add 2nd website server

.gitignore

@@ -1,3 +1,4 @@
 nginx.conf.tmp
+nginx.conf.root.tmp
 node_modules
 static_tmp

certbot-replicate

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -o errexit -o nounset -o pipefail
+
+replicas=(
+    replica1.grapheneos.org
+)
+
+for replica in ${replicas[@]}; do
+    echo
+    echo Deploying to $replica
+    echo
+
+    rsync -rptvl --progress --delete /etc/letsencrypt/ $replica:/etc/letsencrypt
+    rsync -rptvl --progress --delete /etc/nginx/ocsp-cache/ $replica:/etc/nginx/ocsp-cache
+    ssh root@$replica nginx -s reload
+done

deploy-static

@@ -5,30 +5,40 @@ set -o errexit -o nounset -o pipefail
 ./validate-static
 ./process-static
 
-remote=root@grapheneos.org
-active=$(ssh $remote readlink /srv/grapheneos.org)
+servers=(
+    primary.grapheneos.org
+    replica1.grapheneos.org
+)
 
-if [[ $active = /srv/grapheneos.org_a ]]; then
-    target=/srv/grapheneos.org_b
-else
-    target=/srv/grapheneos.org_a
-fi
+for server in ${servers[@]}; do
+    echo $server
 
-echo active is $active
-echo target is $target
-echo
+    remote=root@$server
+    active=$(ssh $remote readlink /srv/grapheneos.org)
 
-ssh $remote rm -rf $target
-ssh $remote cp -a $active $target
-rsync -rpcv --chmod=D755,F644 --delete static_tmp/ $remote:$target
-ssh $remote sync -f $target
-ssh $remote ln -snf $target /srv/grapheneos.org
-ssh $remote sync /srv/grapheneos.org
+    if [[ $active = /srv/grapheneos.org_a ]]; then
+        target=/srv/grapheneos.org_b
+    else
+        target=/srv/grapheneos.org_a
+    fi
 
-sed -i "s|/srv/grapheneos.org|$target|" nginx.conf.tmp
-rsync -rpcv --chmod=D755,F644 --delete nginx.conf.tmp $remote:/etc/nginx/nginx.conf
-ssh $remote sync -f /etc/nginx/nginx.conf
-ssh $remote nginx -s reload
+    echo active is $active
+    echo target is $target
+    echo
 
-echo
-echo active is now $target
+    ssh $remote rm -rf $target
+    ssh $remote cp -a $active $target
+    rsync -rpcv --chmod=D755,F644 --delete static_tmp/ $remote:$target
+    ssh $remote sync -f $target
+    ssh $remote ln -snf $target /srv/grapheneos.org
+    ssh $remote sync /srv/grapheneos.org
+
+    cp nginx.conf.tmp nginx.conf.root.tmp
+    sed -i "s|/srv/grapheneos.org|$target|" nginx.conf.root.tmp
+    rsync -rpcv --chmod=D755,F644 --delete nginx.conf.root.tmp $remote:/etc/nginx/nginx.conf
+    ssh $remote sync -f /etc/nginx/nginx.conf
+    ssh $remote nginx -s reload
+
+    echo
+    echo active is now $target
+done

replicate.conf

@@ -0,0 +1,2 @@
+[Service]
+ExecStartPost=/usr/local/bin/certbot-replicate

static/articles/grapheneos-servers.html

@@ -80,7 +80,7 @@
                 <p>Specs:</p>
 
                 <ul>
-                    <li>OVH VPS vps2020-value-1-2-40</li>
+                    <li>2x OVH VPS vps2020-value-1-2-40</li>
                     <li>1 core</li>
                     <li>2 GB memory</li>
                     <li>40 GB NVMe SSD storage</li>
@@ -123,8 +123,10 @@
                 <p>IPs:</p>
 
                 <ul>
-                    <li>192.99.43.50 — os-bhs2</li>
-                    <li>2607:5300:201:3100::1aae — os-bhs2</li>
+                    <li>192.99.43.50 (primary) — os-bhs2</li>
+                    <li>2607:5300:201:3100::1aae (primary) — os-bhs2</li>
+                    <li>51.222.26.187 (replica1) — os-bhs6</li>
+                    <li>2607:5300:205:200::37e3 (replica1) — os-bhs6</li>
                 </ul>
 
                 <p>Ports:</p>