initial import

pull/2/head
alex 2 years ago
commit 5783d0ad37
Signed by: x1ddos
GPG Key ID: 540189B756BF5B12

@ -0,0 +1,9 @@
The MIT License (MIT)
Copyright (c) 2022 alex@cloudware.io
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

@ -0,0 +1,25 @@
# system updates
the plan is for this repo to contain all system updates, incremental in a form
of text/source code. a node periodically runs the `update.sh` script which pulls
the repo to receive updates executes `apply.sh`. the latter then makes changes
and updates the operating system.
typical examples are: upgrade bitcoind, lnd and other services, update system
packages, improve configuration of components such as firewall.
the run sequence on the node is approximately as follows:
1. fetch updates with a `git fetch`.
2. provide a git diff on the screen and confirm with the user.
3. pull in the changes with a `git pull --verify-signatures`.
4. run `apply.sh`.
at the moment, an on-screen diff and confirmation aren't implemented yet.
`nd` and `ngui` is where it'll happen,
in the [ndg](https://git.qcode.ch/nakamochi/ndg) repo.
when configuring a new node, clone this repo and set up a cron job to execute
the `update.sh` script once a day. The script requires `REPODIR` and `LOGFILE`
env variables set.
TODO: add a list of supported platforms; the "native" is void linux.

@ -0,0 +1,6 @@
#!/bin/sh
# the script executes updates to a nakamochi system.
# it must be run as root or a user with equivalent privileges.
# nothing yet
exit 0

@ -0,0 +1,50 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFaShgcBEADkx5VXVGnX92AVnc13GGbVY7yNktVyOSJOOXw6QLhd7ZgwZWB3
r5/J0CBlrOHMRLyLaF+R7qjq7F6VKuP9g+MALh1/tRnY8A8OxVSiouZ7L8258mEe
ishYvPB5AN8rdIx0GR83G760jVIxsHkPiVupzoR+UT8dREzUhdNTsLdQ7FjUIlSe
uF00Kp9ddCx6S8km0zqW8q2kQB/SIkxwUx54K0jIe7a39ET4nScWLGi26ASdmiFS
+cTE6HlrMxWN/36xJnwuS4nAYsazxxZwDua55kgl/Tso6OfblqYuAexOifttr0kd
vheu7gjzIsP1wM89sw2iOEIcBzDKCf5yYsEClOIQc/nm7zdTK2uZy6/Ei+2iH7il
SvKtDAiyKD6T+LdekerPB2i0RkZC+/hbaVvX/4zIDvzntb8KO/yJIPgRRSK5IwA8
kK1WhbueUxllQvL2HOOzMlIT9qxemScpwtd5Z/5bnWXDy5q4pkNHCFvhEb5PE7TN
ZFDoENuFSYhNNKGmhpDnAjSEf5g/UNVxp8C/MsbcKJCxg/DUGxEc2Wrb1w7L92fT
z1E1ifiCEr5X4J4s6SVgYi8034431nhojSgAa9EgX4Q7QECP7nOJiew5v6WZKYYU
B70zXlPOhK8gwmTOG2fOnmBK8R1LzAGIEC3Rh3K4pm9N2V0Bxbuwi0HAgQARAQAB
tB9BbGV4IFZhZ2hpbiA8YWxleEBjbG91ZHdhcmUuaW8+iQI3BBMBCgAhBQJWkoYH
AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFQBibdWv1sSJUAP/3jEL9gU
cmh9Ocs29wMzrU3FRhfpzo5ebE22n0K/xPdVD7Xf4uK/wBqj3R4u0gBIrJjEz7tW
tBPOY8s6x/4uKQd46uaMyBorAK/I5sfeb58V9LBp8Ioa26Iy7eMdVjlk74oUrtIq
5aOcstCtUv0BeIPICOlMuYhpmXeTSBK1AcsFIkuXXI/oOq12vDAIgL77rQmmfqlR
mIpx3Y/ZtCBuiUeyF17iTRJWU4pFGfskddvn94FbXTKfkn76VjVqPS+3BWkQRlJV
xhErwkR5UrTYGduICdiA3L2gX1ivF9beh35EMJm3fcrxxvSLeHttfRLu89LaZL/V
9JfE9iC2V64aBziW9xv62foGAqerG4RhLRPflDMysfAhsEFCDkOTDjGtXLoQ9jSV
oRHUItJbky3dmm88lrvNPzOkrBmbkeEJA03p+vqbl2EAN3fqMP/YOJGp2zt9tnD4
u+RwGH3efqCsn8SGKnOzwTyLE8HC/wVla+EiJ9M367nfsRg6s31QwZQzWYYcv269
uorjR+OSrrj76xRIJjYr6bOzEVMZoNBfRt35YDtYkT7wISII8E/QB60UohVsMqm9
MY40L6uxrRq4ryXuKP+2+GVt8iz35RZpS4Jvp+pBC9OkfBtlVsDRNbaapYMIr4Ya
9J+7CZcvOpgqxp4MRqxCnehX6EdGGPFd8FKSuQINBFaShgcBEACloJ2zXwKKGucE
JdmC91/OT0E2PS9yEbEnRFgOafCXX3PbniraaBdDpLBrbAmsW1BBe01j4uFFzBMl
YT6aNcFp9o4yzSd9MkXzoWYm8w52cQ/vMPaPMiTjanD4iLnoTATI5wqOxmICiku4
eaATAn5tzm5oRv9RoliMc/n+2Bo856jkcl4yAb0FY21xxVzxw4ENaXgkldm/0uG9
X6tcRjkdFuVwkrjv/EXzRvG1pvAyzQl55K2zTlEbElG4cDFTFFbaN5dG5YRl66T+
c1Z2ZXm5NkFcm4F6r9hVFGoInsdqAbbYVsgnz34cXDUktztrrNv+QmeGUh9D6B+R
BuZnWQa4F7glXqb5lkfKOKpdsglWsz/cmQk6k0cFIhA5iPb9P4d2gk6ifNDEPDWu
eMOW+QPho7osxBCI2q+I8Zd/jxyIWDmWfek+sYku6ONGP68RkXzW/M7DKygoKlJf
ppb4zA5Iax2LgQ+wkcSQza0BpT/1U8AsXp90ulH7fy6Db9OfOdU/PJxA04HeOxPF
Y00vhXgrEA0Gkb0vhmv+s+3fm4YjpfmPpipdfAeod8ekPFf8X2Ey8nbaXlWrERTC
RNEDd5yF5d7/FUpxzrc56JT2t3KnY2C3fHkrtzr0+0oxI3ySDpwJR0L3GqWxueZt
D7TwWkhIliGpKp4NqknlpfHkoW6/swARAQABiQIfBBgBCgAJBQJWkoYHAhsMAAoJ
EFQBibdWv1sS3kcP/0lQIYFc8cpj1LrZb3thbxLD4V5j3NO2+mN9df0sAZcs4ZfI
2cBsOfPWSHw30sWyStgFytzKmbkMCplc1K3VjaFb9w3EfjPgh8NK+opXNKa8m4iQ
xNQNJ3kNYLbguFgzBRKcr6p+2/CLfhHAEM1cRZKY4KNlZWNpePpdqSJpAxg5VToF
P87GWyS/I8rn1HDEFx4morH+6TxbyyCVsPXkNiRt6Gnoo6wghrsOZCEqxku4gLq8
XFCgEYVbb4N1R8jzTlggghTJW0JJY8M9IY+lT8J/wqXlzQQ4sfr1kOs/nYPEk4UF
7unwN0ahMdwdoNVOb3yy/Smx1QtN4xRSrxh41m6YY6j4YKs1xsqOmBl5hbhkG7eU
VqKfWH0jcLZgKz4Xf41s/u3hmp9erDUhsLzOJsVzvefrzwreWLV2NHfSHyOfKSNY
lMDCp731c4mjGJbKwOKn3rZqFWDacIYOg74m9q3TJY3F8QUHleggSs3fGljxTgEU
qrdemoTrP1ejSCfuO9UmMaxNIOrxBuJ3SOjao1OHxQCZoWhQydPhSsHv97m0AHOO
vOmV41H5UVSA3vPWZb5U6j50bkYwiIgdg861WLbb8ZZg3H2SEzk25S4cbgM2LvLN
HJDvz+aRs1+BWHbyptsWKRELhj3/vJwrabzPUbUQigaB/pjmC4Yz8WG3+poD
=M/Xo
-----END PGP PUBLIC KEY BLOCK-----

@ -0,0 +1,53 @@
#!/bin/sh
# https://git.qcode.ch/nakamochi/sysupdates
# pull changes from a remote git repo and run the "apply" script.
# commits are expected to be signed by gpg keys with a sufficient
# trust level to satisfy git pull --verify-signatures.
# the script is expected to be run as root, to allow making changes to the
# operating system.
# in the future, the plan is to provide an on-screen git diff and apply updates
# after user confirmation.
# git branch to pull from. defaults to master.
BRANCH="${1:-master}"
# output everything to a temp file and print its contents only in case of an error,
# so that when run via a cronjob, the output is empty on success which prevents
# needless emails, were any configured.
LOGFILE="${LOGFILE:-/var/log/sysupdate.log}"
# a local git repo dir where to pull the updates into.
REPODIR="${REPODIR:-/ssd/sysupdates}"
# multiple running instances of the script would certainly result in race conditions.
# so, we serialize runs using a lock file, timing out with an error after 15min.
if [ -z "$NAKAMOCHI_SYSUPDATE_LOCK" ]; then
# use the script itself as the lock file
lockfile=$0
exec env NAKAMOCHI_SYSUPDATE_LOCK=1 \
flock --exclusive --timeout 900 "$lockfile" "$0" "$@"
fi
# start of the sysupdate; trim prevously logged runs
date > $LOGFILE
# fetch updates from remove
cd "$REPO_DIR"
{
git fetch origin # in case the refspec is unknown locally yet
git reset --hard HEAD # remove local changes
git clean -fd # force-delete untracked files
git checkout "$BRANCH"
git pull --verify-signatures
} >> $LOGFILE 2>&1
if [ $? -ne 0 ]; then
echo "ERROR: git pull failed"
cat $LOGFILE
exit 1
fi
# run repo's update script
./apply.sh >> $LOGFILE 2>&1
if [ $? -ne 0 ]; then
echo "ERROR: apply failed"
cat $LOGFILE
exit 1
fi
Loading…
Cancel
Save