69 lines
2.2 KiB
Bash
69 lines
2.2 KiB
Bash
#!/bin/bash
|
|
|
|
if [ "$(id -u)" != "0" ]; then
|
|
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
|
exit 0
|
|
fi
|
|
|
|
if [ -z "$1" ] || [ -z "$2" ]; then
|
|
echo "Please provide SERVER_HOST & SERVER_PASSWORD as arguments"
|
|
exit 1
|
|
fi
|
|
|
|
SSH_PORT=22
|
|
REMOTE_USER="root"
|
|
SERVER_HOST=$1
|
|
SERVER_PASSWORD=$2
|
|
SECRETS_DIR=/data/secrets
|
|
SECRETS_ENV=$SECRETS_DIR/$SERVER_HOST/$SERVER_HOST.env
|
|
|
|
DEV_ENV=$SECRETS_DIR/dev.env
|
|
|
|
source $SECRETS_ENV
|
|
source $DEV_ENV
|
|
|
|
SECRETS_SAFE=$SECRETS_DIR/safe
|
|
SECRETS_PATH=$SECRETS_SAFE/$SERVER_HOST.tar.gz
|
|
|
|
KEYS_FILE="$SECRETS_SAFE/keys.env"
|
|
|
|
trap 'echo -e "\033[31mremote.sh: Something went wrong\033[0m"; exit 1' ERR
|
|
set -e
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
echo "Get SAFE_PASSWORD for decrypt secrets archive on target host..."
|
|
KEY_VAR=$(echo "$SERVER_HOST" | tr '.' '_')
|
|
|
|
if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then
|
|
SAFE_PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2)
|
|
else
|
|
echo "SAFE_PASSWORD for $SERVER_HOST not found"
|
|
fi
|
|
|
|
echo "Reset known_hosts..."
|
|
ssh-keygen -f '/root/.ssh/known_hosts' -R $SERVER_HOST
|
|
|
|
echo "Install public SSH key from dev host to target host..."
|
|
sshpass -p $SERVER_PASSWORD ssh-copy-id -i ~/.ssh/id_ed25519.pub -p $SSH_PORT -o StrictHostKeyChecking=no $REMOTE_USER@$SERVER_HOST
|
|
|
|
echo "Copy install script from dev host to target host in tmp dir..."
|
|
scp -P $SSH_PORT install.sh $REMOTE_USER@$SERVER_HOST:/tmp/install.sh
|
|
|
|
echo "Copy secrets-decrypt script from dev host to target host in tmp dir..."
|
|
scp -P $SSH_PORT secrets-decrypt.sh $REMOTE_USER@$SERVER_HOST:/tmp/secrets-decrypt.sh
|
|
|
|
echo "Create secrets directory on target host..."
|
|
ssh -p $SSH_PORT $REMOTE_USER@$SERVER_HOST "mkdir -p $SECRETS_SAFE"
|
|
|
|
echo "Copy secret archive from origin host to target host..."
|
|
ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "cat $SECRETS_PATH" | ssh $REMOTE_USER@$SERVER_HOST -p $SSH_PORT "cat > $SECRETS_PATH"
|
|
|
|
echo "Run secrets-decrypt script for decrypt secrets archive on target host..."
|
|
ssh -p $SSH_PORT $REMOTE_USER@$SERVER_HOST "bash /tmp/secrets-decrypt.sh $SAFE_PASSWORD $SECRETS_PATH $SECRETS_DIR/$SERVER_HOST"
|
|
|
|
echo "Run install script on target host..."
|
|
ssh -p $SSH_PORT $REMOTE_USER@$SERVER_HOST "bash /tmp/install.sh $SERVER_HOST $SERVER_ORIGIN_PASSWORD $GITEA_API_ADD_SSH_KEY"
|
|
|
|
trap - ERR
|
|
echo "Remote install complete" |