terraform-digitalocean-spoke/spoke-app-provision

#!/usr/bin/env bash
set -o errexit
set -o pipefail

main() {
  local target="${1:-system0}"
  "_run_${target}"
}

_run_system0() {
  set -o xtrace
  cd /tmp

  sudo swapon --show | if ! grep -q /swap; then
    sudo fallocate -l 8G /swap
    sudo chmod 600 /swap
    sudo mkswap -L swap /swap
    sudo swapon /swap
  fi

  if ! grep -q ^LABEL=swap /etc/fstab &>/dev/null; then
    echo 'LABEL=swap none swap sw 0 0' | sudo tee -a /etc/fstab
  fi

  sudo sysctl vm.swappiness=10
  echo 'vm.swappiness=10' | sudo tee /etc/sysctl.d/99-swappiness.conf

  sudo sysctl vm.vfs_cache_pressure=50
  echo 'vm.vfs_cache_pressure=50' |
    sudo tee /etc/sysctl.d/99-cache-pressure.conf

  sudo apt-get update -y
  sudo apt-get install -y \
    build-essential \
    ca-certificates \
    curl \
    git \
    gnupg \
    nginx-full \
    redis

  dpkg --get-selections || true |
    if ! grep -qE '^postgresql-client-13.+install$'; then
      echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" |
        sudo tee /etc/apt/sources.list.d/pgdg.list &>/dev/null
      curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
      sudo apt-get update -y
      sudo apt-get install -y postgresql-13 postgresql-client-13
    fi

  pg_ctlcluster 13 main start
  sudo -H -u postgres bash <<PGSETUP
    set -o allexport
    # shellcheck source=/dev/null
    source /tmp/app.env
    createuser spoke || true
    createdb --owner=spoke spoke || true
    psql -c "GRANT ALL ON DATABASE spoke TO spoke"
    set +o xtrace
    psql -c "ALTER USER spoke WITH PASSWORD '\${DB_PASSWORD}';"
PGSETUP

  if ! command -v yarn; then
    curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
    echo "deb https://dl.yarnpkg.com/debian/ stable main" |
      sudo tee /etc/apt/sources.list.d/yarn.list
    sudo apt-get update -y
    sudo apt-get install -y --no-install-recommends yarn
  fi

  if ! getent passwd spoke; then
    sudo useradd --create-home --comment 'Spoke app' spoke
  fi

  sudo chsh -s /bin/bash spoke
  sudo chown -R spoke:spoke /home/spoke

  mv -v /tmp/spoke.crt /home/spoke/spoke.crt
  mv -v /tmp/spoke.key /home/spoke/spoke.key
  chmod 0600 /home/spoke/spoke.crt /home/spoke/spoke.key
  chown spoke /home/spoke/spoke.crt /home/spoke/spoke.key
  cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default
  if [[ -s /tmp/nginx-sites-default-override.conf ]]; then
    cp -v /tmp/nginx-sites-default-override.conf /etc/nginx/sites-available/default
  fi
  ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
  sha1sum /etc/nginx/sites-available/default
  systemctl restart nginx
}

_run_system1() {
  set -o xtrace
  sudo cp -v /tmp/spoke.service /etc/systemd/system/spoke.service

  sudo systemctl enable spoke
  sudo systemctl stop spoke || true
  sudo systemctl start spoke || true
}

_run_spoke0() {
  set -o xtrace

  set -o allexport
  # shellcheck source=/dev/null
  source /tmp/app.env
  set +o allexport

  git --version
  if [[ ! -d /home/spoke/app/.git ]]; then
    git clone https://github.com/MoveOnOrg/Spoke.git /home/spoke/app
  fi

  cd /home/spoke/app
  git fetch
  git checkout -qf "${TERRAFORM_SPOKE_VERSION}"

  cp -v /tmp/spoke-app-run /home/spoke/spoke-app-run
  chmod +x /home/spoke/spoke-app-run

  if ! command -v nvm; then
    curl -fsSL \
      https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
    set +o errexit
    set +o xtrace
    # shellcheck source=/dev/null
    source ~/.nvm/nvm.sh
    set -o xtrace
    set -o errexit
  fi
  nvm --version 2>/dev/null
  nvm install 2>/dev/null
  nvm use 2>/dev/null

  cp -v /tmp/app.env /home/spoke/app/.env
  sha1sum /home/spoke/app/.env

  yarn --version
  yarn install --ignore-scripts --non-interactive --frozen-lockfile

  local git_head
  git_head="$(cat .git/HEAD || true)"
  local yarn_prod_build_ref
  yarn_prod_build_ref="$(
    cat /home/spoke/yarn_prod_build_ref 2>/dev/null || true
  )"
  if [[ "${git_head}" == "${yarn_prod_build_ref}" ]]; then
    echo "skipping yarn run prod-build"
    return
  fi

  yarn run prod-build
  rm -rf ./node_modules
  yarn install --production --ignore-scripts
  echo "${git_head}" >/home/spoke/yarn_prod_build_ref
}

main "${@}"
Porting over most of the things 2020-02-10 03:28:45 +00:00			`#!/usr/bin/env bash`
			`set -o errexit`
			`set -o pipefail`

			`main() {`
			`local target="${1:-system0}"`
			`"_run_${target}"`
			`}`

			`_run_system0() {`
			`set -o xtrace`
Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`cd /tmp`
Porting over most of the things 2020-02-10 03:28:45 +00:00
			`sudo swapon --show \| if ! grep -q /swap; then`
			`sudo fallocate -l 8G /swap`
			`sudo chmod 600 /swap`
			`sudo mkswap -L swap /swap`
			`sudo swapon /swap`
			`fi`

			`if ! grep -q ^LABEL=swap /etc/fstab &>/dev/null; then`
			`echo 'LABEL=swap none swap sw 0 0' \| sudo tee -a /etc/fstab`
			`fi`

			`sudo sysctl vm.swappiness=10`
			`echo 'vm.swappiness=10' \| sudo tee /etc/sysctl.d/99-swappiness.conf`

			`sudo sysctl vm.vfs_cache_pressure=50`
			`echo 'vm.vfs_cache_pressure=50' \|`
			`sudo tee /etc/sysctl.d/99-cache-pressure.conf`

			`sudo apt-get update -y`
			`sudo apt-get install -y \`
			`build-essential \`
			`ca-certificates \`
			`curl \`
			`git \`
			`gnupg \`
Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`nginx-full \`
Porting over most of the things 2020-02-10 03:28:45 +00:00			`redis`

Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`dpkg --get-selections \|\| true \|`
Many updates! terraform 0.14 formatting, nginx compat, error handling 2021-04-06 14:54:30 +00:00			`if ! grep -qE '^postgresql-client-13.+install$'; then`
Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" \|`
			`sudo tee /etc/apt/sources.list.d/pgdg.list &>/dev/null`
			`curl https://www.postgresql.org/media/keys/ACCC4CF8.asc \| sudo apt-key add -`
			`sudo apt-get update -y`
Many updates! terraform 0.14 formatting, nginx compat, error handling 2021-04-06 14:54:30 +00:00			`sudo apt-get install -y postgresql-13 postgresql-client-13`
Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`fi`

Many updates! terraform 0.14 formatting, nginx compat, error handling 2021-04-06 14:54:30 +00:00			`pg_ctlcluster 13 main start`
Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`sudo -H -u postgres bash <<PGSETUP`
			`set -o allexport`
Address some shellcheckery 2020-03-05 01:46:02 +00:00			`# shellcheck source=/dev/null`
Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`source /tmp/app.env`
			`createuser spoke \|\| true`
			`createdb --owner=spoke spoke \|\| true`
			`psql -c "GRANT ALL ON DATABASE spoke TO spoke"`
			`set +o xtrace`
			`psql -c "ALTER USER spoke WITH PASSWORD '\${DB_PASSWORD}';"`
			`PGSETUP`

			`if ! command -v yarn; then`
			`curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg \| sudo apt-key add -`
			`echo "deb https://dl.yarnpkg.com/debian/ stable main" \|`
			`sudo tee /etc/apt/sources.list.d/yarn.list`
			`sudo apt-get update -y`
			`sudo apt-get install -y --no-install-recommends yarn`
			`fi`
Porting over most of the things 2020-02-10 03:28:45 +00:00
			`if ! getent passwd spoke; then`
			`sudo useradd --create-home --comment 'Spoke app' spoke`
			`fi`

			`sudo chsh -s /bin/bash spoke`
			`sudo chown -R spoke:spoke /home/spoke`
Use cert bits from home directory to allow for safer+easier remote updates 2020-02-13 16:03:11 +00:00
			`mv -v /tmp/spoke.crt /home/spoke/spoke.crt`
			`mv -v /tmp/spoke.key /home/spoke/spoke.key`
			`chmod 0600 /home/spoke/spoke.crt /home/spoke/spoke.key`
Ensure the key and cert are owned by spoke 2020-02-13 16:23:44 +00:00			`chown spoke /home/spoke/spoke.crt /home/spoke/spoke.key`
Use cert bits from home directory to allow for safer+easier remote updates 2020-02-13 16:03:11 +00:00			`cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default`
Many updates! terraform 0.14 formatting, nginx compat, error handling 2021-04-06 14:54:30 +00:00			`if [[ -s /tmp/nginx-sites-default-override.conf ]]; then`
			`cp -v /tmp/nginx-sites-default-override.conf /etc/nginx/sites-available/default`
			`fi`
Use cert bits from home directory to allow for safer+easier remote updates 2020-02-13 16:03:11 +00:00			`ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default`
			`sha1sum /etc/nginx/sites-available/default`
			`systemctl restart nginx`
Porting over most of the things 2020-02-10 03:28:45 +00:00			`}`

			`_run_system1() {`
			`set -o xtrace`
			`sudo cp -v /tmp/spoke.service /etc/systemd/system/spoke.service`

			`sudo systemctl enable spoke`
			`sudo systemctl stop spoke \|\| true`
			`sudo systemctl start spoke \|\| true`
			`}`

			`_run_spoke0() {`
			`set -o xtrace`

Allow injection of Spoke version and update some version numbers! 2020-03-05 01:44:31 +00:00			`set -o allexport`
Address some shellcheckery 2020-03-05 01:46:02 +00:00			`# shellcheck source=/dev/null`
Allow injection of Spoke version and update some version numbers! 2020-03-05 01:44:31 +00:00			`source /tmp/app.env`
			`set +o allexport`

Porting over most of the things 2020-02-10 03:28:45 +00:00			`git --version`
			`if [[ ! -d /home/spoke/app/.git ]]; then`
			`git clone https://github.com/MoveOnOrg/Spoke.git /home/spoke/app`
			`fi`
Allow injection of Spoke version and update some version numbers! 2020-03-05 01:44:31 +00:00
Porting over most of the things 2020-02-10 03:28:45 +00:00			`cd /home/spoke/app`
One must fetch! 2020-03-05 02:17:18 +00:00			`git fetch`
Allow injection of Spoke version and update some version numbers! 2020-03-05 01:44:31 +00:00			`git checkout -qf "${TERRAFORM_SPOKE_VERSION}"`
Porting over most of the things 2020-02-10 03:28:45 +00:00
			`cp -v /tmp/spoke-app-run /home/spoke/spoke-app-run`
			`chmod +x /home/spoke/spoke-app-run`

			`if ! command -v nvm; then`
			`curl -fsSL \`
Modernizing many things - use hashicorp/setup-terraform action - bump terraform requirement to 0.13 - bump digitalocean provider requirement to 1.22 - bump to latest nvm - remove a bunch of unnecessary quotes 2020-08-23 02:28:12 +00:00			`https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh \| bash`
Porting over most of the things 2020-02-10 03:28:45 +00:00			`set +o errexit`
			`set +o xtrace`
Address some shellcheckery 2020-03-05 01:46:02 +00:00			`# shellcheck source=/dev/null`
Porting over most of the things 2020-02-10 03:28:45 +00:00			`source ~/.nvm/nvm.sh`
			`set -o xtrace`
			`set -o errexit`
			`fi`
			`nvm --version 2>/dev/null`
			`nvm install 2>/dev/null`
			`nvm use 2>/dev/null`

Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`cp -v /tmp/app.env /home/spoke/app/.env`
Porting over most of the things 2020-02-10 03:28:45 +00:00			`sha1sum /home/spoke/app/.env`

			`yarn --version`
			`yarn install --ignore-scripts --non-interactive --frozen-lockfile`

			`local git_head`
			`git_head="$(cat .git/HEAD \|\| true)"`
			`local yarn_prod_build_ref`
			`yarn_prod_build_ref="$(`
			`cat /home/spoke/yarn_prod_build_ref 2>/dev/null \|\| true`
			`)"`
			`if [[ "${git_head}" == "${yarn_prod_build_ref}" ]]; then`
			`echo "skipping yarn run prod-build"`
			`return`
			`fi`

			`yarn run prod-build`
			`rm -rf ./node_modules`
			`yarn install --production --ignore-scripts`
Sprinkle on some dynamic blocks 2020-02-12 01:02:22 +00:00			`echo "${git_head}" >/home/spoke/yarn_prod_build_ref`
Porting over most of the things 2020-02-10 03:28:45 +00:00			`}`

			`main "${@}"`