bump instance size, add certificate renewal stuff

AmrikSD · Dec 16, 2024 · 74d168d · 74d168d
1 parent 7df2f03
commit 74d168d
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 21 deletions.
diff --git a/infra/gcp/01-project.tf b/infra/gcp/01-project.tf
@@ -9,7 +9,7 @@ resource "google_compute_address" "frappe-static" {
 
 resource "google_compute_instance" "frappe" {
   name         = "frappe"
-  machine_type = "e2-small"
+  machine_type = "e2-medium"
 
   tags = ["https-server", "http-server", "milestone-medical", "terraform"]
 
@@ -39,6 +39,8 @@ resource "google_compute_instance" "frappe" {
 
         systemctl enable --now /home/asbotehg/docker.service
         systemctl enable --now /home/asbotehg/docker-compose.app.service
+        systemctl enable --now /home/asbotehg/renew.service
+        systemctl enable --now /home/asbotehg/renew.timer
     EOT
   }
 
@@ -110,6 +112,29 @@ resource "google_compute_instance" "frappe" {
       }
   }
 
+  provisioner "file" {
+      source = "${path.module}/frappe/renew.timer"
+      destination = "renew.timer"
+      connection {
+          type  = "ssh"
+          host = self.network_interface[0].access_config[0].nat_ip
+          user = data.sops_file.gcp-secret.data["google.ssh.user"]
+          private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"]
+          timeout = "4m"
+      }
+  }
+  provisioner "file" {
+      source = "${path.module}/frappe/renew.service"
+      destination = "renew.service"
+      connection {
+          type  = "ssh"
+          host = self.network_interface[0].access_config[0].nat_ip
+          user = data.sops_file.gcp-secret.data["google.ssh.user"]
+          private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"]
+          timeout = "4m"
+      }
+  }
+
 }
 
 resource "google_compute_firewall" "default-ssh" {

diff --git a/infra/gcp/frappe/README.md b/infra/gcp/frappe/README.md
@@ -0,0 +1,33 @@
+# Restoring backups
+
+First, get the backup from s3, or r2, or wherever you put it.
+
+
+SCP the files onto the box.
+```bash
+scp 20241214_131900_20241214_131900* <url>:~/backups/
+```
+
+SSH onto to box.
+```bash
+ssh <url>.xyz
+```
+
+Get a shell on a container with "bench" running
+```bash
+cd ~/backups
+docker compose run -it -v $(pwd):/backup frontend sh
+
+whoami
+#this should return frappe, just doulbe check ur actually in the container...
+```
+
+Run the restore command
+```bash
+bench restore /backup/20241214_131900_20241214_131900-frontend-database.sql.gz --with-public-files /backup/20241214_131900_20241214_131900-frontend-files.tar --with-private-files
+ /backup/20241214_131900_20241214_131900-frontend-private-files.tar
+```
+
+> [!NOTE]
+> This last command may look like it hangs, give it some time.
+
diff --git a/infra/gcp/frappe/docker-compose.yaml.old b/infra/gcp/frappe/docker-compose.yaml.old
diff --git a/infra/gcp/frappe/renew.service b/infra/gcp/frappe/renew.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Runs the renew script
+Requires=docker-compose.app.service
+After=docker-compose.app.service
+
+[Service]
+WorkingDirectory=/home/asbotehg
+ExecStart=/usr/bin/docker-compose run certbot renew
+Restart=on-failure  # Restart only on errors, not clean exits
+TimeoutStartSec=0
+
+[Install]
+WantedBy=multi-user.target
diff --git a/infra/gcp/frappe/renew.timer b/infra/gcp/frappe/renew.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description="Run renew.service every 24hours"
+
+[Timer]
+OnUnitActiveSec=24h
+OnCalendar=Mon..Sun *-*-* 10:00:*
+Unit=renew.service
+
+[Install]
+WantedBy=multi-user.target