#!/bin/bash . driglibash-base . /etc/jeancloud.env set -euo pipefail noreload=false deploy=true if [ "$#" -ge 2 ] && [ "$2" = noreload ] ; then noreload=true elif [ "$#" -ge 3 ] && [ "$3" = undeploy ] ; then deploy=false else die "Usage: $0 [no]reload [un]deploy" fi if [ -d "/docker/$1" ] ; then service="$1" elif [ -d "$1" ] && [[ "$service" = /docker/* ]] ; then service="$(basename "$1")" else die "/docker/$service not found" fi if [ ! -d "$new_nginx_conf_path" ] ; then die "Can’t deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployer.sh first" fi docker_service="$(echo "$service" | tr '.' '_')" driglibash_section_prefix="[$service] " cd "/docker/$service" [ -f .env ] && . .env ############################################################################### # Useful directories ############################################################################### if "$deploy" ; then mkdir -p "$DATA_DIR" "$HTTP_DIR" # Try running podman as non-root first… chown www-data:www-data -R "$HTTP_DIR" else [ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR" fi ############################################################################### # Run scripts ############################################################################### if "$deploy" ; then [ -x deploy.sh ] && ./deploy.sh [ -x deploy_http.sh ] && sudo -u www-data ./deploy_http.sh else [ -x undeploy.sh ] && ./undeploy.sh fi ############################################################################### # Docker containers ############################################################################### # If there is a docker-compose file and it has services in it if [ -f "/docker/$service/docker-compose.yml" ] && [ -n "$(grep '^[^#]*services' "/docker/$service/docker-compose.yml")" ] ; then section "-------------------- $service" if $deploy ; then section "Logging to registry" # XXX Login to docker registry section "Pulling images" run docker-compose pull section "Starting service" run docker-compose up -d --remove-orphans else section "Removing containers" docker-compose down --rmi all --remove-orphans fi fi if ! "$deploy" ; then section "Remove stray containers" while read container ; do echo "Removing $container" run docker rm "$container" done <<< "$(docker ps | grep "$docker_service" | cut -d ' ' -f 1)" fi ############################################################################### # wireguard interface ############################################################################### # If there is a wireguard vpn script for file in $( find "/docker/$service" -name "wg-*.sh") ; do section "Managing wg interface $(basename "$file")" if [ -x "$file" ] ; then wgif="$(basename "$file")" wgif="${wgif:3:-3}" "$file" $wgif > "/etc/wireguard/$wgif.conf" if "$deploy" ; then systemctl enable "wg-quick@$wgif" startwg.sh "$wgif" else if [ -z "$(ip a | grep "$wgif")" ] ; then wg-quick down "$wgif" fi fi fi done ############################################################################### # Nginx conf ############################################################################### # If there is a nginx conf file if [ -f "/docker/$service/nginx_server.conf" ] ; then section "Copy nginx conf" run cp "/docker/$service/nginx_server.conf" "$new_nginx_conf_path/$service" section "Template nginx conf with vars from '.env' file" run template.sh "/docker/$service/.env" < "/docker/$service/nginx_server.conf" > "$new_nginx_conf_path/$service" fi # Do we need dummy cert? if [ ! -e "$certs_path/$service/fullchain.pem" ] ; then section "Create cert dir" run mkdir -p "$certs_path/$service" section "Link dummy to cert" run ln -s "$dummy_cert_path/fullchain.pem" "$certs_path/$service" run ln -s "$dummy_cert_path/privkey.pem" "$certs_path/$service" fi section "Testing nginx conf" run nginx -t -c /etc/nginx/new_nginx.conf if [ "$noreload" == false ] ; then restart_nginx.sh fi section "Cleaning" if [ -z "$(ls -A "$DATA_DIR")" ] ; then run rmdir "$DATA_DIR" fi if [ -z "$(ls -A "$HTTP_DIR")" ] ; then run rmdir "$HTTP_DIR" fi