You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

184 lines
7.6 KiB

6 years ago
6 years ago
6 years ago
  1. #!/bin/bash
  2. . /etc/shlib
  3. include parse
  4. include common
  5. include pretty
  6. MIN_DISK_SPACE="${MIN_DISK_SPACE:-300M}"
  7. ## convert human size to bytes using numfmt
  8. ## Check remaining disk space
  9. if [ -n "$MIN_DISK_SPACE" ]; then
  10. min_disk_space_kbytes=$(numfmt --from=iec --to-unit=1024 "$MIN_DISK_SPACE") || {
  11. err "Invalid format for '\$MIN_DISK_SPACE'."
  12. exit 1
  13. }
  14. if ! remaining_kbytes=$(df / | awk 'NR==2 {print $4}'); then
  15. err "Failed to get remaining disk space."
  16. exit 1
  17. fi
  18. if [ "$remaining_kbytes" -lt "$min_disk_space_kbytes" ]; then
  19. err "Not enough disk space."
  20. human_min_dist_space=$(numfmt --to=iec --format="%.2f" --from-unit=1024 "$min_disk_space_kbytes") || {
  21. err "Failed to convert '\$MIN_DISK_SPACE' to human readable format."
  22. exit 1
  23. }
  24. human_remaining_kbytes=$(numfmt --to=iec --format="%.2f" --from-unit=1024 "$remaining_kbytes") || {
  25. err "Failed to convert '\$remaining_kbytes' to human readable format."
  26. exit 1
  27. }
  28. echo " - At least $human_min_dist_space are required." >&2
  29. echo " - Only $human_remaining_kbytes are available." >&2
  30. exit 1
  31. fi
  32. fi
  33. start=$SECONDS
  34. if [ -z "$NO_UPDATE" -a -d "/opt/apps/myc-manage" ]; then
  35. MYC_UPDATE_VERSION="${MYC_UPDATE_VERSION:-master}"
  36. Elt "Checking if myc-manage requires update..."
  37. cd /opt/apps/myc-manage
  38. REMOTE_HEAD="$(git ls-remote origin "refs/heads/${MYC_UPDATE_VERSION}" 2>/dev/null | cut -f 1)"
  39. if [ -z "$REMOTE_HEAD" ]; then
  40. err "Can't find remote branch '$MYC_UPDATE_VERSION'."
  41. echo " - Either this branch is not available on 'origin' remote." >&2
  42. echo " - Either 'origin' remote is not correctly set." >&2
  43. exit 1
  44. fi
  45. HEAD="$(git rev-parse HEAD)"
  46. if [ "$REMOTE_HEAD" != "$HEAD" ]; then
  47. print_info "new version available"
  48. Wrap -d "Update myc-manage" <<EOF || exit 1
  49. if ! [ -d "/opt/apps/myc-manage" ]; then
  50. mkdir -p /opt/apps && cd /opt/apps
  51. git clone https://git.myceliandre.fr/Myceliandre/myc-manage.git -b "$MYC_UPDATE_VERSION"
  52. else
  53. cd /opt/apps/myc-manage &&
  54. git checkout "$MYC_UPDATE_VERSION" &&
  55. git pull -r || exit 1
  56. fi
  57. ln -sfn /opt/apps/myc-manage/bin/* /usr/local/sbin/
  58. find -L /usr/local/sbin -maxdepth 1 -type l -ilname /opt/apps/myc-manage/bin/\* -delete
  59. EOF
  60. Feed || exit 1
  61. export NO_UPDATE=1
  62. exec myc-update
  63. exit 0
  64. else
  65. print_info "up to date"
  66. Feedback noop
  67. fi
  68. fi
  69. Wrap -d "Updating 0k-charms" <<EOF || exit 1
  70. cd /opt/apps/0k-charms
  71. git pull -r
  72. EOF
  73. charm --debug apply docker-host || exit 1
  74. ## there seem to be an error now within compose when trying to download let's encrypt image.
  75. Wrap -d "Updating some docker images" <<EOF || exit 1
  76. docker pull docker.0k.io/letsencrypt
  77. EOF
  78. Wrap -d "Updating cron scripts" <<EOF || exit 1
  79. for d in /etc/cron.{d,daily,hourly,monthly,weekly}; do
  80. ln -sfn "/opt/apps/myc-manage\$d/"* "\$d/" &&
  81. find -L "\$d" -maxdepth 1 -type l -ilname "/opt/apps/myc-manage\$d/"\* -delete
  82. done
  83. EOF
  84. Wrap -d "Updating sysctl scripts" <<EOF || exit 1
  85. for d in /etc/sysctl.d; do
  86. ln -sfn "/opt/apps/myc-manage\$d/"* "\$d/" &&
  87. find -L "\$d" -maxdepth 1 -type l -ilname "/opt/apps/myc-manage\$d/"\* -delete
  88. done
  89. EOF
  90. ## TODO GPG decript the keys and place them
  91. # Wrap -d "Updating ssh keys" <<EOF || exit 1
  92. # for d in /etc/ssh; do
  93. # ln -sfn "/opt/apps/myc-manage\$d/"* "\$d/" &&
  94. # find -L "\$d" -maxdepth 1 -type l -ilname "/opt/apps/myc-manage\$d/"\* -delete
  95. # done
  96. # EOF
  97. if [ -f "/root/.bashrc" ]; then
  98. Wrap -d "Enable colors in bash" <<'EOF' || exit 1
  99. sed -ri 's/^# (export LS_OPTIONS=.--color=auto.)/\1/;
  100. s/^# (eval "`dircolors`")/\1/;
  101. s/^# (alias ls='"'ls \\\$LS_OPTIONS'"')/\1/' /root/.bashrc
  102. EOF
  103. fi
  104. Wrap -d "Update authorization to send to ntfy server " <<'EOF' || exit 1
  105. mkdir -p /root/.ssh
  106. ## if file /root/.ssh/ntfy-key doesn’t exist we we create the key i
  107. if [ ! -f /root/.ssh/ntfy-key ]; then
  108. echo "-----BEGIN OPENSSH PRIVATE KEY-----
  109. b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
  110. NhAAAAAwEAAQAAAQEApGXqKYEJbv0xu/wKl1mXtiz90kZbqq7FALTZYyYqWZfsp4RtiHXi
  111. NC7WKFiabQ1j1s8WuE0I2xJNSpzjHuWouduLQ5WtTl0PIWausMYaHam5T1I3KLVBg1QNi8
  112. 0wL5LVMD3mMoxVstQmlvYOuODZSaCS6j6ND33IS5IG11M9xwR6IcUKLKnfF5h5OQbTSiQ0
  113. ANgw5KmYdGBQ8PUIQO0ELz0rhjJVZLADZspXLoWikNURmlYozfcSFcfOVA7AkqeMKMZd64
  114. 72WDGTd9NrAOq+hmLMKDfJXuHlKrNuqmK1jVGs/5YcSArrFyuvKOabT8AJfjBDEVtbsSeu
  115. mN44MoH1bwAAA8hI4f+cSOH/nAAAAAdzc2gtcnNhAAABAQCkZeopgQlu/TG7/AqXWZe2LP
  116. 3SRluqrsUAtNljJipZl+ynhG2IdeI0LtYoWJptDWPWzxa4TQjbEk1KnOMe5ai524tDla1O
  117. XQ8hZq6wxhodqblPUjcotUGDVA2LzTAvktUwPeYyjFWy1CaW9g644NlJoJLqPo0PfchLkg
  118. bXUz3HBHohxQosqd8XmHk5BtNKJDQA2DDkqZh0YFDw9QhA7QQvPSuGMlVksANmylcuhaKQ
  119. 1RGaVijN9xIVx85UDsCSp4woxl3rjvZYMZN302sA6r6GYswoN8le4eUqs26qYrWNUaz/lh
  120. xICusXK68o5ptPwAl+MEMRW1uxJ66Y3jgygfVvAAAAAwEAAQAAAQEAnzpm1tQ4QtvRc/Xm
  121. fDk2jCh/n06uMl8cSFbhxvqMQkK34HiPboBfG5PRsTpAOCej78acht12Gllbq0zRXneqOH
  122. nAJTGvrhrMMNm3kVgOq3RcG8vRyQfl8EFU7XdLmIhrHFKXx5XM22xIBCdGkyKU0o9IPMFg
  123. 9wQpH6jMH3psd3j9M7x9QwPZKujv5XMF7DrMdtwAsU/XPTHrOedxdmnVpy9hwTpygTP6Xs
  124. TRL9CgdoIo1arZAu8M5/h8xS37IKEe4lUNr/j5tJe3d0HQ+aXCtVrD1WDyZnslPnrDr0MQ
  125. XCbx957Kh6VJ11t8el7x21Yr0iuF+S/RSKxsiyqC3J4EAQAAAIAQabySOpcNGk/kR3A7KH
  126. Szz3uft+c9qmt9+b5Sth+GmRKEoOO51hi3K+WrzArMJ3AyO8QGodjBAStcbFMDW5DkWxFH
  127. 0BuuXL2JTNJdn/2iBQH2bjLI68zTCrqHapI4l3kwTFUDybZP9hcdN9QrsY10rh+WiUILt7
  128. gIB69cxQKeuAAAAIEAz7W5MrUL50A5wi7EMalR9+dIVDTvpyub7Ip6dczRyXt9Xz35mv4S
  129. pBaK0mabJPgNP23fGoDhsXhZoDxJpGaBMCciLujVt/wJCX+vXbXwBXwMi0DC9AF/W6FGYb
  130. GAusBeJzziXuEmQlirbKFTwkBMVOpMWvsX/DQgDjsTVKjm9u8AAACBAMqeZ17+r7602t9P
  131. 8Gie1YXde/T1vMeQAHNCOCBoiuERdM/xDyQE3EXk9Pj2LOvhEu9CskQUCkuZS4JcMO+GQz
  132. zfqty7nmi/sAQTwPe+Gl9dnvS+dixeDmS3g+rP+hEAYhVPQgQhm0zzMvzlYk437WB+9BYk
  133. JUr3Zp+T2t4WoOmBAAAAEm50ZnlAY29yZS0wMS4way5pbw==
  134. -----END OPENSSH PRIVATE KEY-----" > /root/.ssh/ntfy-key
  135. chmod 600 /root/.ssh/ntfy-key
  136. fi
  137. if ! ssh-keygen -F core-01.0k.io &> /dev/null; then
  138. echo "|1|e3yYRMYJg0EpbOeTplTgtI+KbY4=|PotgCF8Rwt2OZFKr1CGYWpJ6FRA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH8axkuXlI2zowRvL3Vyg/qgkKK57cqX7+9WRaLm9ECWkLvaVPGunR1zVJUZdTO3gjlSkqtblTcI00BBLt+zQvE=" \
  139. >> /root/.ssh/known_hosts
  140. fi
  141. config_file="/etc/ntfy/ntfy.conf"
  142. mkdir -p "${config_file%/*}"
  143. ## if the config file exist and LOGIN PASSWORD ARE already in we do nothing
  144. if [ -f "$config_file" ] && grep -qE '^LOGIN=|^PASSWORD=' "$config_file"; then
  145. echo "We found a configuration for ntfy server authentification located at $config_file"
  146. else
  147. cred=$(ssh -i /root/.ssh/ntfy-key ntfy@core-01.0k.io request-token)
  148. login_ntfy=$(echo $cred | awk '/^h_/{print $1; exit}')
  149. password_ntfy=$(echo $cred | awk '{print $2; exit}')
  150. if [ -f "$config_file" ]; then
  151. echo "LOGIN='$login_ntfy'" >> "$config_file"
  152. echo "PASSWORD='$password_ntfy'" >> "$config_file"
  153. else
  154. echo "LOGIN='$login_ntfy'" >> "$config_file"
  155. echo "PASSWORD='$password_ntfy'" >> "$config_file"
  156. fi
  157. fi
  158. EOF
  159. for keyfile in {/root,/home/debian}/.ssh/authorized_keys; do
  160. [ -e "$keyfile" ] || continue
  161. sed -ri 's%^ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDri3GHzDt0Il0jv6zLjwkge48dN9tv11sqVNnKoDeUxzk4kn7Ng5ldd3p6dYL6Pa5NDqJUAhO/d/q08IWuwfEbtj8Yc/EkahcRwVD2imPceUeDgyCaOJhq7WO4c9d9yG8PnRO2\+Zk92a9L5vuELVLr4UHIQOs2/eFRY2/ODV8ebf5L1issGzfLd/IPhX5oJwMwKfqIFOP7KPQ26duHNRq4bYOD9ePW4shfxmyQDk6dSImFat05ErT\+X7703PcPx/PX2AIqqz95zqM6M26BywAohuaD5joxKgkd/mMIJylvT8GEYDlcLMHwnM7LtwtyJ1O9dkVpsibIqGy20KlAOGPf admin@0k$%ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMV3USt/BLnXnUk7rk8v42mISZaXBZuULbh2vx2Amk7k admin@old0kreplacement%g' "$keyfile"
  162. done
  163. printf "Update finished ${GREEN}successfully${NORMAL} ${GRAY}(in %.2fs)${NORMAL}.\n" "$((SECONDS - start))"