-
Notifications
You must be signed in to change notification settings - Fork 2
/
spoke-app-provision
executable file
·157 lines (131 loc) · 4.16 KB
/
spoke-app-provision
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/usr/bin/env bash
set -o errexit
set -o pipefail
main() {
local target="${1:-system0}"
"_run_${target}"
}
_run_system0() {
set -o xtrace
cd /tmp
sudo swapon --show | if ! grep -q /swap; then
sudo fallocate -l 8G /swap
sudo chmod 600 /swap
sudo mkswap -L swap /swap
sudo swapon /swap
fi
if ! grep -q ^LABEL=swap /etc/fstab &>/dev/null; then
echo 'LABEL=swap none swap sw 0 0' | sudo tee -a /etc/fstab
fi
sudo sysctl vm.swappiness=10
echo 'vm.swappiness=10' | sudo tee /etc/sysctl.d/99-swappiness.conf
sudo sysctl vm.vfs_cache_pressure=50
echo 'vm.vfs_cache_pressure=50' |
sudo tee /etc/sysctl.d/99-cache-pressure.conf
sudo apt-get update -y
sudo apt-get install -y \
build-essential \
ca-certificates \
curl \
git \
gnupg \
nginx-full \
redis
dpkg --get-selections || true |
if ! grep -qE '^postgresql-client-13.+install$'; then
echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" |
sudo tee /etc/apt/sources.list.d/pgdg.list &>/dev/null
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update -y
sudo apt-get install -y postgresql-13 postgresql-client-13
fi
pg_ctlcluster 13 main start
sudo -H -u postgres bash <<PGSETUP
set -o allexport
# shellcheck source=/dev/null
source /tmp/app.env
createuser spoke || true
createdb --owner=spoke spoke || true
psql -c "GRANT ALL ON DATABASE spoke TO spoke"
set +o xtrace
psql -c "ALTER USER spoke WITH PASSWORD '\${DB_PASSWORD}';"
PGSETUP
if ! command -v yarn; then
curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" |
sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update -y
sudo apt-get install -y --no-install-recommends yarn
fi
if ! getent passwd spoke; then
sudo useradd --create-home --comment 'Spoke app' spoke
fi
sudo chsh -s /bin/bash spoke
sudo chown -R spoke:spoke /home/spoke
mv -v /tmp/spoke.crt /home/spoke/spoke.crt
mv -v /tmp/spoke.key /home/spoke/spoke.key
chmod 0600 /home/spoke/spoke.crt /home/spoke/spoke.key
chown spoke /home/spoke/spoke.crt /home/spoke/spoke.key
cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default
if [[ -s /tmp/nginx-sites-default-override.conf ]]; then
cp -v /tmp/nginx-sites-default-override.conf /etc/nginx/sites-available/default
fi
ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
sha1sum /etc/nginx/sites-available/default
systemctl restart nginx
}
_run_system1() {
set -o xtrace
sudo cp -v /tmp/spoke.service /etc/systemd/system/spoke.service
sudo systemctl enable spoke
sudo systemctl stop spoke || true
sudo systemctl start spoke || true
}
_run_spoke0() {
set -o xtrace
set -o allexport
# shellcheck source=/dev/null
source /tmp/app.env
set +o allexport
git --version
if [[ ! -d /home/spoke/app/.git ]]; then
git clone https://github.com/MoveOnOrg/Spoke.git /home/spoke/app
fi
cd /home/spoke/app
git fetch
git checkout -qf "${TERRAFORM_SPOKE_VERSION}"
cp -v /tmp/spoke-app-run /home/spoke/spoke-app-run
chmod +x /home/spoke/spoke-app-run
if ! command -v nvm; then
curl -fsSL \
https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
set +o errexit
set +o xtrace
# shellcheck source=/dev/null
source ~/.nvm/nvm.sh
set -o xtrace
set -o errexit
fi
nvm --version 2>/dev/null
nvm install 2>/dev/null
nvm use 2>/dev/null
cp -v /tmp/app.env /home/spoke/app/.env
sha1sum /home/spoke/app/.env
yarn --version
yarn install --ignore-scripts --non-interactive --frozen-lockfile
local git_head
git_head="$(cat .git/HEAD || true)"
local yarn_prod_build_ref
yarn_prod_build_ref="$(
cat /home/spoke/yarn_prod_build_ref 2>/dev/null || true
)"
if [[ "${git_head}" == "${yarn_prod_build_ref}" ]]; then
echo "skipping yarn run prod-build"
return
fi
yarn run prod-build
rm -rf ./node_modules
yarn install --production --ignore-scripts
echo "${git_head}" >/home/spoke/yarn_prod_build_ref
}
main "${@}"