diff --git a/.drone.yml b/.drone.yml index 66e110a..d997c8f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -48,10 +48,16 @@ steps: STAGING_ACME=true curl --fail https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/commit/$INFECT_COMMIT_SHA/nixos-infect \ - | bash 2>&1 | tee /root/nixos-infect.log + | bash 2>&1 | tee /root/infect.log EOF - cat infect.sh - - http -v --check-status --ignore-stdin POST https://api.hetzner.cloud/v1/servers Authorization:"Bearer $PASSWORD" name=ci-sibling server_type=cx11 start_after_create:=true image=ubuntu-20.04 user_data=@infect.sh automount:=false location=fsn1 + - location=fsn1 + - set -o pipefail + - > + volume_id="$(http -d --print=HBb --ignore-stdin POST https://api.hetzner.cloud/v1/volumes Authorization:"Bearer $PASSWORD" format=ext4 size:=10 location=$location name=10gb-by-drone-ci automount:=false | jq -re .volume.id)" + # TODO pass linux device volume_id name to infect.sh script + - > + http -d --print=HBb --ignore-stdin POST https://api.hetzner.cloud/v1/servers Authorization:"Bearer $PASSWORD" name=ci-sibling server_type=cx11 start_after_create:=true image=ubuntu-20.04 volumes:=[$volume_id] user_data=@infect.sh automount:=false location=$location - name: dns environment: @@ -214,6 +220,15 @@ steps: echo "$ZONE_ID" - > echo "$result" | jq '.[] | "\(.id)"' | while read id ; do echo "Deleting $id"; http -v --check-status --ignore-stdin DELETE https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$(echo $id | cut -f 2 -d '"') Authorization:"Bearer $CLOUDFLARE_TOKEN"; done + - location="fsn1" + - volume_name="10gb-by-drone-ci" + - > + volumes_json="$(http -d --print=HBb --ignore-stdin GET https://api.hetzner.cloud/v1/volumes Authorization:"Bearer $PASSWORD" name=$volume_name)" + # as of 2023-12-27 Hetzner ignores "name" query parameter (and others too)!! + - > + volume_id="$(jq <<<"$volumes_json" -re "(.volumes[] | select(.name == \"$volume_name\")).id")" + - > + http -d --print=HBb --ignore-stdin DELETE https://api.hetzner.cloud/v1/volumes/$volume_id Authorization:"Bearer $PASSWORD" when: status: - failure diff --git a/nixos-infect b/nixos-infect index 6003e11..a1254fe 100755 --- a/nixos-infect +++ b/nixos-infect @@ -32,10 +32,27 @@ genOptionalSsh() { EOF } +# TODO receive disk device from outside +determine2ndDisk() { + case "$PROVIDER" in + hetzner) + echo "/dev/sdb" + ;; + digitalocean) + echo "/dev/sda" + ;; + *) + return 1 + ;; + esac +} + # Merge original userdata.json with deployment specific fields and print result. genUserdata() { - local HASHED_PASSWORD userdata_infect release - HASHED_PASSWORD="$(mkpasswd -m sha-512 "$USER_PASS")" + local hashed_password diskDeviceName userdata_infect + hashed_password="$(mkpasswd -m sha-512 "$USER_PASS")" + diskDevice="$(determine2ndDisk)" + diskDeviceName="${diskDevice##/dev}" userdata_infect=$(cat << EOF { @@ -48,9 +65,33 @@ genUserdata() { "provider": "$PROVIDER" }, "domain": "$DOMAIN", - "hashedMasterPassword": "$HASHED_PASSWORD", + "hashedMasterPassword": "$hashed_password", "hostname": "$HOSTNAME", - "username": "$LUSER" + "username": "$LUSER", + "volumes": [ + { + "device": "$diskDevice", + "mountPoint": "/volumes/$diskDeviceName", + "fsType": "ext4" + } + ], + "modules": { + "bitwarden": { + "location": "$diskDeviceName" + }, + "gitea": { + "location": "$diskDeviceName" + }, + "nextcloud": { + "location": "$diskDeviceName" + }, + "pleroma": { + "location": "$diskDeviceName" + }, + "simple-nixos-mailserver": { + "location": "$diskDeviceName" + } + } } EOF ) @@ -471,6 +512,7 @@ infect() { set -o errtrace set -o nounset set -o pipefail +set -o xtrace shopt -s inherit_errexit trap 'echo ${LINENO}: "$BASH_COMMAND"; exit 1' ERR