
This was lost as part of preserving existing file timestamps instead of using the timestamps from generated files.
56 lines
1.6 KiB
Bash
Executable File
56 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -o errexit -o nounset -o pipefail
|
|
|
|
shopt -s extglob
|
|
|
|
touch lock
|
|
exec {fd}< lock
|
|
if ! flock -n $fd; then
|
|
echo already processing/deploying static files >&2
|
|
exit 1
|
|
fi
|
|
|
|
./process-static $fd
|
|
|
|
servers=({0..3}.grapheneos.org)
|
|
|
|
rsync -pcv --chmod=F755 --fsync --preallocate certbot-replicate root@${servers[0]}:/usr/local/bin/
|
|
rsync -pcv --chmod=F644 --fsync --preallocate replicate.conf root@${servers[0]}:/etc/systemd/system/certbot-renew.service.d/
|
|
|
|
# use last modified timestamps from 0.grapheneos.org
|
|
rsync -rptcv --chmod=D755,F644 --delete --fsync --preallocate root@${servers[0]}:/srv/grapheneos.org/ static-deploy
|
|
rsync -rpcv --chmod=D755,F644 --delete --fsync --preallocate static-tmp/ static-deploy
|
|
for f in static-deploy/**.*(br|gz); do
|
|
touch -r "${f%.*}" "$f"
|
|
done
|
|
|
|
for server in ${servers[@]}; do
|
|
echo $server
|
|
|
|
remote=root@$server
|
|
active=$(ssh $remote readlink /srv/grapheneos.org)
|
|
|
|
if [[ $active = /srv/grapheneos.org_a ]]; then
|
|
target=/srv/grapheneos.org_b
|
|
else
|
|
target=/srv/grapheneos.org_a
|
|
fi
|
|
|
|
echo active is $active
|
|
echo target is $target
|
|
echo
|
|
|
|
ssh $remote "rm -rf $target && cp -a $active $target"
|
|
rsync -rptcv --chmod=D755,F644 --delete --fsync --preallocate static-deploy/ $remote:$target
|
|
ssh $remote "ln -snf $target /srv/grapheneos.org && sync /srv/grapheneos.org"
|
|
|
|
echo "root $target;" > nginx-tmp/root_grapheneos.org.conf
|
|
rsync -rpcv --chmod=D755,F644 --delete --fsync --preallocate nginx-tmp/{nginx.conf,mime.types,root_grapheneos.org.conf,snippets} $remote:/etc/nginx/
|
|
ssh $remote nginx -s reload
|
|
|
|
echo
|
|
echo active is now $target
|
|
echo
|
|
done
|