~damien/infrastructure

816cda3162137d462c7a395275afc852cfd3e51c — Damien Radtke 7 months ago 155e31c 
Remove unused job scripts and renew certs for www.damienradtke.com
patch browse 
3 files changed, 1 insertions(+), 69 deletions(-)

M jobs/acme-renewer.nomad.erb
D jobs/compile.sh
D jobs/run.sh

M jobs/acme-renewer.nomad.erb => jobs/acme-renewer.nomad.erb +1 -6
@@ 18,12 18,7 @@ job "acme-renewer" {
		unlimited = false
	}

	# TODO: add www.damienradtke.com, radtke.family
	# also add something like this somewhere: 
	# "--reloadcmd", "vault kv put secret/fabio/certs/<domain> cert=@'${NOMAD_SECRETS_DIR}/fullchain.pem' key=@'${NOMAD_SECRETS_DIR}/key.pem'",
	#
	# TODO: for reloadcmd, create a script that can use Vault's API to post the cert and key
	<% ["damienradtke.com"].each do |domain| %>
	<% ["damienradtke.com", "www.damienradtke.com"].each do |domain| %>
		group "<%= domain %>" {
			// Disable automatic restarts because otherwise it's easy to be rate-limited.
			restart {


D jobs/compile.sh => jobs/compile.sh +0 -11
@@ 1,11 0,0 @@
#!/usr/bin/env bash

DIR="$(dirname "${BASH_SOURCE[0]}")"

if [[ $# -ne 1 ]]; then
	echo "usage: $0 <job>"
	exit 1
fi

ENV="${DIR}/.env"
cat "$1" | env $(cat "${ENV}" | xargs) envsubst "$(cat "${ENV}" | awk 'BEGIN {FS="="; ORS=""} {print "${" $1 "} "}')"


D jobs/run.sh => jobs/run.sh +0 -52
@@ 1,52 0,0 @@
#!/bin/bash

set -o pipefail

if [[ $# -ne 1 ]]; then
	echo "usage: $0 <job>"
	exit 1
fi

if [[ -z "${NOMAD_ADDR}" ]]; then
	echo "NOMAD_ADDR not specified"
	exit 2
fi

echo "running $1"

JOB_SPEC="$(cat "$1" | env $(cat .env | xargs) envsubst "$(cat .env | awk 'BEGIN {FS="="; ORS=""} {print "${" $1 "} "}')")"

PARSE_REQ_BODY="$(jq -n --arg job "${JOB_SPEC}" '{"JobHCL": $job}')"
JOB_JSON=$(curl --silent --insecure --request POST --data "${PARSE_REQ_BODY}" "${NOMAD_ADDR}/v1/jobs/parse")

if [[ "${JOB_JSON}" != {* ]]; then
	echo "${JOB_JSON}"
	exit 3
fi

PLAN_REQ_BODY=$(jq -n --argjson job "${JOB_JSON}" '{"Job": $job, "Diff": true}')
PLAN=$(curl --silent --insecure --request POST --data "${PLAN_REQ_BODY}" \
	"${NOMAD_ADDR}/v1/job/$(echo "${JOB_JSON}" | jq -r .ID)/plan")

if [[ "${PLAN}" != {* ]]; then
	echo "${PLAN}"
	exit 4
fi

JOB_MODIFY_INDEX="$(echo "${PLAN}" | jq .JobModifyIndex)"
echo "Job Modify Index: ${JOB_MODIFY_INDEX}"

echo "Job Diff:"
echo "${PLAN}" | jq .Diff
echo ""
read -p "Continue? "

if [[ "${REPLY}" != y* ]]; then
	echo "Aborting"
	exit 5
fi

echo ""
CREATE_REQ_BODY="$(jq -n --argjson job "${JOB_JSON}" --argjson job_modify_index "${JOB_MODIFY_INDEX}" \
	'{"Job": $job, "EnforceIndex": true, "JobModifyIndex": $job_modify_index}')"
curl --silent --insecure --request POST --data "${CREATE_REQ_BODY}" "${NOMAD_ADDR}/v1/jobs?pretty"