Compare commits
3 commits
252c827d92
...
49bb55087d
Author | SHA1 | Date | |
---|---|---|---|
49bb55087d | |||
9b9a0e5545 | |||
5993328cdb |
2 changed files with 35 additions and 31 deletions
30
README.md
30
README.md
|
@ -1,15 +1,15 @@
|
||||||
# vps
|
# vps
|
||||||
|
|
||||||
This repository contains all the files I use to manage services hosted on [viyurz.fr](https://viyurz.fr).
|
This repository contains all the files I use to manage my services hosted on [viyurz.fr](https://viyurz.fr).
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
### Ansible
|
### Initial setup
|
||||||
|
|
||||||
Install Ansible:
|
Run the setup script:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
sudo apt install -y ansible
|
./setup.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
### SSL certificates
|
### SSL certificates
|
||||||
|
@ -34,6 +34,10 @@ sudo zerossl-bot certonly --nginx -m viyurz@viyurz.fr -d turn.viyurz.fr
|
||||||
sudo certbot certonly --nginx -d mail.viyurz.fr
|
sudo certbot certonly --nginx -d mail.viyurz.fr
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Secrets
|
||||||
|
|
||||||
|
Copy the existing `secrets.yml.example` file to `secrets.yml` and fill the variables.
|
||||||
|
|
||||||
### Storagebox
|
### Storagebox
|
||||||
|
|
||||||
Add credential:
|
Add credential:
|
||||||
|
@ -45,22 +49,12 @@ username=MYUSERNAME
|
||||||
password=MYPASSWORD
|
password=MYPASSWORD
|
||||||
```
|
```
|
||||||
|
|
||||||
Copy & edit file `fstab`.
|
Copy the file `fstab` and edit it accordingly (username and potentially uids/gids).
|
||||||
|
|
||||||
## Secrets
|
|
||||||
|
|
||||||
Copy the existing `secrets.yml.example` to `secrets.yml`, run `ansible-vault encrypt secrets.yml` to encrypt the file with a password, and finally edit the newly encrypted file with `ansible-vault edit secrets.yml`.
|
|
||||||
|
|
||||||
If you want to change the vault password run `ansible-vault rekey secrets.yml`.
|
|
||||||
|
|
||||||
## Backups
|
## Backups
|
||||||
|
|
||||||
Run the `backup-services.yml` playbook once to setup the passphrase file.
|
Create a cronjob to periodically backup all projects:
|
||||||
|
|
||||||
After that, you can create a root cronjob to run this playbook without requiring interactivity:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
0 4 * * * export ANSIBLE_ROLES_PATH=/home/viyurz/vps/roles/; /usr/bin/ansible-playbook /home/viyurz/vps/playbooks/backup-services.yml -e include_secrets=false -e selected_projects=''
|
0 4 * * * /home/viyurz/vps/manage.py backup ''
|
||||||
```
|
```
|
||||||
|
|
||||||
Here we leave `selected_projects` empty to backup all projects.
|
|
||||||
|
|
36
manage.py
36
manage.py
|
@ -53,7 +53,8 @@ def borgCreate(name, path=None, database=None):
|
||||||
if database is not None:
|
if database is not None:
|
||||||
print(f"Dumping database {database}.")
|
print(f"Dumping database {database}.")
|
||||||
|
|
||||||
dumpProc = subprocess.run(["docker", "exec", "postgres", "pg_dump", "-c", database], capture_output=True, text=True)
|
dockerEnv = {"DOCKER_HOST": 'unix:///run/user/1000/docker.sock'}
|
||||||
|
dumpProc = subprocess.run(["docker", "exec", "postgres", "pg_dump", "-c", database], capture_output=True, text=True, env=dockerEnv)
|
||||||
if dumpProc.returncode != 0:
|
if dumpProc.returncode != 0:
|
||||||
print(f"Failed to dump database {database}.", file=sys.stderr)
|
print(f"Failed to dump database {database}.", file=sys.stderr)
|
||||||
return 1
|
return 1
|
||||||
|
@ -300,28 +301,37 @@ def main():
|
||||||
|
|
||||||
print("\nUsing socket " + env['socket'] + ".")
|
print("\nUsing socket " + env['socket'] + ".")
|
||||||
|
|
||||||
print("\nChoose action:")
|
|
||||||
print("[1/S] Setup project")
|
|
||||||
print("[2/U] Update project")
|
|
||||||
print("[3/B] Backup project")
|
|
||||||
|
|
||||||
action = ''
|
action = ''
|
||||||
|
if len(sys.argv) > 1:
|
||||||
|
action = sys.argv[1]
|
||||||
|
else:
|
||||||
|
print("\nChoose action:")
|
||||||
|
print("[1/S] Setup project")
|
||||||
|
print("[2/U] Update project")
|
||||||
|
print("[3/B] Backup project")
|
||||||
|
|
||||||
while action == '':
|
while action == '':
|
||||||
action = input("Action: ")
|
action = input("Action: ")
|
||||||
|
|
||||||
|
|
||||||
projects = os.listdir("projects")
|
projects = os.listdir("projects")
|
||||||
print(f"\nProjects list: {projects}")
|
print(f"\nProjects list: {projects}")
|
||||||
|
if len(sys.argv) > 2:
|
||||||
|
target_projects = sys.argv[2]
|
||||||
|
else:
|
||||||
|
target_projects = input("Target compose project(s), space separated, leave empty to target all: ")
|
||||||
|
|
||||||
target_projects = input("Target compose project(s), space separated, leave empty to target all: ")
|
if target_projects.strip() == '':
|
||||||
|
|
||||||
if target_projects == '':
|
|
||||||
target_projects = projects
|
target_projects = projects
|
||||||
else:
|
else:
|
||||||
target_projects = target_projects.split(' ')
|
target_projects = re.split(' ?, ?| ', target_projects.strip())
|
||||||
|
|
||||||
print(f"Target projects: {target_projects}")
|
print(f"Target projects: {target_projects}")
|
||||||
|
|
||||||
match action:
|
|
||||||
case '1' | 'S':
|
match action.casefold():
|
||||||
|
case '1' | 's' | 'setup':
|
||||||
setNftables()
|
setNftables()
|
||||||
|
|
||||||
for project in target_projects:
|
for project in target_projects:
|
||||||
|
@ -332,7 +342,7 @@ def main():
|
||||||
print(e, file=sys.stderr)
|
print(e, file=sys.stderr)
|
||||||
print(f"Failed to setup project {project}.", file=sys.stderr)
|
print(f"Failed to setup project {project}.", file=sys.stderr)
|
||||||
|
|
||||||
case '2' | 'U':
|
case '2' | 'u' | 'update':
|
||||||
for project in target_projects:
|
for project in target_projects:
|
||||||
try:
|
try:
|
||||||
print()
|
print()
|
||||||
|
@ -341,7 +351,7 @@ def main():
|
||||||
print(e, file=sys.stderr)
|
print(e, file=sys.stderr)
|
||||||
print(f"Failed to update project {project}.", file=sys.stderr)
|
print(f"Failed to update project {project}.", file=sys.stderr)
|
||||||
|
|
||||||
case '3' | 'B':
|
case '3' | 'b' | 'backup':
|
||||||
print()
|
print()
|
||||||
if not os.path.exists(env['borg_repo']):
|
if not os.path.exists(env['borg_repo']):
|
||||||
print(f"Creating borg repository {env['borg_repo']}.")
|
print(f"Creating borg repository {env['borg_repo']}.")
|
||||||
|
|
Loading…
Reference in a new issue