2023-05-04 20:05:33 +03:00
#!/bin/bash
2024-04-29 14:00:32 +03:00
# Variables
export FORGE_DOMAIN_NAME = "ublue.local"
export FORGE_NETWORK_NAME = "ublue-os_forge"
export FORGE_POD_CONFIGURATION = "forge-pod.yml"
2024-05-10 17:03:05 +03:00
export FORGE_POD_CERTS_DIR = " $( podman volume inspect ublue-os_forge-certs | jq -r '.[0].Mountpoint' ) "
export FORGE_POD_DATA_DIR = " $( podman volume inspect ublue-os_forge-data | jq -r '.[0].Mountpoint' ) "
2024-04-29 14:00:32 +03:00
export FORGE_POD_NAME_PRE_AMBLE = "ublue-os_forge-"
export FORGE_POD_NAME_REVERSE_PROXY = ${ FORGE_POD_NAME_PRE_AMBLE } rvproxy
export FORGE_POD_NAME_REGISTRY = ${ FORGE_POD_NAME_PRE_AMBLE } registry
2024-05-01 11:30:11 +03:00
export FORGE_POD_NAME_ANVIL = ${ FORGE_POD_NAME_PRE_AMBLE } anvil
2024-05-15 23:39:20 +03:00
export FORGE_HOST_IP_ADDRESS = $( hostname -I | awk '{print $1}' )
2023-05-04 20:05:33 +03:00
# Functions
function setup {
2023-05-06 20:03:12 +03:00
echo -e " ${ YELLOW } Checking pre-requisites... ${ ENDCOLOR } "
check_prerequisites
2023-05-06 00:23:58 +03:00
echo -e " ${ YELLOW } Creating secret configuration... ${ ENDCOLOR } "
create_secrets
2024-04-29 14:00:32 +03:00
echo -e " ${ YELLOW } Creating podman network... ${ ENDCOLOR } "
create_network
2023-05-06 00:23:58 +03:00
echo -e " ${ YELLOW } Heating up forge for the first time... ${ ENDCOLOR } "
2024-04-29 14:00:32 +03:00
cat ${ FORGE_POD_CONFIGURATION } | envsubst | podman play kube --build --replace --network " ${ FORGE_NETWORK_NAME } " - & PID_BUILD = $!
2023-05-06 00:23:58 +03:00
wait ${ PID_BUILD }
2024-04-29 14:00:32 +03:00
echo -e " ${ YELLOW } Configuring host system pre-requisites... ${ ENDCOLOR } "
configure_host_prerequisites & PID_CONFIG = $!
2023-05-06 00:23:58 +03:00
wait ${ PID_CONFIG }
2024-04-29 14:00:32 +03:00
echo -e " ${ YELLOW } Configuring host system... ${ ENDCOLOR } "
2024-05-10 17:03:05 +03:00
podman exec ${ FORGE_POD_NAME_ANVIL } -ansible.${ FORGE_DOMAIN_NAME } ansible-playbook ansible/playbooks/configure_host.yml
2023-05-06 00:23:58 +03:00
echo ""
echo -e " ${ YELLOW } Cleaning up secrets... ${ ENDCOLOR } "
delete_secrets
2024-04-30 21:53:53 +03:00
echo -e " ${ GREEN } Setup complete ${ ENDCOLOR } "
show_forge_info
2023-05-04 20:05:33 +03:00
echo -e " ${ GREEN } Done. Happy forging! ${ ENDCOLOR } "
}
function up {
2023-05-06 00:23:58 +03:00
echo -e " ${ YELLOW } Heating up forge... ${ ENDCOLOR } "
2024-04-29 14:00:32 +03:00
podman pod start ${ FORGE_POD_NAME_REVERSE_PROXY }
podman pod start ${ FORGE_POD_NAME_REGISTRY }
2024-05-01 11:30:11 +03:00
podman pod start ${ FORGE_POD_NAME_ANVIL }
2024-04-30 21:53:53 +03:00
echo -e " ${ GREEN } The following containers are now running... ${ ENDCOLOR } "
show_containter_info
2023-05-04 20:05:33 +03:00
echo -e " ${ GREEN } Done. Happy forging! ${ ENDCOLOR } "
}
function down {
2023-05-06 00:23:58 +03:00
echo -e " ${ YELLOW } Cooling down forge... ${ ENDCOLOR } "
2024-04-30 21:53:53 +03:00
echo -e " ${ YELLOW } Shutting down the following containers.. ${ ENDCOLOR } "
show_containter_info
2024-04-29 14:00:32 +03:00
podman pod stop " ${ FORGE_POD_NAME_REVERSE_PROXY } " --ignore
podman pod stop " ${ FORGE_POD_NAME_REGISTRY } " --ignore
2024-05-01 11:30:11 +03:00
podman pod stop " ${ FORGE_POD_NAME_ANVIL } " --ignore
2023-05-04 20:05:33 +03:00
echo -e " ${ GREEN } Done. Have a nice day ${ ENDCOLOR } "
}
2024-04-29 14:00:32 +03:00
function configure_host_prerequisites {
2023-05-06 00:23:58 +03:00
if [ ! -f ~/.config/.ublue-os_forge-host-setup-done ] ;
then
echo "adding ssh public key to ~/.ssh/authorized_keys"
2024-05-10 17:03:05 +03:00
SSH_PUBLIC_KEY_FILE = " ${ FORGE_POD_CERTS_DIR } /ssh/ublue-os_forge-id_ed25519.pub "
2023-05-06 00:23:58 +03:00
SSH_PUBLIC_KEY = " $( cat ${ SSH_PUBLIC_KEY_FILE } ) "
echo "#uBlue forge ssh key" >> ~/.ssh/authorized_keys
echo " $SSH_PUBLIC_KEY " >> ~/.ssh/authorized_keys
2024-05-10 17:03:05 +03:00
cp -f ${ FORGE_POD_CERTS_DIR } /tls/ublue-os_forge-root.pem ${ FORGE_POD_DATA_DIR }
touch ${ FORGE_POD_DATA_DIR } /.ublue-os_forge-host-setup-done
2023-05-06 20:03:12 +03:00
echo ""
2023-05-06 00:23:58 +03:00
else
2024-04-29 14:00:32 +03:00
echo "Host system pre-requisites already configured. Nothing to do..."
2023-05-06 20:03:12 +03:00
echo ""
2023-05-06 00:23:58 +03:00
fi
}
function create_secrets {
# Get user input
echo -e " ${ YELLOW } Gathering user input ${ ENDCOLOR } "
2024-04-29 14:00:32 +03:00
read -s -p " Enter sudo password for user $USER : " ANSIBLE_HOST_BECOME_PASSWORD
2023-05-06 00:23:58 +03:00
cat <<EOF | jq '.|map_values(@base64)' | podman secret create ublue-os_forge-secure - >/dev/null
{
2024-04-29 14:00:32 +03:00
"ANSIBLE_HOST_USER" : " $USER " ,
"ANSIBLE_HOST_BECOME_PASSWORD" : " ${ ANSIBLE_HOST_BECOME_PASSWORD } "
2023-05-06 00:23:58 +03:00
}
EOF
2023-05-06 20:03:12 +03:00
echo ""
2023-05-06 00:23:58 +03:00
}
function delete_secrets {
podman secret rm ublue-os_forge-secure
}
2024-04-29 14:00:32 +03:00
function create_network {
if ! podman network inspect " ${ FORGE_NETWORK_NAME } " & >/dev/null; then
echo " Podman network ${ FORGE_NETWORK_NAME } does not exist. Creating... "
podman network create " ${ FORGE_NETWORK_NAME } "
else
echo " Podman network ${ FORGE_NETWORK_NAME } already exists. "
fi
}
2023-05-06 20:03:12 +03:00
function check_prerequisites {
2024-04-30 12:19:31 +03:00
echo -e " ${ YELLOW } Checking jq installation ${ ENDCOLOR } "
JQ_PATH = $( which jq 2>/dev/null || echo 'FALSE' )
if [ " $JQ_PATH " = = "FALSE" ] ;
then
echo -e " ${ RED } It looks like jq is not installed. ${ ENDCOLOR } "
echo -e " ${ RED } Make sure to install it first. ${ ENDCOLOR } "
echo -e " ${ YELLOW } Need help? -> https://jqlang.github.io/jq/download{ENDCOLOR} "
exit 1
else
echo -e " ${ GREEN } jq is installed ${ ENDCOLOR } "
echo ""
fi
2023-05-06 20:03:12 +03:00
echo -e " ${ YELLOW } Checking podman installation ${ ENDCOLOR } "
PODMAN_PATH = $( which podman 2>/dev/null || echo 'FALSE' )
if [ " $PODMAN_PATH " = = "FALSE" ] ;
then
echo -e " ${ RED } It looks like podman is not installed. ${ ENDCOLOR } "
echo -e " ${ RED } Make sure to install it first. ${ ENDCOLOR } "
exit 1
else
2024-04-29 14:00:32 +03:00
echo -e " ${ GREEN } podman is installed ${ ENDCOLOR } "
2023-05-06 20:03:12 +03:00
echo ""
fi
2024-04-30 11:49:32 +03:00
echo -e " ${ YELLOW } Checking podman socket service ${ ENDCOLOR } "
PODMAN_SERVICE_STATUS = " $( systemctl --user is-active podman.socket) "
if [ " ${ PODMAN_SERVICE_STATUS } " != "active" ] ;
then
echo -e " ${ RED } It looks like your podman socket is not running. ${ ENDCOLOR } "
echo -e " ${ RED } Make sure to configure and start it first. ${ ENDCOLOR } "
echo -e " ${ YELLOW } Need help? -> https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md ${ ENDCOLOR } "
exit 1
else
echo -e " ${ GREEN } podman socket is ${ PODMAN_SERVICE_STATUS } ${ ENDCOLOR } "
2024-04-30 12:19:31 +03:00
export FORGE_PODMAN_SOCKET_PATH = $( podman system info -f json | jq '.host.remoteSocket.path' )
2024-04-30 11:49:32 +03:00
echo ""
fi
2024-04-30 11:50:23 +03:00
echo -e " ${ YELLOW } Checking net.ipv4.ip_unprivileged_port_start ${ ENDCOLOR } "
NET_IPV4_UNPRIV_PORT_START = " $( sysctl -n net.ipv4.ip_unprivileged_port_start) "
if [ " ${ NET_IPV4_UNPRIV_PORT_START } " -gt 80 ] ;
then
echo -e " ${ RED } Your net.ipv4.ip_unprivileged_port_start is set to ${ NET_IPV4_UNPRIV_PORT_START } ${ ENDCOLOR } "
echo -e " ${ RED } Make sure to configure net.ipv4.ip_unprivileged_port_start to <= 80 ${ ENDCOLOR } "
echo -e " ${ YELLOW } Need help? -> run 'sudo sysctl net.ipv4.ip_unprivileged_port_start=80' for this session or run 'sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80' for a permanent configuration ${ ENDCOLOR } "
exit 1
else
echo -e " ${ GREEN } net.ipv4.ip_unprivileged_port_start is ${ NET_IPV4_UNPRIV_PORT_START } ${ ENDCOLOR } "
echo ""
fi
2024-04-30 11:51:39 +03:00
echo -e " ${ YELLOW } Checking sshd service ${ ENDCOLOR } "
SSH_SERVICE_STATUS = " $( systemctl is-active sshd) "
if [ " ${ SSH_SERVICE_STATUS } " != "active" ] ;
then
echo -e " ${ RED } It looks like your sshd service is not running. ${ ENDCOLOR } "
echo -e " ${ RED } Make sure to configure and start it first. ${ ENDCOLOR } "
echo -e " ${ YELLOW } Need help? -> https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/infrastructure-services/OpenSSH/#s2-ssh-configuration-sshd ${ ENDCOLOR } "
exit 1
else
echo -e " ${ GREEN } sshd service is ${ SSH_SERVICE_STATUS } ${ ENDCOLOR } "
echo ""
fi
2023-05-06 20:03:12 +03:00
}
2024-04-30 21:53:53 +03:00
function show_containter_info (
podman container ps --filter " name= ${ FORGE_POD_NAME_PRE_AMBLE } " --format "table {{.Names}} {{.Status}} {{.Image}}"
)
function show_forge_info {
echo -e " ${ GREEN } The following containers are now running... ${ ENDCOLOR } "
show_containter_info
2024-05-10 17:03:05 +03:00
echo -e " ${ GREEN } uBlue forge is available at: https://forge. ${ FORGE_DOMAIN_NAME } ${ ENDCOLOR } "
2024-04-29 14:00:32 +03:00
echo -e " ${ GREEN } uBlue forge docker registry is available at: registry. ${ FORGE_DOMAIN_NAME } ${ ENDCOLOR } "
2023-05-06 19:36:24 +03:00
echo -e " ${ GREEN } To trust the certificate in your Browser of choice, make sure to import the root certificate from: ${ ENDCOLOR } "
2024-05-10 17:03:05 +03:00
echo -e " ${ GREEN } ${ FORGE_POD_DATA_DIR } /ublue-os_forge-root.pem ${ ENDCOLOR } "
2023-05-06 20:03:12 +03:00
echo ""
2023-05-06 00:23:58 +03:00
}
2023-05-04 20:05:33 +03:00
# Bash colors
RED = "\e[31m"
YELLOW = "\e[33m"
GREEN = "\e[32m"
ENDCOLOR = "\e[0m"
# Main
case " $1 " in
setup)
setup
; ;
heat-up)
up
; ;
cool-down)
down
; ;
*)
echo "Invalid argument: please provide 'heat-up', 'cool-down', or 'setup'"
; ;
esac
