rococo.systems

set hostnames, create superuser ```bash= for fqdn in c{1..3}.calamari.rococo.systems; do echo "${fqdn}" ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=accept-new root@${fqdn} " hostnamectl set-hostname ${fqdn}; getent passwd mobula &> /dev/null || useradd --create-home --shell /bin/bash --comment 'manta ops' --user-group --groups sudo,systemd-journal mobula; test -d /home/mobula/.ssh || sudo -H -u mobula mkdir /home/mobula/.ssh; chmod 700 /home/mobula/.ssh; sudo -H -u mobula bash -c 'echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIBSdR9Wy3S4L+Zdcu8waYe5vW2VzMoi+QafgV3IIFj > /home/mobula/.ssh/authorized_keys'; # ops chmod 644 /home/mobula/.ssh/authorized_keys; echo 'mobula ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/mobula; chmod 0440 /etc/sudoers.d/mobula; " done ``` test superuser has password-less sudo by updating distro packages ```bash= user=mobula for fqdn in c{1..3}.calamari.rococo.systems; do echo ${fqdn} ssh -o ConnectTimeout=3 ${user}@${fqdn} " sudo apt-get update; sudo apt-get dist-upgrade -y; sudo apt-get upgrade -y distro-info-data grub-efi-amd64 grub-efi-amd64-bin tzdata; sudo apt-get install -y unattended-upgrades; sudo apt-get autoremove -y; sudo reboot; " done ``` install system tls certs ```bash= user=mobula for fqdn in c{1..3}.{calamari,manta}.rococo.systems; do echo ${fqdn} ssh -o ConnectTimeout=3 -o StrictHostKeyChecking=accept-new ${user}@${fqdn} " sudo apt-get install -y certbot nginx; sudo rm /etc/nginx/sites-enabled/*.conf; sudo curl --silent --location --output /etc/nginx/sites-available/certbot.conf --url https://raw.githubusercontent.com/Manta-Network/rubberneck/main/static/etc/nginx/sites-available/certbot.conf; sudo ln -sfr /etc/nginx/sites-available/certbot.conf /etc/nginx/sites-enabled/certbot.conf; sudo systemctl restart nginx.service; sleep 3; sudo certbot certonly --noninteractive --cert-name ${fqdn} --expand --allow-subset-of-names --key-type ecdsa -m ops@manta.network --agree-tos --no-eff-email --preferred-challenges http --webroot --webroot-path /var/www/html -d ${fqdn}; " done ``` install shared tls certs ```bash= tld=rococo.systems mkdir -p /tmp/{archive,live}/{ws,ws.archive}.{calamari,manta}.${tld} for prefix in ws ws.archive; do for chain in calamari manta; do ssh kavula \ sudo certbot certonly \ -m ops@manta.network \ --agree-tos \ --no-eff-email \ --noninteractive \ --cert-name ${prefix}.${chain}.${tld} \ --expand \ --allow-subset-of-names \ --key-type ecdsa \ --dns-cloudflare \ --dns-cloudflare-credentials /root/.cloudflare \ --dns-cloudflare-propagation-seconds 60 \ -d ${prefix}.${chain}.${tld} for lifecycle in archive live; do rsync \ --rsync-path='sudo rsync' \ -a \ kavula:/etc/letsencrypt/${lifecycle}/${prefix}.${chain}.${tld}/ \ /tmp/${lifecycle}/${prefix}.${chain}.${tld} for fqdn in c{1..3}.${chain}.${tld}; do rsync \ -og \ --chown=root:root \ --rsync-path='sudo rsync' \ -a \ /tmp/${lifecycle}/${prefix}.${chain}.${tld}/ \ ${fqdn}:/etc/letsencrypt/${lifecycle}/${prefix}.${chain}.${tld} done done done done rm -rf /tmp/{archive,live}/{ws,ws.archive}.{calamari,manta}.${tld} ``` create rubberneck manifests ```bash= source_tld=dolphin.engineering target_tld=rococo.systems repo_path=${HOME}/git/Manta-Network/rubberneck for n in {1..3}; do for chain in calamari manta; do mkdir -p ${repo_path}/config/${chain}.${target_tld}/c${n}/etc/nginx/sites-available cp \ ${repo_path}/config/${source_tld}/f${n}/etc/nginx/sites-available/dolphin.conf \ ${repo_path}/config/${chain}.${target_tld}/c${n}/etc/nginx/sites-available/${chain}.conf sed -i \ "s/f${n}.${source_tld}/c${n}.${chain}.${target_tld}/g" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/etc/nginx/sites-available/${chain}.conf if [ "${chain}" = "manta" ]; then sed -i \ "s/:99/:79/g" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/etc/nginx/sites-available/${chain}.conf sed -i \ "s/:96/:76/g" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/etc/nginx/sites-available/${chain}.conf fi cp \ ${repo_path}/config/${source_tld}/f${n}/config.yml \ ${repo_path}/config/${chain}.${target_tld}/c${n}/config.yml sed -i \ "s/${source_tld}/${chain}.${target_tld}/g" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/config.yml sed -i \ "s/hostname: f${n}/hostname: c${n}/" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/config.yml sed -i \ "s#/f${n}/#/c${n}/#" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/config.yml sed -i \ "s/dolphin.conf/${chain}.conf/g" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/config.yml sed -i \ "s/\$(hostname -f)/c${n}.${chain}.${target_tld}/g" \ ${repo_path}/config/${chain}.${target_tld}/c${n}/config.yml done done ``` create and start sync services ```bash= for chain in calamari manta; do ssh kavula " sudo cp /etc/systemd/system/sync-node-state-rococo-dolphin.service /etc/systemd/system/sync-node-state-rococo-${chain}.service; sudo sed -i 's/dolphin/${chain}/g' /etc/systemd/system/sync-node-state-rococo-${chain}.service; sudo systemctl enable --now sync-node-state-rococo-${chain}.service; " done ```