diff --git a/infra/gcp/01-project.tf b/infra/gcp/01-project.tf index 5a1ede3..1d94c46 100644 --- a/infra/gcp/01-project.tf +++ b/infra/gcp/01-project.tf @@ -9,7 +9,7 @@ resource "google_compute_address" "frappe-static" { resource "google_compute_instance" "frappe" { name = "frappe" - machine_type = "e2-small" + machine_type = "e2-medium" tags = ["https-server", "http-server", "milestone-medical", "terraform"] @@ -39,6 +39,8 @@ resource "google_compute_instance" "frappe" { systemctl enable --now /home/asbotehg/docker.service systemctl enable --now /home/asbotehg/docker-compose.app.service + systemctl enable --now /home/asbotehg/renew.service + systemctl enable --now /home/asbotehg/renew.timer EOT } @@ -110,6 +112,29 @@ resource "google_compute_instance" "frappe" { } } + provisioner "file" { + source = "${path.module}/frappe/renew.timer" + destination = "renew.timer" + connection { + type = "ssh" + host = self.network_interface[0].access_config[0].nat_ip + user = data.sops_file.gcp-secret.data["google.ssh.user"] + private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"] + timeout = "4m" + } + } + provisioner "file" { + source = "${path.module}/frappe/renew.service" + destination = "renew.service" + connection { + type = "ssh" + host = self.network_interface[0].access_config[0].nat_ip + user = data.sops_file.gcp-secret.data["google.ssh.user"] + private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"] + timeout = "4m" + } + } + } resource "google_compute_firewall" "default-ssh" { diff --git a/infra/gcp/frappe/README.md b/infra/gcp/frappe/README.md new file mode 100644 index 0000000..cfbd205 --- /dev/null +++ b/infra/gcp/frappe/README.md @@ -0,0 +1,33 @@ +# Restoring backups + +First, get the backup from s3, or r2, or wherever you put it. + + +SCP the files onto the box. +```bash +scp 20241214_131900_20241214_131900* :~/backups/ +``` + +SSH onto to box. +```bash +ssh .xyz +``` + +Get a shell on a container with "bench" running +```bash +cd ~/backups +docker compose run -it -v $(pwd):/backup frontend sh + +whoami +#this should return frappe, just doulbe check ur actually in the container... +``` + +Run the restore command +```bash +bench restore /backup/20241214_131900_20241214_131900-frontend-database.sql.gz --with-public-files /backup/20241214_131900_20241214_131900-frontend-files.tar --with-private-files + /backup/20241214_131900_20241214_131900-frontend-private-files.tar +``` + +> [!NOTE] +> This last command may look like it hangs, give it some time. + diff --git a/infra/gcp/frappe/docker-compose.yaml.old b/infra/gcp/frappe/docker-compose.yaml.old deleted file mode 100644 index b563aef..0000000 --- a/infra/gcp/frappe/docker-compose.yaml.old +++ /dev/null @@ -1,20 +0,0 @@ -services: - webserver: - image: nginx:latest - ports: - - 80:80 - - 443:443 - restart: always - volumes: - - ./nginx.conf:/etc/nginx/conf.d/nginx.conf:ro - - certbot_data:/var/www/certbot/:ro - - letsencrypt_data:/etc/nginx/ssl/:ro - certbot: - image: certbot/certbot:latest - volumes: - - certbot_data:/var/www/certbot/:rw - - letsencrypt_data:/etc/letsencrypt/:rw - -volumes: - certbot_data: - letsencrypt_data: diff --git a/infra/gcp/frappe/renew.service b/infra/gcp/frappe/renew.service new file mode 100644 index 0000000..a9e188a --- /dev/null +++ b/infra/gcp/frappe/renew.service @@ -0,0 +1,13 @@ +[Unit] +Description=Runs the renew script +Requires=docker-compose.app.service +After=docker-compose.app.service + +[Service] +WorkingDirectory=/home/asbotehg +ExecStart=/usr/bin/docker-compose run certbot renew +Restart=on-failure # Restart only on errors, not clean exits +TimeoutStartSec=0 + +[Install] +WantedBy=multi-user.target diff --git a/infra/gcp/frappe/renew.timer b/infra/gcp/frappe/renew.timer new file mode 100644 index 0000000..330ab16 --- /dev/null +++ b/infra/gcp/frappe/renew.timer @@ -0,0 +1,10 @@ +[Unit] +Description="Run renew.service every 24hours" + +[Timer] +OnUnitActiveSec=24h +OnCalendar=Mon..Sun *-*-* 10:00:* +Unit=renew.service + +[Install] +WantedBy=multi-user.target