#!/bin/bash set -o errexit -o nounset -o pipefail shopt -s extglob touch lock exec {fd}< lock if ! flock -n $fd; then echo already processing/deploying static files >&2 exit 1 fi ./process-static $fd servers=({0..3}.grapheneos.org) rsync -pcv --chmod=F755 --fsync --preallocate certbot-replicate root@${servers[0]}:/usr/local/bin/ rsync -pcv --chmod=F644 --fsync --preallocate replicate.conf root@${servers[0]}:/etc/systemd/system/certbot-renew.service.d/ # use last modified timestamps from 0.grapheneos.org rsync -rptcv --chmod=D755,F644 --delete --fsync --preallocate root@${servers[0]}:/srv/grapheneos.org/ static-production rsync -pcv --chmod=D755,F644 --fsync --preallocate static-production/sitemap.xml{,.gz,.br} static-tmp/ rsync -rpcv --chmod=D755,F644 --delete --fsync --preallocate static-tmp/ static-production for f in static-production/**.*(br|gz); do touch -r "${f%.*}" "$f" done changed="$(./generate-sitemap)" xmllint --noblanks static-tmp/sitemap.xml --output static-tmp/sitemap.xml brotli -f static-tmp/sitemap.xml zopfli static-tmp/sitemap.xml rsync -pcv --chmod=D755,F644 --fsync --preallocate static-tmp/sitemap.xml{,.gz,.br} static-production/ for server in ${servers[@]}; do echo $server remote=root@$server active=$(ssh $remote readlink /srv/grapheneos.org) if [[ $active = /srv/grapheneos.org_a ]]; then target=/srv/grapheneos.org_b else target=/srv/grapheneos.org_a fi echo active is $active echo target is $target echo ssh $remote "rm -rf $target && cp -a $active $target" rsync -rptcv --chmod=D755,F644 --delete --fsync --preallocate static-production/ $remote:$target ssh $remote "ln -snf $target /srv/grapheneos.org && sync /srv/grapheneos.org" echo "root $target;" > nginx-tmp/root_grapheneos.org.conf rsync -rpcv --chmod=D755,F644 --delete --fsync --preallocate nginx-tmp/{nginx.conf,mime.types,root_grapheneos.org.conf,snippets} $remote:/etc/nginx/ ssh $remote nginx -s reload echo echo active is now $target echo done if [[ -n "$changed" ]]; then ./indexnow <<< "$changed" fi