move deploy scripts to start folder
This commit is contained in:
44
scripts/maintain/backup.sh
Normal file
44
scripts/maintain/backup.sh
Normal file
@@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
# # # # # # # # # # # # # # # # # # # # # # # #
|
||||
# Konfiguration #
|
||||
# # # # # # # # # # # # # # # # # # # # # # # #
|
||||
|
||||
# Verzeichnis, das gesichert werden soll
|
||||
source_dir="../volumes"
|
||||
# Verzeichnis, in dem die Backups gespeichert werden sollen
|
||||
backup_dir="/opt/docker_backups"
|
||||
# Anzahl der zu behaltenden Backups
|
||||
keep_backups=10
|
||||
# Aktuelles Datum und Uhrzeit
|
||||
current_datetime=$(date +"%Y-%m-%d_%H-%M-%S")
|
||||
# Name für das Backup-Archiv
|
||||
backup_filename="${current_datetime}-backup.tar"
|
||||
# Zielserver-Informationen
|
||||
remote_user="root"
|
||||
remote_server="TARGET NOT YET DEVICED"
|
||||
remote_dir="/opt/docker_backups"
|
||||
|
||||
# # # # # # # # # # # # # # # # # # # # # # # #
|
||||
# Ende der Konfiguration #
|
||||
# # # # # # # # # # # # # # # # # # # # # # # #
|
||||
|
||||
remote_target="${remote_user}@${remote_server}"
|
||||
backup_fullpath="${backup_dir}/${backup_filename}"
|
||||
|
||||
# Docker-Container herunterfahren
|
||||
docker stop $(docker ps -q)
|
||||
# Erstelle das Backup-Archiv
|
||||
tar -cpf "${backup_fullpath}" "${source_dir}"
|
||||
# Docker-Container wieder starten
|
||||
docker start $(docker ps -a -q)
|
||||
# Komprimiere das Backup-Archiv
|
||||
gzip "${backup_fullpath}"
|
||||
backup_fullpath="${backup_fullpath}.gz"
|
||||
# Kopiere das Backup auf den Zielserver mit SCP ohne Passwort
|
||||
scp "${backup_fullpath}" "${remote_target}:$remote_dir/"
|
||||
# Lösche ältere lokale Backups mit `find`
|
||||
find "$backup_dir" -type f -name "*-backup.tar.gz" -mtime +$keep_backups -exec rm {} \;
|
||||
# Lösche ältere remote Backups mit `find`
|
||||
ssh "${remote_target}" "find ${remote_dir} -type f -name '*-backup.tar.gz' -mtime +$keep_backups -exec rm {} \;"
|
||||
|
||||
echo "Backup wurde erstellt: ${backup_fullpath} und auf ${remote_target} kopiert."
|
||||
81
scripts/maintain/generate_secrets.sh
Executable file
81
scripts/maintain/generate_secrets.sh
Executable file
@@ -0,0 +1,81 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 🚀 Script to Generate Secure Secrets for Deployment
|
||||
|
||||
# Define root directory relative to the script location
|
||||
ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
|
||||
SECRET_FILE="$ROOT_DIR/env/secrets.env"
|
||||
GITIGNORE_FILE="$ROOT_DIR/.gitignore"
|
||||
|
||||
# ✅ Function to check if a command is installed
|
||||
check_dependency() {
|
||||
command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# 🔍 Check for OpenSSL, and prompt user to install if missing
|
||||
if ! check_dependency "openssl"; then
|
||||
echo "⚠️ OpenSSL is not installed. It is required to generate secure secrets."
|
||||
echo "Would you like to install OpenSSL now? (yes/no)"
|
||||
read -r install_choice
|
||||
if [[ "$install_choice" == "yes" ]]; then
|
||||
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
||||
sudo apt update && sudo apt install -y openssl
|
||||
elif [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
brew install openssl
|
||||
else
|
||||
echo "❌ Unsupported OS. Please install OpenSSL manually."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "❌ OpenSSL is required but was not installed. Exiting."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# ✅ Securely generate random values
|
||||
generate_secret() {
|
||||
openssl rand -base64 32
|
||||
}
|
||||
|
||||
# 🔄 Check if the secret file already exists
|
||||
if [ -f "$SECRET_FILE" ]; then
|
||||
echo "⚠️ $SECRET_FILE already exists. Overwrite? (yes/no)"
|
||||
read -r response
|
||||
if [[ "$response" != "yes" ]]; then
|
||||
echo "❌ Secret file creation canceled."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# ✏️ Write secrets to file
|
||||
echo "🔐 Generating $SECRET_FILE ..."
|
||||
mkdir -p "$(dirname "$SECRET_FILE")" # Ensure the env directory exists
|
||||
> "$SECRET_FILE" # Clear file if it exists
|
||||
|
||||
# 🔑 Define and write secrets
|
||||
echo "ADMIN_PASSWORD_HASH=$(openssl passwd -6 admin)" >> "$SECRET_FILE"
|
||||
echo "JWT_SECRET=$(generate_secret)" >> "$SECRET_FILE"
|
||||
echo "MARIADB_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||
echo "MARIADB_ROOT_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||
echo "REDIS_HOST_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||
echo "TRAEFIK_BASIC_AUTH_USERS=admin:$(openssl passwd -6 traefikpass)" >> "$SECRET_FILE"
|
||||
echo "GITEA_MYSQL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||
echo "NEXTCLOUD_ADMIN_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||
echo "MAIL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||
|
||||
# 🛑 Ensure secrets.env is ignored by Git **without overwriting last line**
|
||||
if [ -f "$SECRET_FILE" ]; then
|
||||
# Check if the last line is missing a newline and fix it
|
||||
if [ -s "$GITIGNORE_FILE" ] && [ "$(tail -c1 "$GITIGNORE_FILE")" != "" ]; then
|
||||
echo "" >> "$GITIGNORE_FILE"
|
||||
fi
|
||||
|
||||
# Append 'env/secrets.env' only if it's not already in .gitignore
|
||||
if ! grep -q "^env/secrets.env$" "$GITIGNORE_FILE"; then
|
||||
echo "env/secrets.env" >> "$GITIGNORE_FILE"
|
||||
echo "✅ Added 'env/secrets.env' to .gitignore"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "✅ Secrets have been generated and stored in $SECRET_FILE."
|
||||
echo "⚠️ Keep this file secure and do NOT commit it to Git!"
|
||||
Reference in New Issue
Block a user