2023-03-29 13:30:45 -05:00
|
|
|
#!/bin/vbash
|
|
|
|
# shellcheck shell=bash
|
|
|
|
# shellcheck source=/dev/null
|
2023-07-29 06:50:41 -05:00
|
|
|
dry_run=true
|
2023-03-29 13:30:45 -05:00
|
|
|
|
|
|
|
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
|
2023-07-29 06:50:41 -05:00
|
|
|
exec sg vyattacfg -c "/bin/vbash $(readlink -f "$0") $*"
|
2023-03-29 13:30:45 -05:00
|
|
|
fi
|
|
|
|
|
2023-07-29 06:50:41 -05:00
|
|
|
while getopts "c" options; do
|
2023-03-29 13:30:45 -05:00
|
|
|
case "${options}" in
|
2023-07-29 06:50:41 -05:00
|
|
|
# -c Commit changes - default is dry-run
|
|
|
|
c)
|
|
|
|
echo 'Will commit changes'
|
|
|
|
dry_run=false
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo 'error in command line parsing' >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
2023-03-29 13:30:45 -05:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
|
|
|
# Load secrets into ENV vars
|
|
|
|
if [ -f "/config/secrets.sops.env" ]; then
|
|
|
|
export SOPS_AGE_KEY_FILE=/config/secrets/age.key
|
|
|
|
|
|
|
|
mapfile environmentAsArray < <(
|
2023-07-29 06:50:41 -05:00
|
|
|
sops --decrypt "/config/secrets.sops.env" |
|
|
|
|
grep --invert-match '^#' |
|
|
|
|
grep --invert-match '^\s*$'
|
2023-03-29 13:30:45 -05:00
|
|
|
) # Uses grep to remove commented and blank lines
|
|
|
|
for variableDeclaration in "${environmentAsArray[@]}"; do
|
2023-07-29 06:50:41 -05:00
|
|
|
export "${variableDeclaration//[$'\r\n']/}" # The substitution removes the line breaks
|
2023-03-29 13:30:45 -05:00
|
|
|
done
|
|
|
|
fi
|
|
|
|
|
2023-07-29 06:50:41 -05:00
|
|
|
# Apply environment to container (configuration) files
|
|
|
|
restart_containers=""
|
|
|
|
while IFS= read -r -d '' file
|
|
|
|
do
|
|
|
|
cfgfile="${file%.tmpl}"
|
|
|
|
|
|
|
|
shafile=$file.sha256
|
|
|
|
if ! test -e "$shafile"; then
|
|
|
|
echo "rebuild" >"$shafile"
|
|
|
|
fi
|
|
|
|
|
|
|
|
newsha=$(envsubst <"$file" | shasum -a 256 | awk '{print $1}')
|
|
|
|
oldsha=$(cat "$shafile")
|
|
|
|
|
|
|
|
if ! test "$newsha" == "$oldsha"; then
|
|
|
|
echo "Configuration changed for $file"
|
|
|
|
if ! "$dry_run"; then
|
|
|
|
envsubst <"$file" >"$cfgfile"
|
|
|
|
echo "$newsha" >"$shafile"
|
|
|
|
restart_containers="$restart_containers $(echo "$file" | awk -F / '{print $1}')"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
done < <(find containers -type f -name "*.tmpl" -print0)
|
|
|
|
|
2023-03-29 13:30:45 -05:00
|
|
|
# Include VyOS specific functions and aliases
|
|
|
|
source /opt/vyatta/etc/functions/script-template
|
|
|
|
|
|
|
|
# Reset the configuration
|
|
|
|
load /opt/vyatta/etc/config.boot.default
|
|
|
|
|
|
|
|
# Load all config files
|
2023-07-29 06:50:41 -05:00
|
|
|
for f in /config/config-parts/*.sh; do
|
2023-03-29 13:30:45 -05:00
|
|
|
if [ -f "${f}" ]; then
|
|
|
|
echo "Processing ${f}"
|
|
|
|
source "${f}"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
if "$dry_run"; then
|
|
|
|
# Show what's different from the running config
|
|
|
|
compare
|
|
|
|
else
|
|
|
|
# Pull new container images
|
2023-07-29 06:50:41 -05:00
|
|
|
mapfile -t AVAILABLE_IMAGES < <(run show container image | awk '{ if ( NR > 1 ) { print $1 ":" $2} }')
|
2023-11-16 10:59:26 -06:00
|
|
|
mapfile -t CONFIG_IMAGES < <(find /config/config-parts/ -type f -exec sed -nr "s/set container name .* image '(.*)'/\1/p" {} + | sort | uniq)
|
2023-03-29 13:30:45 -05:00
|
|
|
|
2023-07-29 06:50:41 -05:00
|
|
|
for image in "${CONFIG_IMAGES[@]}"; do
|
|
|
|
if [[ ! " ${AVAILABLE_IMAGES[*]} " =~ \ ${image}\ ]]; then
|
2023-03-29 13:30:45 -05:00
|
|
|
echo "Pulling image ${image}"
|
|
|
|
run add container image "${image}"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
# Commit and save
|
|
|
|
echo "Committing and saving config"
|
|
|
|
commit
|
|
|
|
save
|
|
|
|
|
|
|
|
# Clean obsolete container images
|
|
|
|
IFS=$'\n' read -rd '' -a AVAILABLE_IMAGES <<<"$(run show container image | tail -n +2)"
|
2023-07-29 06:50:41 -05:00
|
|
|
for image in "${AVAILABLE_IMAGES[@]}"; do
|
2023-03-29 13:30:45 -05:00
|
|
|
image_name=$(echo "${image}" | awk '{ print $1 }')
|
|
|
|
image_tag=$(echo "${image}" | awk '{ print $2 }')
|
|
|
|
image_id=$(echo "${image}" | awk '{ print $3 }')
|
|
|
|
image_name_tag="${image_name}:${image_tag}"
|
|
|
|
|
2023-07-29 06:50:41 -05:00
|
|
|
if [[ ! " ${CONFIG_IMAGES[*]} " =~ \ ${image_name_tag}\ ]]; then
|
2023-03-29 13:30:45 -05:00
|
|
|
echo "Removing container ${image_name_tag}"
|
|
|
|
run delete container image "${image_id}"
|
|
|
|
fi
|
|
|
|
done
|
2023-07-29 06:50:41 -05:00
|
|
|
|
|
|
|
# Restart containers
|
|
|
|
for container in $restart_containers; do
|
|
|
|
run restart container "$container"
|
|
|
|
done
|
2023-03-29 13:30:45 -05:00
|
|
|
fi
|
|
|
|
|
2023-07-29 06:50:41 -05:00
|
|
|
# Clean annoying overlay* folders
|
|
|
|
sudo find "/config" -name "overlay*" -type d -prune -exec rm -rf "{}" \;
|
|
|
|
|
|
|
|
exit
|