lair/mistralrs-package
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: init

Browse Source
This commit is contained in:
rob thijssen
2026-04-24 09:10:36 +03:00
commit 3b1c6843d6
13 changed files with 562 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
script/setup/cert.sh Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
tld=lair.cafe
fqdn=rpm.${tld}
sudo certbot certonly \
-m ops@${tld} \
--agree-tos \
--no-eff-email \
--noninteractive \
--cert-name ${fqdn} \
--expand \
--allow-subset-of-names \
--key-type ecdsa \
--dns-cloudflare \
--dns-cloudflare-credentials /root/.cloudflare/${tld} \
--dns-cloudflare-propagation-seconds 60 \
-d ${fqdn}

44
script/setup/dns.sh Executable file
View File

@@ -0,0 +1,44 @@
#!/usr/bin/env bash
cloudflare_api_token=$(cat ~/.cloudflare/lair.cafe | cut -d ' ' -f 3)
cloudflare_dns_zone_name=lair.cafe
cloudflare_dns_record_name=rpm.${cloudflare_dns_zone_name}
cloudflare_dns_record_type=CNAME
cloudflare_dns_record_content=bl.thgttg.com
cloudflare_dns_zone_id=$(curl \
--silent \
--request GET \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${cloudflare_api_token}" \
--url "https://api.cloudflare.com/client/v4/zones?name=${cloudflare_dns_zone_name}&status=active" \
| jq -r '.result[0].id//empty')
if [ -z ${cloudflare_dns_zone_id} ]; then
echo "cloudflare dns zone not found"
exit 1
else
echo "cloudflare dns zone found: ${cloudflare_dns_zone_name} (${cloudflare_dns_zone_id})"
fi
cloudflare_dns_record_id=$(curl \
--silent \
--request GET \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${cloudflare_api_token}" \
--url "https://api.cloudflare.com/client/v4/zones/${cloudflare_dns_zone_id}/dns_records?type=${cloudflare_dns_record_type}&name=${cloudflare_dns_record_name}" \
| jq -r '.result[0].id//empty')
if [ -z ${cloudflare_dns_record_id} ] && curl \
--silent \
--request POST \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${cloudflare_api_token}" \
--data "{\"type\":\"${cloudflare_dns_record_type}\",\"name\":\"${cloudflare_dns_record_name}\",\"content\":\"${cloudflare_dns_record_content}\",\"ttl\":1,\"proxied\":false}" \
--url "https://api.cloudflare.com/client/v4/zones/${cloudflare_dns_zone_id}/dns_records"; then
echo "${cloudflare_dns_record_name} ${cloudflare_dns_record_type} record created with content: ${cloudflare_dns_record_content} in zone: ${cloudflare_dns_zone_name} (${cloudflare_dns_zone_id}), record: ${cloudflare_dns_record_name} (${cloudflare_dns_record_id})"
elif curl \
--silent \
--request PUT \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ${cloudflare_api_token}" \
--data "{\"type\":\"${cloudflare_dns_record_type}\",\"name\":\"${cloudflare_dns_record_name}\",\"content\":\"${cloudflare_dns_record_content}\",\"ttl\":1,\"proxied\":false}" \
--url "https://api.cloudflare.com/client/v4/zones/${cloudflare_dns_zone_id}/dns_records/${cloudflare_dns_record_id}"; then
echo "${cloudflare_dns_record_name} ${cloudflare_dns_record_type} record updated with content: ${cloudflare_dns_record_content} in zone: ${cloudflare_dns_zone_name} (${cloudflare_dns_zone_id}), record: ${cloudflare_dns_record_name} (${cloudflare_dns_record_id})"
fi

48
script/setup/nginx.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/env bash
script_dir="$(dirname "$0")"
nginx_conf_local_path="${script_dir}/../../asset/nginx/rpm.lair.cafe.conf"
nginx_conf_remote_path="/etc/nginx/sites-available/rpm.lair.cafe.conf"
nginx_host=oolon
if [ ! -s ~/.ssh/id_gitea_ci.pub ]; then
echo "gitea_ci ssh key not found in ~/.ssh/id_gitea_ci.pub"
exit 1
fi
gitea_ssh_key=$(cat ~/.ssh/id_gitea_ci.pub)
if rsync \
--archive \
--compress \
--verbose \
${nginx_conf_local_path} \
${nginx_host}:${nginx_conf_remote_path}; then
echo "sync'd ${nginx_conf_local_path} to ${nginx_host}:${nginx_conf_remote_path}"
else
echo "failed to sync ${nginx_conf_local_path} to ${nginx_host}:${nginx_conf_remote_path}"
exit 1
fi
if ssh ${nginx_host} "id gitea_ci &> /dev/null || sudo useradd --system --create-home --home-dir /var/lib/gitea_ci gitea_ci"; then
echo "gitea_ci user created or observed on ${nginx_host}"
if ssh ${nginx_host} "sudo --user gitea_ci install --directory --mode 0700 /var/lib/gitea_ci/.ssh && echo '${gitea_ssh_key}' | sudo --user gitea_ci install --mode 0600 /dev/stdin /var/lib/gitea_ci/.ssh/authorized_keys"; then
echo "gitea_ci ssh key installed on ${nginx_host}"
else
echo "failed to install gitea_ci ssh key on ${nginx_host}"
exit 1
fi
else
echo "failed to create or observe gitea_ci user on ${nginx_host}"
exit 1
fi
if ssh ${nginx_host} "sudo install --directory /var/www/rpm && sudo setfacl -R -m u:gitea_ci:rwx /var/www/rpm/ && sudo chcon -Rt httpd_sys_content_t /var/www/rpm/"; then
echo "rpm repo directory created and permissions set on ${nginx_host}"
else
echo "failed to create rpm repo directory on ${nginx_host}"
exit 1
fi
if ssh ${nginx_host} "sudo ln -sf ${nginx_conf_remote_path} ${nginx_conf_remote_path/available/enabled} && sudo nginx -t ${nginx_conf_remote_path} && sudo systemctl reload nginx"; then
echo "nginx config reload on ${nginx_host} successful"
else
echo "nginx config reload on ${nginx_host} failed"
exit 1
fi