chore: update scripts
This commit is contained in:
Tiara Rodney
parent
cfb9b7c591
commit
62cb0f8afd
7 changed files with 24 additions and 22 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Add /etc/hosts entries for VM service domains. Requires root.
|
# Add /etc/hosts entries for VM service domains.
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
# Domains on vm-proxy (WG: 10.0.0.1)
|
# Domains on vm-proxy (WG: 10.0.0.1)
|
||||||
|
|
@ -21,12 +21,12 @@ accounts.tiararodney.com
|
||||||
|
|
||||||
for domain in $PROXY_DOMAINS; do
|
for domain in $PROXY_DOMAINS; do
|
||||||
grep -q "$domain" /etc/hosts 2>/dev/null && continue
|
grep -q "$domain" /etc/hosts 2>/dev/null && continue
|
||||||
echo "10.0.0.1 $domain" >> /etc/hosts
|
echo "10.0.0.1 $domain" | sudo tee -a /etc/hosts > /dev/null
|
||||||
echo " added $domain -> 10.0.0.1"
|
echo " added $domain -> 10.0.0.1"
|
||||||
done
|
done
|
||||||
|
|
||||||
for domain in $IDP_DOMAINS; do
|
for domain in $IDP_DOMAINS; do
|
||||||
grep -q "$domain" /etc/hosts 2>/dev/null && continue
|
grep -q "$domain" /etc/hosts 2>/dev/null && continue
|
||||||
echo "10.0.0.2 $domain" >> /etc/hosts
|
echo "10.0.0.2 $domain" | sudo tee -a /etc/hosts > /dev/null
|
||||||
echo " added $domain -> 10.0.0.2"
|
echo " added $domain -> 10.0.0.2"
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Configure local WireGuard interface to peer with the VMs. Requires root.
|
# Configure local WireGuard interface to peer with the VMs.
|
||||||
#
|
#
|
||||||
# Expects /etc/wireguard/private.key and /etc/wireguard/public.key to exist.
|
# Expects /etc/wireguard/private.key and /etc/wireguard/public.key to exist.
|
||||||
# Generate with:
|
# Generate with:
|
||||||
# wg genkey | tee /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key
|
# sudo sh -c 'wg genkey | tee /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key'
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
SSH_USER=debian
|
SSH_USER=debian
|
||||||
|
|
@ -15,8 +15,10 @@ WG_IFACE=wg-dev
|
||||||
LOCAL_WG_IP=10.0.0.3/24
|
LOCAL_WG_IP=10.0.0.3/24
|
||||||
WG_PORT=51820
|
WG_PORT=51820
|
||||||
|
|
||||||
# Get the VM public keys
|
# Get the VM public keys (runs as calling user, not root)
|
||||||
|
# shellcheck disable=SC2086
|
||||||
PROXY_PUBKEY=$(ssh $SSH_OPTS "${SSH_USER}@${PROXY_HOST}" 'sudo cat /etc/wireguard/public.key' 2>/dev/null)
|
PROXY_PUBKEY=$(ssh $SSH_OPTS "${SSH_USER}@${PROXY_HOST}" 'sudo cat /etc/wireguard/public.key' 2>/dev/null)
|
||||||
|
# shellcheck disable=SC2086
|
||||||
IDP_PUBKEY=$(ssh $SSH_OPTS "${SSH_USER}@${IDP_HOST}" 'sudo cat /etc/wireguard/public.key' 2>/dev/null)
|
IDP_PUBKEY=$(ssh $SSH_OPTS "${SSH_USER}@${IDP_HOST}" 'sudo cat /etc/wireguard/public.key' 2>/dev/null)
|
||||||
|
|
||||||
if [ -z "$PROXY_PUBKEY" ] || [ -z "$IDP_PUBKEY" ]; then
|
if [ -z "$PROXY_PUBKEY" ] || [ -z "$IDP_PUBKEY" ]; then
|
||||||
|
|
@ -25,10 +27,10 @@ if [ -z "$PROXY_PUBKEY" ] || [ -z "$IDP_PUBKEY" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cat > /etc/wireguard/${WG_IFACE}.conf <<EOF
|
sudo tee /etc/wireguard/${WG_IFACE}.conf > /dev/null <<EOF
|
||||||
[Interface]
|
[Interface]
|
||||||
Address = ${LOCAL_WG_IP}
|
Address = ${LOCAL_WG_IP}
|
||||||
PrivateKey = $(cat /etc/wireguard/private.key)
|
PrivateKey = $(sudo cat /etc/wireguard/private.key)
|
||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
# vm-proxy
|
# vm-proxy
|
||||||
|
|
@ -43,7 +45,7 @@ Endpoint = ${IDP_HOST}:${WG_PORT}
|
||||||
AllowedIPs = 10.0.0.2/32
|
AllowedIPs = 10.0.0.2/32
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
wg-quick down ${WG_IFACE} 2>/dev/null || true
|
sudo wg-quick down ${WG_IFACE} 2>/dev/null || true
|
||||||
wg-quick up ${WG_IFACE}
|
sudo wg-quick up ${WG_IFACE}
|
||||||
|
|
||||||
echo "==> WireGuard ${WG_IFACE} up (${LOCAL_WG_IP})"
|
echo "==> WireGuard ${WG_IFACE} up (${LOCAL_WG_IP})"
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Remove VM service domain entries from /etc/hosts. Requires root.
|
# Remove VM service domain entries from /etc/hosts.
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
DOMAINS="
|
DOMAINS="
|
||||||
|
|
@ -15,7 +15,7 @@ accounts.tiararodney.com
|
||||||
"
|
"
|
||||||
|
|
||||||
for domain in $DOMAINS; do
|
for domain in $DOMAINS; do
|
||||||
sed -i "/[[:space:]]${domain}$/d" /etc/hosts
|
sudo sed -i "/[[:space:]]${domain}$/d" /etc/hosts
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "==> /etc/hosts entries removed"
|
echo "==> /etc/hosts entries removed"
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Remove local WireGuard interface. Requires root.
|
# Remove local WireGuard interface.
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
WG_IFACE=wg-dev
|
WG_IFACE=wg-dev
|
||||||
|
|
||||||
wg-quick down ${WG_IFACE} 2>/dev/null || true
|
sudo wg-quick down ${WG_IFACE} 2>/dev/null || true
|
||||||
rm -f /etc/wireguard/${WG_IFACE}.conf
|
sudo rm -f /etc/wireguard/${WG_IFACE}.conf
|
||||||
|
|
||||||
echo "==> WireGuard ${WG_IFACE} removed"
|
echo "==> WireGuard ${WG_IFACE} removed"
|
||||||
|
|
|
||||||
|
|
@ -33,13 +33,13 @@ done
|
||||||
if [ -n "$service" ]; then
|
if [ -n "$service" ]; then
|
||||||
echo "==> Deploying to production: $service"
|
echo "==> Deploying to production: $service"
|
||||||
if [ -n "$skip_tags" ]; then
|
if [ -n "$skip_tags" ]; then
|
||||||
exec ansible-playbook -i "$INVENTORY" "$PLAYBOOK" \
|
exec ansible-playbook -i "$INVENTORY" "$PLAYBOOK" --vault-password-file .vault-pass \
|
||||||
--tags "$service" --skip-tags "$skip_tags"
|
--tags "$service" --skip-tags "$skip_tags"
|
||||||
else
|
else
|
||||||
exec ansible-playbook -i "$INVENTORY" "$PLAYBOOK" \
|
exec ansible-playbook -i "$INVENTORY" "$PLAYBOOK" --vault-password-file .vault-pass \
|
||||||
--tags "$service"
|
--tags "$service"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "==> Full production deployment"
|
echo "==> Full production deployment"
|
||||||
exec ansible-playbook -i "$INVENTORY" "$PLAYBOOK"
|
exec ansible-playbook -i "$INVENTORY" "$PLAYBOOK" --vault-password-file .vault-pass
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
|
|
@ -18,10 +18,10 @@ echo "==> Running full playbook"
|
||||||
ansible-playbook -i "$INVENTORY" "$PLAYBOOK" --vault-password-file "$VAULT_PASS"
|
ansible-playbook -i "$INVENTORY" "$PLAYBOOK" --vault-password-file "$VAULT_PASS"
|
||||||
|
|
||||||
echo "==> Setting up local WireGuard"
|
echo "==> Setting up local WireGuard"
|
||||||
sudo "$SCRIPT_DIR/local/setup-wireguard.sh"
|
"$SCRIPT_DIR/local/setup-wireguard.sh"
|
||||||
|
|
||||||
echo "==> Setting up local /etc/hosts"
|
echo "==> Setting up local /etc/hosts"
|
||||||
sudo "$SCRIPT_DIR/local/setup-hosts.sh"
|
"$SCRIPT_DIR/local/setup-hosts.sh"
|
||||||
|
|
||||||
echo "==> Snapshotting 'provisioned'"
|
echo "==> Snapshotting 'provisioned'"
|
||||||
"$SCRIPT_DIR/vm/snapshot.sh" provisioned
|
"$SCRIPT_DIR/vm/snapshot.sh" provisioned
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@ echo "==> Destroying VMs"
|
||||||
"$SCRIPT_DIR/vm/destroy.sh"
|
"$SCRIPT_DIR/vm/destroy.sh"
|
||||||
|
|
||||||
echo "==> Tearing down local WireGuard"
|
echo "==> Tearing down local WireGuard"
|
||||||
sudo "$SCRIPT_DIR/local/teardown-wireguard.sh"
|
"$SCRIPT_DIR/local/teardown-wireguard.sh"
|
||||||
|
|
||||||
echo "==> Removing local /etc/hosts entries"
|
echo "==> Removing local /etc/hosts entries"
|
||||||
sudo "$SCRIPT_DIR/local/teardown-hosts.sh"
|
"$SCRIPT_DIR/local/teardown-hosts.sh"
|
||||||
|
|
||||||
echo "==> Done. Run scripts/provision.sh to start over."
|
echo "==> Done. Run scripts/provision.sh to start over."
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue