feat: misc changes

main
Ricard Illa 2023-05-09 15:42:51 +02:00
parent f068c5b81d
commit 1c80a79f95
2 changed files with 54 additions and 38 deletions

View File

@ -1,10 +1,18 @@
WD=/var/lib/dags/acme_renew WD=/var/lib/dags/acme_renew
.PHONY: all refresh_pg renew_certs caladan_sync fugu_sync pikvm_sync caladan_trigger fugu_trigger pivkm_trigger .PHONY: all refresh_pg renew_certs
NGINX_RELOAD=$(WD)/nginx_reload NGINX_RELOAD=$(WD)/nginx_reload
all: renew_certs caladan_trigger fugu_trigger pikvm_trigger $(NGINX_RELOAD) refresh_pg CALADAN_SYNC=$(WD)/caladan_sync
FUGU_SYNC=$(WD)/fugu_sync
PIKVM_SYNC=$(WD)/pikvm_sync
CALADAN_TRIGGER=$(WD)/caladan_trigger
FUGU_TRIGGER=$(WD)/fugu_trigger
PIKVM_TRIGGER=$(WD)/pikvm_trigger
all: renew_certs $(CALADAN_TRIGGER) $(FUGU_TRIGGER) $(PIKVM_TRIGGER) $(NGINX_RELOAD) refresh_pg
############################################################################### ###############################################################################
@ -12,7 +20,8 @@ ACME_DIR=/srv/certs/acme
DOMAIN=monotremata.xyz DOMAIN=monotremata.xyz
CERT_PATH=$(ACME_DIR)/$(DOMAIN) CERT_PATH=$(ACME_DIR)/$(DOMAIN)
CERT=$(CERT_PATH)/fullchain.cer FULLCHAIN=$(CERT_PATH)/fullchain.cer
CERT=$(CERT_PATH)/$(DOMAIN).cer
KEY=$(CERT_PATH)/$(DOMAIN).key KEY=$(CERT_PATH)/$(DOMAIN).key
############################################################################### ###############################################################################
@ -24,6 +33,7 @@ SSH_KEY=/srv/certs/ssh/users/dags/id_ed25519
# target, it will be run each time, but the certificate files will only be # target, it will be run each time, but the certificate files will only be
# updated if a renewal happens # updated if a renewal happens
$(FULLCHAIN): renew_certs
$(CERT): renew_certs $(CERT): renew_certs
$(KEY): renew_certs $(KEY): renew_certs
@ -44,52 +54,54 @@ renew_certs:
$(DOCKER_IMAGE) \ $(DOCKER_IMAGE) \
$(RENEW_CMD) $(RENEW_CMD)
caladan_sync: renew_certs ###############################################################################
rsync \ # Sync the certs to remote hosts and trigger DAGs there
--archive \
--delete \
--compress \
--verbose \
--human-readable \
--rsh "ssh -i $(SSH_KEY)" \
--rsync-path="doas rsync" \
$(ACME_DIR)/ \
dags@caladan:$(ACME_DIR)
fugu_sync: renew_certs RSYNC_ARGS=--archive --delete --compress --verbose --human-readable --rsh "ssh -i $(SSH_KEY)"
$(CALADAN_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
mkdir -p $(@D)
rsync \ rsync \
--archive \ $(RSYNC_ARGS) \
--delete \
--compress \
--verbose \
--human-readable \
--rsh "ssh -i $(SSH_KEY)" \
--rsync-path="doas rsync" \ --rsync-path="doas rsync" \
$(ACME_DIR)/ \ $^ \
dags@caladan:$(ACME_DIR)
touch $@
$(FUGU_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
mkdir -p $(@D)
rsync \
$(RSYNC_ARGS) \
--rsync-path="doas rsync" \
$^ \
dags@fugu:$(ACME_DIR) dags@fugu:$(ACME_DIR)
touch $@
KVMD_PST_DATA = /var/lib/kvmd/pst/data KVMD_PST_DATA = /var/lib/kvmd/pst/data
pikvm_sync: renew_certs $(PIKVM_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
mkdir -p $(@D)
rsync \ rsync \
--archive \ $(RSYNC_ARGS) \
--delete \
--compress \
--verbose \
--human-readable \
--rsh "ssh -i $(SSH_KEY)" \
--rsync-path="doas kvmd-pstrun -- rsync" \ --rsync-path="doas kvmd-pstrun -- rsync" \
$(ACME_DIR)/ \ $^ \
dags@pikvm:$(KVMD_PST_DATA)/acme dags@pikvm:$(KVMD_PST_DATA)/acme
touch $@
caladan_trigger: caladan_sync define remote_dag_trigger
ssh -i $(SSH_KEY) dags@caladan "doas make -C /srv/dags/caladan/acme_refresh" mkdir -p $(@D)
ssh -i $(SSH_KEY) dags@$(1) "doas /srv/dags/$(1)/$(2)/run.sh"
touch $@
endef
fugu_trigger: fugu_sync $(CALADAN_TRIGGER): $(CALADAN_SYNC)
ssh -i $(SSH_KEY) dags@fugu "doas gmake -C /srv/dags/fugu/acme_refresh" $(call remote_dag_trigger, caladan, acme_refresh)
pikvm_trigger: pikvm_sync $(FUGU_TRIGGER): $(FUGU_SYNC)
ssh -i $(SSH_KEY) dags@pikvm "doas /srv/dags/pikvm/acme_refresh/run.sh" $(call remote_dag_trigger, fugu, acme_refresh)
$(PIKVM_TRIGGER): $(PIKVM_SYNC)
$(call remote_dag_trigger, pikvm, acme_refresh)
############################################################################### ###############################################################################
# Reload the nginx instance running on my reverse proxy docker-compose service # Reload the nginx instance running on my reverse proxy docker-compose service
@ -102,7 +114,7 @@ pikvm_trigger: pikvm_sync
NGINX_COMPOSE_FILE=/srv/services/reverse_proxy/docker-compose.yml NGINX_COMPOSE_FILE=/srv/services/reverse_proxy/docker-compose.yml
$(NGINX_RELOAD): $(CERT) $(KEY) $(NGINX_RELOAD): $(FULLCHAIN) $(KEY)
mkdir -p $(@D) mkdir -p $(@D)
docker-compose \ docker-compose \
--file $(NGINX_COMPOSE_FILE) \ --file $(NGINX_COMPOSE_FILE) \
@ -118,7 +130,7 @@ PG_SSL_PATH=/mnt/docker_volumes/postgres/ssl
PG_CERT=$(PG_SSL_PATH)/server.crt PG_CERT=$(PG_SSL_PATH)/server.crt
PG_KEY=$(PG_SSL_PATH)/server.key PG_KEY=$(PG_SSL_PATH)/server.key
$(PG_CERT): $(CERT) $(PG_CERT): $(FULLCHAIN)
mkdir -p $(@D) mkdir -p $(@D)
rsync --copy-links $< $@ rsync --copy-links $< $@

4
narwhal/mirrors/run.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
DAG=$(dirname "$0")
make -C "$DAG"