXPANDED_CONF="$MIAOU_CONFIGDIR/miaou.expanded.yaml" | |
| 
 | |
| TARGET=$(yq '.target' "$EXPANDED_CONF") | |
| readonly TARGET | |
| 
 | |
| function check() { | |
|     container_exists "$CONTAINER" || return 1 | |
|     container_running "$CONTAINER" || return 2 | |
|     check_reverseproxy || return 4 | |
|     check_banner || return 5 | |
|     check_certbot || return 6 | |
| } | |
| 
 | |
| function check_reverseproxy() { | |
|     lxc exec "$CONTAINER" -- bash <<EOF | |
|         set -Eeuo pipefail | |
|         dpkg -l nginx | grep -q ^ii | |
|         systemctl is-active --quiet nginx | |
|         nginx -tq | |
| EOF | |
| } | |
| 
 | |
| function check_certbot() { | |
|     lxc exec "$CONTAINER" -- bash <<EOF | |
|         set -Eeuo pipefail | |
|         dpkg -l certbot  | grep -q ^ii | |
|         dpkg -l python3-certbot-nginx  | grep -q ^ii | |
| EOF | |
| } | |
| 
 | |
| function check_banner() { | |
|     if [[ $TARGET != "prod" ]]; then | |
|         lxc exec "$CONTAINER" -- bash <<EOF | |
|             set -Eeuo pipefail | |
|             test -f /etc/nginx/snippets/banner_$TARGET.conf | |
| EOF | |
|     fi | |
| } | |
| 
 | |
| function install() { | |
|     PREFIX="recipe:dmz:install" | |
|     : $PREFIX | |
| 
 | |
|     echowarn "about to deploy new container <$CONTAINER> ..." | |
| 
 | |
|     if ! container_exists "$CONTAINER"; then | |
|         echowarn "about to create new container <$CONTAINER> ..." | |
|         lxc-miaou-create "$CONTAINER" | |
|         echo OK | |
|     fi | |
| 
 | |
|     if ! container_running "$CONTAINER"; then | |
|         echowarn "about to start asleep container <$CONTAINER> ..." | |
|         lxc start "$CONTAINER" | |
|         echo OK | |
|     fi | |
| 
 | |
|     credential_email=$(load_yaml_from_expanded credential.email) | |
|     lxc exec "$CONTAINER" -- bash <<EOF | |
|         set -Eeuo pipefail | |
|         apt-get update && apt-get dist-upgrade -y | |
|         apt-get install -y nginx ssl-cert libnginx-mod-http-subs-filter certbot python3-certbot-nginx | |
|  | |
|         echo "registering with your default credential email <$credential_email>" | |
|         certbot register --agree-tos --email $credential_email --no-eff-email || echo "already resgistered!" | |
|  | |
|         rm /etc/nginx/sites-{enabled,available}/default -f | |
|         systemctl enable nginx | |
|  | |
|         nginx -tq || rm /etc/nginx/sites-enabled/hosts | |
|         systemctl start nginx | |
| EOF | |
| 
 | |
|     if [[ "$TARGET" != "prod" ]]; then | |
|         echo "copying Nginx banner to container <$CONTAINER> ... " | |
|         lxc file push --uid 0 --gid 0 "$MIAOU_BASEDIR/templates/nginx/snippets/banner_$TARGET.conf" "$CONTAINER/etc/nginx/snippets/banner_$TARGET.conf" | |
|         lxc file push --uid 0 --gid 0 "$MIAOU_BASEDIR/templates/nginx/snippets/banner_exp.conf" "$CONTAINER/etc/nginx/snippets/banner_exp.conf" | |
|         echo "copying files to container <$CONTAINER> ... OK" | |
|     else | |
|         echo "no Nginx banner on PROD!" | |
|     fi | |
| } | |
| 
 | |
| # MAIN | |
| . "$MIAOU_BASEDIR/lib/init.sh" | |
| 
 | |
| arg1_required "$@" | |
| readonly CONTAINER="$1" | |
| 
 | |
| check || ( | |
|     install | |
|     check | |
| )
 |