From dff86e048695f24fda69ee4a8d9defb21ad2c66a Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 24 Feb 2025 14:08:48 +0100 Subject: [PATCH] move deploy scripts to start folder --- scripts/{ => maintain}/backup.sh | 0 scripts/maintain/generate_secrets.sh | 81 ++++++++++++++++++++ scripts/{ => start}/deploy-administration.sh | 16 ++-- scripts/{ => start}/deploy-all.sh | 11 ++- scripts/{ => start}/deploy-app.sh | 12 +-- scripts/{ => start}/deploy-overwrite.sh | 0 scripts/{ => start}/deploy-proxy.sh | 8 +- scripts/{ => start}/deploy-traefik.sh | 0 8 files changed, 105 insertions(+), 23 deletions(-) rename scripts/{ => maintain}/backup.sh (100%) create mode 100755 scripts/maintain/generate_secrets.sh rename scripts/{ => start}/deploy-administration.sh (77%) rename scripts/{ => start}/deploy-all.sh (87%) rename scripts/{ => start}/deploy-app.sh (78%) rename scripts/{ => start}/deploy-overwrite.sh (100%) rename scripts/{ => start}/deploy-proxy.sh (80%) rename scripts/{ => start}/deploy-traefik.sh (100%) diff --git a/scripts/backup.sh b/scripts/maintain/backup.sh similarity index 100% rename from scripts/backup.sh rename to scripts/maintain/backup.sh diff --git a/scripts/maintain/generate_secrets.sh b/scripts/maintain/generate_secrets.sh new file mode 100755 index 0000000..2464fc3 --- /dev/null +++ b/scripts/maintain/generate_secrets.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# 🚀 Script to Generate Secure Secrets for Deployment + +# Define root directory relative to the script location +ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)" +SECRET_FILE="$ROOT_DIR/env/secrets.env" +GITIGNORE_FILE="$ROOT_DIR/.gitignore" + +# ✅ Function to check if a command is installed +check_dependency() { + command -v "$1" >/dev/null 2>&1 +} + +# 🔍 Check for OpenSSL, and prompt user to install if missing +if ! check_dependency "openssl"; then + echo "⚠️ OpenSSL is not installed. It is required to generate secure secrets." + echo "Would you like to install OpenSSL now? (yes/no)" + read -r install_choice + if [[ "$install_choice" == "yes" ]]; then + if [[ "$OSTYPE" == "linux-gnu"* ]]; then + sudo apt update && sudo apt install -y openssl + elif [[ "$OSTYPE" == "darwin"* ]]; then + brew install openssl + else + echo "❌ Unsupported OS. Please install OpenSSL manually." + exit 1 + fi + else + echo "❌ OpenSSL is required but was not installed. Exiting." + exit 1 + fi +fi + +# ✅ Securely generate random values +generate_secret() { + openssl rand -base64 32 +} + +# 🔄 Check if the secret file already exists +if [ -f "$SECRET_FILE" ]; then + echo "⚠️ $SECRET_FILE already exists. Overwrite? (yes/no)" + read -r response + if [[ "$response" != "yes" ]]; then + echo "❌ Secret file creation canceled." + exit 1 + fi +fi + +# ✏️ Write secrets to file +echo "🔐 Generating $SECRET_FILE ..." +mkdir -p "$(dirname "$SECRET_FILE")" # Ensure the env directory exists +> "$SECRET_FILE" # Clear file if it exists + +# 🔑 Define and write secrets +echo "ADMIN_PASSWORD_HASH=$(openssl passwd -6 admin)" >> "$SECRET_FILE" +echo "JWT_SECRET=$(generate_secret)" >> "$SECRET_FILE" +echo "MARIADB_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "MARIADB_ROOT_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "REDIS_HOST_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "TRAEFIK_BASIC_AUTH_USERS=admin:$(openssl passwd -6 traefikpass)" >> "$SECRET_FILE" +echo "GITEA_MYSQL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "NEXTCLOUD_ADMIN_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "MAIL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" + +# 🛑 Ensure secrets.env is ignored by Git **without overwriting last line** +if [ -f "$SECRET_FILE" ]; then + # Check if the last line is missing a newline and fix it + if [ -s "$GITIGNORE_FILE" ] && [ "$(tail -c1 "$GITIGNORE_FILE")" != "" ]; then + echo "" >> "$GITIGNORE_FILE" + fi + + # Append 'env/secrets.env' only if it's not already in .gitignore + if ! grep -q "^env/secrets.env$" "$GITIGNORE_FILE"; then + echo "env/secrets.env" >> "$GITIGNORE_FILE" + echo "✅ Added 'env/secrets.env' to .gitignore" + fi +fi + +echo "✅ Secrets have been generated and stored in $SECRET_FILE." +echo "⚠️ Keep this file secure and do NOT commit it to Git!" diff --git a/scripts/deploy-administration.sh b/scripts/start/deploy-administration.sh similarity index 77% rename from scripts/deploy-administration.sh rename to scripts/start/deploy-administration.sh index 112f438..d953c9f 100755 --- a/scripts/deploy-administration.sh +++ b/scripts/start/deploy-administration.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Überprüfen der Existenz einer Datei check_file_exists() { @@ -12,7 +12,7 @@ check_file_exists() { } # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { @@ -25,8 +25,8 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT") # Load environment variables from the .env files set -o allexport -source ../env/.env.all -source ../env/${ENVIRONMENT}/.env.administration +source ../../env/.env.all +source ../../env/${ENVIRONMENT:-development}/.env.administration set +o allexport # Liste Stacks @@ -39,14 +39,14 @@ ENVIRONMENTS=("development" "staging" "production") # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi done if [ $missing_files -eq 0 ]; then - echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT}-Environment sind vorhanden." + echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT:-development}-Environment sind vorhanden." else echo "Warnung: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren." fi @@ -55,7 +55,7 @@ fi for env in "${ENVIRONMENTS[@]}"; do if [ "$env" != "$ENVIRONMENT" ]; then for stack in "${STACKS[@]}"; do - env_file="../env/${env}/.env.${stack}" + env_file="../../env/${env}/.env.${stack}" if ! check_file_exists "$env_file"; then echo "Warnung: Die Datei $env_file fehlt für das Environment $env." fi @@ -72,4 +72,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" echo "-----------------------------------" # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile administration up --remove-orphans +docker compose -f ../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile administration up --remove-orphans diff --git a/scripts/deploy-all.sh b/scripts/start/deploy-all.sh similarity index 87% rename from scripts/deploy-all.sh rename to scripts/start/deploy-all.sh index 16c1505..7a57056 100755 --- a/scripts/deploy-all.sh +++ b/scripts/start/deploy-all.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 @@ -25,7 +25,6 @@ check_file_exists() { return 1 fi } -#!/bin/bash # Prüfe, ob das Skript nur in der Entwicklungsumgebung ausgeführt wird if [ "$ENVIRONMENT" == "development" ]; then @@ -43,7 +42,7 @@ if [ "$ENVIRONMENT" == "development" ]; then echo "🔹 ENVIRONMENT ist 'development' – Hosts aus .env.proxy werden hinzugefügt und Container gestartet." # Pfad zur Proxy-Env-Datei - ENV_PROXY_FILE="../env/development/.env.proxy" + ENV_PROXY_FILE="../../env/development/.env.proxy" # Hosts-Datei Pfad (Linux/macOS) HOSTS_FILE="/etc/hosts" @@ -72,12 +71,12 @@ else fi # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi @@ -102,4 +101,4 @@ if [[ "$1" == "--build" ]]; then fi # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION +docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION diff --git a/scripts/deploy-app.sh b/scripts/start/deploy-app.sh similarity index 78% rename from scripts/deploy-app.sh rename to scripts/start/deploy-app.sh index f57bd09..25a26df 100755 --- a/scripts/deploy-app.sh +++ b/scripts/start/deploy-app.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 @@ -13,7 +13,7 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT") SERVER_IP=$(curl -s https://api.ipify.org) # Liste aller Stacks -STACKS=("administration" "frontend" "develop" "database" "proxy" "tools" "website" "backend") +STACKS=("frontend" "database" "backend") # Liste aller Environments ENVIRONMENTS=("development" "staging" "production") @@ -26,12 +26,12 @@ check_file_exists() { fi } # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi @@ -55,5 +55,7 @@ if [[ "$1" == "--build" ]]; then BUILD_OPTION="--build" fi + # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile app up --remove-orphans $BUILD_OPTION +docker compose -f ../../apps/docker-compose.all.yml --env-file ../../env/.env.all -p ${INFRASTRUCTURE:-my} --profile app up --remove-orphans $BUILD_OPTION + diff --git a/scripts/deploy-overwrite.sh b/scripts/start/deploy-overwrite.sh similarity index 100% rename from scripts/deploy-overwrite.sh rename to scripts/start/deploy-overwrite.sh diff --git a/scripts/deploy-proxy.sh b/scripts/start/deploy-proxy.sh similarity index 80% rename from scripts/deploy-proxy.sh rename to scripts/start/deploy-proxy.sh index 8560a47..012e318 100755 --- a/scripts/deploy-proxy.sh +++ b/scripts/start/deploy-proxy.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { @@ -27,12 +27,12 @@ check_file_exists() { } # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi @@ -51,4 +51,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" echo "-----------------------------------" # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile proxy up --remove-orphans +docker compose -f ../../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans diff --git a/scripts/deploy-traefik.sh b/scripts/start/deploy-traefik.sh similarity index 100% rename from scripts/deploy-traefik.sh rename to scripts/start/deploy-traefik.sh