#!/bin/bash set -e prompt_with_default() { local prompt_message="$1" local default_value="$2" read -p "$prompt_message [$default_value]: " input echo "${input:-$default_value}" } DNS_ENDPOINT=$(prompt_with_default "Enter DNS endpoint" "https://hatecomputers.club/dns") BIND_FILE=$(prompt_with_default "Enter bind file path" "roles/nameservers/templates/db.simponic.xyz.j2") SERVICE_TITLE=$(prompt_with_default "Enter service title" "whois simponic.") SERVICE=$(prompt_with_default "Enter service name" "whois") SERVICE_PORT=$(prompt_with_default "Enter service port" "8466") SERVICE_REPO=$(prompt_with_default "Enter service repository URL" "git.simponic.xyz/simponic/$SERVICE") SERVICE_ORIGIN=$(prompt_with_default "Enter service origin URL" "git@git.simponic.xyz:simponic/$SERVICE") INTERNAL=$(prompt_with_default "Is the service internal? (yes/no)" "no") SERVICE_HOST=$(prompt_with_default "Enter service host" "ryo") PACKAGE_PATH=$(prompt_with_default "Enter package path" "$HOME/git/simponic/$SERVICE") HATECOMPUTERS_API_KEY=$(prompt_with_default "Enter hatecomputers API key (paste from clipboard)" "$(wl-paste)") function render_template() { cp -r template $PACKAGE_PATH grep -rlZ "{{ service }}" $PACKAGE_PATH | xargs -0 sed -i "s/{{ service }}/$SERVICE/g" grep -rlZ "{{ service_host }}" $PACKAGE_PATH | xargs -0 sed -i "s/{{ service_host }}/$SERVICE_HOST/g" grep -rlZ "{{ service_repo }}" $PACKAGE_PATH | xargs -0 sed -i "s/{{ service_repo }}/$(echo $SERVICE_REPO | sed 's/\//\\\//g')/g" grep -rlZ "{{ service_port }}" $PACKAGE_PATH | xargs -0 sed -i "s/{{ service_port }}/$SERVICE_PORT/g" grep -rlZ "{{ service_title }}" $PACKAGE_PATH | xargs -0 sed -i "s/{{ service_title }}/$SERVICE_TITLE/g" } function test_and_commit_code() { cd $PACKAGE_PATH go fmt ./... go get go mod tidy go build go test -v ./... echo "everything looks good, can you make a repo at https://$SERVICE_REPO (press enter when done)" read echo "cool. now, please sync it with drone (https://drone.internal.simponic.xyz/simponic/$SERVICE). (press enter when done)" read git init git add . git commit -m "initial commit by simponic-infra" git checkout -B main git remote add origin $SERVICE_ORIGIN git push -u origin main cd - } function add_dns_records() { if [[ "$INTERNAL" = "yes" ]]; then name="$SERVICE.internal.simponic.xyz." content="$SERVICE_HOST.internal.simponic.xyz." curl -H "Authorization: Bearer $HATECOMPUTERS_API_KEY" \ -F "type=CNAME&name=$name&content=$content&ttl=43200&internal=on" \ $DNS_ENDPOINT else name="$SERVICE.simponic.xyz." content="$SERVICE_HOST.simponic.xyz." sed -i "s|;; CNAME Records|;; CNAME Records\n$name\t43200\tIN\tCNAME\t$content|" $BIND_FILE fi } function add_nginx_config() { endpoint="$SERVICE.simponic.xyz" destination="roles/webservers/files/$SERVICE_HOST" if [[ $INTERNAL = "yes" ]]; then ednpoint="$SERVICE.internal.simponic.xyz" destination="roles/private/files/$SERVICE_HOST" else mkdir -p $destination echo "server { listen 443 ssl; server_name $endpoint; ssl_certificate /etc/letsencrypt/live/$endpoint/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$endpoint/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/$endpoint/fullchain.pem; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers \"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4\"; ssl_dhparam /etc/nginx/dhparams.pem; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:$SERVICE_PORT; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection \"upgrade\"; proxy_set_header Host \$server_name; proxy_buffering off; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; add_header Strict-Transport-Security \"max-age=15552000; includeSubDomains\" always; } }" > "$destination/https.$endpoint.conf" echo "server { listen 80; server_name $endpoint; location /.well-known/acme-challenge { root /var/www/letsencrypt; try_files \$uri \$uri/ =404; } location / { rewrite ^ https://$endpoint\$request_uri? permanent; } }" > "$destination/http.$endpoint.conf" fi } function create_role() { printf "\n[$SERVICE]\n$SERVICE_HOST ansible_user=root ansible_connection=ssh" >> inventory mkdir -p roles/$SERVICE/tasks mkdir -p roles/$SERVICE/templates cp $PACKAGE_PATH/docker-compose.yml roles/$SERVICE/templates/docker-compose.yml.j2 echo "--- - name: ensure $SERVICE docker/compose exist file: path: /etc/docker/compose/$SERVICE state: directory owner: root group: root mode: 0700 - name: ensure $SERVICE db exist file: path: /etc/docker/compose/$SERVICE/db state: directory owner: root group: root mode: 0777 - name: ensure $SERVICE env exist file: path: /etc/docker/compose/$SERVICE/.env state: file owner: root group: root mode: 0700 - name: build $SERVICE docker-compose.yml.j2 template: src: ../templates/docker-compose.yml.j2 dest: /etc/docker/compose/$SERVICE/docker-compose.yml owner: root group: root mode: u=rw,g=r,o=r - name: daemon-reload and enable $SERVICE ansible.builtin.systemd_service: state: restarted enabled: true name: docker-compose@$SERVICE" > roles/$SERVICE/tasks/main.yml echo "- name: deploy $SERVICE hosts: $SERVICE roles: - $SERVICE" > deploy-$SERVICE.yml } render_template test_and_commit_code add_dns_records add_nginx_config create_role