Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Viyurz:49bb55087dc721a0a70a3cae6e905690c8592773
Branches Tags
Viyurz:main
..
compare: Viyurz:252c827d92339cba886a0f882b29918621196101
Branches Tags
Viyurz:main

No commits in common. "49bb55087dc721a0a70a3cae6e905690c8592773" and "252c827d92339cba886a0f882b29918621196101" have entirely different histories.
49bb55087d ... 252c827d92

2 changed files with 31 additions and 35 deletions
Show stats Expand all files Collapse all files

30
README.md
View file

@ -1,15 +1,15 @@
# vps # vps
This repository contains all the files I use to manage my services hosted on [viyurz.fr](https://viyurz.fr). This repository contains all the files I use to manage services hosted on [viyurz.fr](https://viyurz.fr).
## Requirements ## Requirements
### Initial setup ### Ansible
Run the setup script: Install Ansible:
```sh ```
./setup.sh sudo apt install -y ansible
``` ```
### SSL certificates ### SSL certificates
@ -34,10 +34,6 @@ sudo zerossl-bot certonly --nginx -m viyurz@viyurz.fr -d turn.viyurz.fr
sudo certbot certonly --nginx -d mail.viyurz.fr sudo certbot certonly --nginx -d mail.viyurz.fr
``` ```
### Secrets
Copy the existing `secrets.yml.example` file to `secrets.yml` and fill the variables.
### Storagebox ### Storagebox
Add credential: Add credential:
@ -49,12 +45,22 @@ username=MYUSERNAME
password=MYPASSWORD password=MYPASSWORD
``` ```
Copy the file `fstab` and edit it accordingly (username and potentially uids/gids). Copy & edit file `fstab`.
## Secrets
Copy the existing `secrets.yml.example` to `secrets.yml`, run `ansible-vault encrypt secrets.yml` to encrypt the file with a password, and finally edit the newly encrypted file with `ansible-vault edit secrets.yml`.
If you want to change the vault password run `ansible-vault rekey secrets.yml`.
## Backups ## Backups
Create a cronjob to periodically backup all projects: Run the `backup-services.yml` playbook once to setup the passphrase file.
After that, you can create a root cronjob to run this playbook without requiring interactivity:
``` ```
0 4 * * * /home/viyurz/vps/manage.py backup '' 0 4 * * * export ANSIBLE_ROLES_PATH=/home/viyurz/vps/roles/; /usr/bin/ansible-playbook /home/viyurz/vps/playbooks/backup-services.yml -e include_secrets=false -e selected_projects=''
``` ```
Here we leave `selected_projects` empty to backup all projects.

36
manage.py
View file

@ -53,8 +53,7 @@ def borgCreate(name, path=None, database=None):
if database is not None: if database is not None:
print(f"Dumping database {database}.") print(f"Dumping database {database}.")
dockerEnv = {"DOCKER_HOST": 'unix:///run/user/1000/docker.sock'} dumpProc = subprocess.run(["docker", "exec", "postgres", "pg_dump", "-c", database], capture_output=True, text=True)
dumpProc = subprocess.run(["docker", "exec", "postgres", "pg_dump", "-c", database], capture_output=True, text=True, env=dockerEnv)
if dumpProc.returncode != 0: if dumpProc.returncode != 0:
print(f"Failed to dump database {database}.", file=sys.stderr) print(f"Failed to dump database {database}.", file=sys.stderr)
return 1 return 1
@ -301,37 +300,28 @@ def main():
print("\nUsing socket " + env['socket'] + ".") print("\nUsing socket " + env['socket'] + ".")
print("\nChoose action:")
print("[1/S] Setup project")
print("[2/U] Update project")
print("[3/B] Backup project")
action = '' action = ''
if len(sys.argv) > 1:
action = sys.argv[1]
else:
print("\nChoose action:")
print("[1/S] Setup project")
print("[2/U] Update project")
print("[3/B] Backup project")
while action == '': while action == '':
action = input("Action: ") action = input("Action: ")
projects = os.listdir("projects") projects = os.listdir("projects")
print(f"\nProjects list: {projects}") print(f"\nProjects list: {projects}")
if len(sys.argv) > 2:
target_projects = sys.argv[2]
else:
target_projects = input("Target compose project(s), space separated, leave empty to target all: ")
if target_projects.strip() == '': target_projects = input("Target compose project(s), space separated, leave empty to target all: ")
if target_projects == '':
target_projects = projects target_projects = projects
else: else:
target_projects = re.split(' ?, ?| ', target_projects.strip()) target_projects = target_projects.split(' ')
print(f"Target projects: {target_projects}") print(f"Target projects: {target_projects}")
match action:
match action.casefold(): case '1' | 'S':
case '1' | 's' | 'setup':
setNftables() setNftables()
for project in target_projects: for project in target_projects:
@ -342,7 +332,7 @@ def main():
print(e, file=sys.stderr) print(e, file=sys.stderr)
print(f"Failed to setup project {project}.", file=sys.stderr) print(f"Failed to setup project {project}.", file=sys.stderr)
case '2' | 'u' | 'update': case '2' | 'U':
for project in target_projects: for project in target_projects:
try: try:
print() print()
@ -351,7 +341,7 @@ def main():
print(e, file=sys.stderr) print(e, file=sys.stderr)
print(f"Failed to update project {project}.", file=sys.stderr) print(f"Failed to update project {project}.", file=sys.stderr)
case '3' | 'b' | 'backup': case '3' | 'B':
print() print()
if not os.path.exists(env['borg_repo']): if not os.path.exists(env['borg_repo']):
print(f"Creating borg repository {env['borg_repo']}.") print(f"Creating borg repository {env['borg_repo']}.")