From ce426e3f30e5e3f82ecb87feaa309f02d1c47988 Mon Sep 17 00:00:00 2001
From: ray <gitea@rayelliott.dev>
Date: Thu, 12 Mar 2020 19:19:15 +0000
Subject: [PATCH] provision webserver working

---
 README.md                     |  1 +
 config-example                |  3 +++
 production/export-data.sh     |  5 +++++
 production/webserver-setup.sh | 26 +++++++++++++++++++++-----
 webserver-provision.sh        |  9 +++++++++
 5 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100755 production/export-data.sh
 create mode 100755 webserver-provision.sh

diff --git a/README.md b/README.md
index 83863d3..eeb577b 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@ TODO
 
 ## TODO
 
+* implement option to not have remote url include hostname (i.e., bare domain)
 * convert scripts to use ssh pipes/bash here documents.
   see [ssh pipes](https://stackoverflow.com/a/4412324), [Bash Here Document](https://stackoverflow.com/a/4412338)
 * Script to export database from production database
diff --git a/config-example b/config-example
index 5b4076d..dc570a0 100644
--- a/config-example
+++ b/config-example
@@ -25,6 +25,9 @@ export _wp_plugins_active="elementor wp-mail-smtp gdpr-cookie-compliance regener
 
 export _remote_host="www"
 export _domain="isnet.uk"
+# set to true to ude bare domain
+export _bare_domain='false'
+_lets_encrypt_email="letsencrpt.wp@rayelliott.dev"
 
 export _docker_user="ray"
 export _docker_base_dir="/var/docker"
diff --git a/production/export-data.sh b/production/export-data.sh
new file mode 100755
index 0000000..05dfd44
--- /dev/null
+++ b/production/export-data.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+
diff --git a/production/webserver-setup.sh b/production/webserver-setup.sh
index ad38ab7..ee06e86 100755
--- a/production/webserver-setup.sh
+++ b/production/webserver-setup.sh
@@ -1,11 +1,17 @@
 #!/bin/sh
 
+set -e
+
 # TODO basic error checking
 # TODO verbosity
 # TODO hardening
 
-_lets_encrypt_email="wptest@isnet.uk"
-_server_base_url="wptest.isnet.uk"
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+_server_base_url="$_domain"
+
+echo "Provisioning: $_server_base_url$ - (whoami)@$(hostname)"
+
 _docker_container_config_dir="/var/docker"
 _docker_compose_version="1.25.4"
 
@@ -18,6 +24,7 @@ cp /root/.ssh/authorized_keys /home/ray/.ssh/
 chown ray: /home/ray/.ssh/authorized_keys
 
 apt-get update
+apt-get upgrade --yes
 apt-get install \
     apt-transport-https \
     ca-certificates \
@@ -30,9 +37,9 @@ apt-get install \
 ufw allow ssh
 ufw allow http
 ufw allow https
-ufw enable
+ufw --force enable
 
-curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
+curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
 add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
@@ -154,5 +161,14 @@ networks:
 " >> docker-compose.yml
 docker-compose up -d
 
-echo "VISIT PORTAINER URL NOW TO SET INITIAL LOGIN:" # or see if can set from script
+echo "-------------------------------------------------------------------------"
+echo ""
+echo "VISIT PORTAINER URL NOW TO SET INITIAL LOGIN:"
 echo "  https://$_portainer_url"
+echo ""
+echo "Traefik URl:  https://$_server_base_url"
+echo ""
+echo "WARNING: May get insecure SSL errors"
+echo "         this is temporary while certs are in process of being issued"
+
+rm /tmp/setup.sh
diff --git a/webserver-provision.sh b/webserver-provision.sh
new file mode 100755
index 0000000..c7c1a27
--- /dev/null
+++ b/webserver-provision.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+. ./config
+
+_ssh_url="root@$_remote_host.$_domain"
+
+# ssh "$_remote_host.$_domain" '/bin/bash -s' < ./production/webserver-setup.sh
+cat config ./production/webserver-setup.sh | ssh "$_ssh_url" "cat >/tmp/setup.sh"
+ssh $_ssh_url '/bin/bash /tmp/setup.sh'