changed provisioning scripts to use remote.sh

Author: literalsands

letsencrypt-nginx.sh

@@ -1,51 +1,12 @@
 #!/bin/bash
 
 # Check that nginx, letsencrypt, and openssl are installed and up to date.
-stty -echo; ssh $USER@$REMOTE "sudo -S sh -c \"\
-  apt -y --force-yes update &&\
-  apt -y --force-yes upgrade &&\
-  apt -y --force-yes install nginx letsencrypt openssl\
-  \""
-
-# Copy over all the nginx scripts.
-ssh $USER@$REMOTE "mkdir -p $HOME/nginx"
-rsync -au /etc/nginx/snippets/ $REMOTE:$HOME/nginx/snippets &&\
-  rsync -au /etc/nginx/sites-available/ $REMOTE:$HOME/nginx/sites-available &&\
-  stty -echo; ssh $USER@$REMOTE "\
-    sudo -S sh -c \"\
-    ln -sf $HOME/nginx/snippets/ssl-params.conf /etc/nginx/snippets/ &&\
-    ln -sf $HOME/nginx/snippets/gzip.conf /etc/nginx/snippets/ &&\
-    ln -sf $HOME/nginx/sites-available/letsencrypt /etc/nginx/sites-available/ &&\
-    ln -sf $HOME/nginx/sites-available/example.com /etc/nginx/sites-available/\""
-
+rsync -au /etc/nginx/snippets/ $REMOTE:/etc/nginx/
+rsync -au /etc/nginx/sites-available/ $REMOTE:/etc/nginx/
+./remote.sh $REMOTE -f provision_nginx.sh
 # Copy over letsencrypt certificates if they've already been created.
+# Else run letsencrypt.
+./remote.sh $REMOTE -f provision_nginx_letsencrypt.sh -e "DOMAIN=$DOMAIN EMAIL=$EMAIL"
+./remote.sh $REMOTE -f provision_nginx_site.sh -e "DOMAIN=$DOMAIN APP=$DOMAIN"
+./remote.sh $REMOTE -f provision_nginx_ufw.sh
 
-# Deploy location .well-known script.
-# Remove default server if applicable.
-# Check nginx configuration and restart the server.
-# Run letsencrypt with email address and accept license.
-stty -echo; ssh $USER@$REMOTE "\
-  sudo -S sh -c \"ln -sf /etc/nginx/sites-available/letsencrypt /etc/nginx/sites-enabled/ &&\
-  rm -f /etc/nginx/sites-enabled/default &&\
-  nginx -t && systemctl restart nginx &&\
-  letsencrypt certonly -a webroot --webroot-path=/var/www/html/ -d $REMOTE --agree-tos --agree-dev-preview --email $EMAIL\""
-
-# Let's copy the certificates to the local machine to install across multiple servers.
-
-# Create dhparam if it doesn't alrady exist.
-stty -echo; ssh $USER@$REMOTE "[ -f /etc/ssl/certs/dhparam.pem ] ||\
-  sudo -S openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048"
-
-# Create a configuration snippet for the website name.
-# Copy the websites configuration over.
-stty -echo; ssh $USER@$REMOTE "[ -f /etc/nginx/snippets/ssl-$REMOTE.conf ] ||\
-  sudo -S sh -c \"sed 's/example.com/$REMOTE/;s/appservers/$APP/' /etc/nginx/sites-available/example.com > /etc/nginx/sites-available/$REMOTE &&\
-  ln -sf /etc/nginx/sites-available/$REMOTE /etc/nginx/sites-enabled &&\
-  echo '
-ssl on;
-ssl_certificate /etc/letsencrypt/live/$REMOTE/fullchain.pem;
-ssl_certificate_key /etc/letsencrypt/live/$REMOTE/privkey.pem;
-' > /etc/nginx/snippets/ssl-$REMOTE.conf\""
-
-# Restart the nginx server.
-stty -echo; ssh $USER@$REMOTE "sudo -S sh -c \"nginx -t && systemctl restart nginx\""

provision.sh

@@ -1,14 +1,9 @@
-#!/bin/bash
-
 # Install Node, Git, and an Editor (VIM).
 # Install NPM (nosudo) and required global packages.
 # Install Node Version 4.4 (or required)
-stty -echo; ssh $USER@$REMOTE "sudo -S sh -c \"\
-  apt -y --force-yes update &&\
-  apt -y --force-yes upgrade &&\
-  apt -y --force-yes install vim npm nodejs nodejs-legacy git &&\
-  npm install -g pm2 n &&\
-  n 4.* && n 6.* && n 0.10 && n 0.12\""
+apt -y --force-yes update
+apt -y --force-yes upgrade
+apt -y --force-yes install vim git
 
 # Setup public key only login?
 # Setup firewall?

provision_nginx.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Check that nginx, letsencrypt, and openssl are installed and up to date.
+apt -y --force-yes update
+apt -y --force-yes upgrade
+apt -y --force-yes install nginx letsencrypt openssl

provision_nginx_letsencrypt.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Remove default server if applicable.
+rm -f /etc/nginx/sites-enabled/default
+# Deploy location .well-known script.
+ln -sf /etc/nginx/sites-available/letsencrypt /etc/nginx/sites-enabled/
+# Check nginx configuration and restart the server.
+nginx -t && systemctl restart nginx
+# Run letsencrypt with email address and accept license.
+echo " letsencrypt certonly -a webroot --webroot-path=/var/www/html/ -d $DOMAIN -d www.$DOMAIN --agree-tos --email $EMAIL "
+letsencrypt certonly -a webroot --webroot-path=/var/www/html/ -d $DOMAIN -d www.$DOMAIN --agree-tos --email $EMAIL
+
+# Create dhparam if it doesn't alrady exist.
+if ! [ -f /etc/ssl/certs/dhparam.pem ]; then
+  sudo -S openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
+fi
+
+# Create a configuration snippet for the website name.
+if ! [ -f /etc/nginx/snippets/ssl-$DOMAIN.conf ]; then
+  SSL_SNIPPET = "
+ssl on;
+ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
+"
+  echo $SSL_SNIPPET > /etc/nginx/snippets/ssl-$DOMAIN.conf
+  # Restart the nginx server.
+  nginx -t && systemctl restart nginx
+fi
+

provision_nginx_site.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+#if ! [ -f /etc/nginx/sites-enabled/$DOMAIN ]; then
+  # Replace example.com with 
+  sed "s/example.com/$DOMAIN/;s/appservers/$APP/" /etc/nginx/sites-available/example.com > /etc/nginx/sites-available/$DOMAIN
+  rm -f /etc/nginx/sites-enabled/$DOMAIN
+  ln -sf /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled
+  nginx -t && systemctl restart nginx
+#fi
+

provision_nginx_ufw.sh

@@ -0,0 +1,6 @@
+ufw allow "OpenSSH"
+ufw allow "Nginx Full"
+ufw allow 22
+ufw allow 80
+ufw allow 443
+ufw enable

provision_nvm.sh

@@ -1,8 +1,11 @@
 #!/bin/bash
 # Install NVM
-NVM_VERSION=0.33.1
-NODE_VERSION=6.10.2
-NVM_DIR=/usr/local/nvm
+export NVM_VERSION=0.33.1
+export NODE_VERSION=6.10
+export NVM_DIR="/usr/local/nvm"
 touch $HOME/.profile
 curl -o- https://raw.githubusercontent.com/creationix/nvm/v$NVM_VERSION/install.sh | bash
+#NVM_DIR="$HOME/.nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
+nvm install $NODE_VERSION
 npm install pm2

provision_user.sh

@@ -0,0 +1,7 @@
+# Create user with home directory, groups, and Bash shell.
+id -u $1 &>/dev/null || useradd $1 -G sudo,dip,lxd -d /home/$1 -s /bin/bash
+usermod -aG node austin
+
+# Give the user the same keys as root.
+cp -R $HOME/.ssh /home/$1/
+chown -R $1 /home/$1