157 lines
4.2 KiB
Bash
Executable File
157 lines
4.2 KiB
Bash
Executable File
#!/bin/bash
|
||
. driglibash-base
|
||
. /etc/jeancloud.env
|
||
|
||
set -euo pipefail
|
||
|
||
noreload=false
|
||
deploy=true
|
||
if [ "$#" -ge 2 ] && [ "$2" = noreload ] ; then
|
||
noreload=true
|
||
elif [ "$#" -ge 3 ] && [ "$3" = undeploy ] ; then
|
||
deploy=false
|
||
else
|
||
die "Usage: $0 <service> [no]reload [un]deploy"
|
||
fi
|
||
|
||
|
||
if [ -d "/docker/$1" ] ; then
|
||
service="$1"
|
||
elif [ -d "$1" ] && [[ "$service" = /docker/* ]] ; then
|
||
service="$(basename "$1")"
|
||
else
|
||
die "/docker/$service not found"
|
||
fi
|
||
|
||
if [ ! -d "$new_nginx_conf_path" ] ; then
|
||
die "Can’t deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployer.sh first"
|
||
fi
|
||
|
||
|
||
docker_service="$(echo "$service" | tr '.' '_')"
|
||
driglibash_section_prefix="[$service] "
|
||
|
||
cd "/docker/$service"
|
||
[ -f .env ] && . .env
|
||
|
||
|
||
###############################################################################
|
||
# Useful directories
|
||
###############################################################################
|
||
|
||
if "$deploy" ; then
|
||
mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
||
# Try running podman as non-root first…
|
||
chown www-data:www-data -R "$HTTP_DIR"
|
||
else
|
||
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
|
||
fi
|
||
|
||
|
||
###############################################################################
|
||
# Run scripts
|
||
###############################################################################
|
||
|
||
if "$deploy" ; then
|
||
[ -x deploy.sh ] && ./deploy.sh
|
||
[ -x deploy_http.sh ] && sudo -u www-data ./deploy_http.sh
|
||
else
|
||
[ -x undeploy.sh ] && ./undeploy.sh
|
||
fi
|
||
|
||
|
||
###############################################################################
|
||
# Docker containers
|
||
###############################################################################
|
||
|
||
# If there is a docker-compose file and it has services in it
|
||
if [ -f "/docker/$service/docker-compose.yml" ] && [ -n "$(grep '^[^#]*services' "/docker/$service/docker-compose.yml")" ] ; then
|
||
section "-------------------- $service"
|
||
if $deploy ; then
|
||
section "Logging to registry"
|
||
# XXX Login to docker registry
|
||
|
||
section "Pulling images"
|
||
run docker-compose pull
|
||
|
||
section "Starting service"
|
||
run docker-compose up -d --remove-orphans
|
||
else
|
||
section "Removing containers"
|
||
docker-compose down --rmi all --remove-orphans
|
||
fi
|
||
fi
|
||
|
||
if ! "$deploy" ; then
|
||
section "Remove stray containers"
|
||
while read container ; do
|
||
echo "Removing $container"
|
||
run docker rm "$container"
|
||
done <<< "$(docker ps | grep "$docker_service" | cut -d ' ' -f 1)"
|
||
fi
|
||
|
||
|
||
|
||
###############################################################################
|
||
# wireguard interface
|
||
###############################################################################
|
||
|
||
# If there is a wireguard vpn script
|
||
for file in $( find "/docker/$service" -name "wg-*.sh") ; do
|
||
section "Managing wg interface $(basename "$file")"
|
||
if [ -x "$file" ] ; then
|
||
wgif="$(basename "$file")"
|
||
wgif="${wgif:3:-3}"
|
||
"$file" $wgif > "/etc/wireguard/$wgif.conf"
|
||
if "$deploy" ; then
|
||
systemctl enable "wg-quick@$wgif"
|
||
startwg.sh "$wgif"
|
||
else
|
||
if [ -z "$(ip a | grep "$wgif")" ] ; then
|
||
wg-quick down "$wgif"
|
||
fi
|
||
fi
|
||
fi
|
||
done
|
||
|
||
|
||
###############################################################################
|
||
# Nginx conf
|
||
###############################################################################
|
||
|
||
# If there is a nginx conf file
|
||
if [ -f "/docker/$service/nginx_server.conf" ] ; then
|
||
section "Copy nginx conf"
|
||
run cp "/docker/$service/nginx_server.conf" "$new_nginx_conf_path/$service"
|
||
|
||
section "Template nginx conf with vars from '.env' file"
|
||
run template.sh "/docker/$service/.env" < "/docker/$service/nginx_server.conf" > "$new_nginx_conf_path/$service"
|
||
fi
|
||
|
||
# Do we need dummy cert?
|
||
if [ ! -e "$certs_path/$service/fullchain.pem" ] ; then
|
||
section "Create cert dir"
|
||
run mkdir -p "$certs_path/$service"
|
||
|
||
section "Link dummy to cert"
|
||
run ln -s "$dummy_cert_path/fullchain.pem" "$certs_path/$service"
|
||
run ln -s "$dummy_cert_path/privkey.pem" "$certs_path/$service"
|
||
fi
|
||
|
||
section "Testing nginx conf"
|
||
run nginx -t -c /etc/nginx/new_nginx.conf
|
||
|
||
if [ "$noreload" == false ] ; then
|
||
restart_nginx.sh
|
||
fi
|
||
|
||
section "Cleaning"
|
||
if [ -z "$(ls -A "$DATA_DIR")" ] ; then
|
||
run rmdir "$DATA_DIR"
|
||
fi
|
||
if [ -z "$(ls -A "$HTTP_DIR")" ] ; then
|
||
run rmdir "$HTTP_DIR"
|
||
fi
|
||
|
||
|