initial commit

scripts/bs-label-workers.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+# label nodes into pools based on hostname: *wordpressPool*/*mysqlPool*/*redisPool*/*phpPool*/*nginxPool*
+set -euo pipefail
+docker node inspect -f '{{ .ID }} {{ .Description.Hostname }} {{ .Spec.Role }}' $(docker node ls -q) \
+| while read -r id host role; do
+  [[ "$role" == "worker" ]] || continue
+  case "$host" in
+    *wordPressPool*) val=wordpress ;;
+    *mysqlPool*)     val=mysql ;;
+    *redisPool*)     val=redis ;;
+    *phpPool*)       val=php ;;
+    *nginxPool*)     val=nginx ;;
+    *)               val="" ;;
+  esac
+  [[ -n "$val" ]] && docker node update --label-add "pool=$val" "$id"
+done
+echo "Worker labels updated."

scripts/bs-networks.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+docker network create --driver overlay --opt encrypted --attachable appNet  >/dev/null 2>&1 || true
+docker network create --driver overlay --opt encrypted --internal  backendNet >/dev/null 2>&1 || true
+echo "appNet + backendNet ready."

scripts/bs-scaffold-site.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+DOMAIN="${1:-${DOMAIN:-}}"
+if [[ -z "$DOMAIN" ]]; then
+  echo "Usage: $0 <full-domain>"; exit 1
+fi
+
+STACK="${STACK:-${DOMAIN%.*}}"               # domain minus TLD
+BASE="/mnt/data/sites/$DOMAIN"
+TPL="/mnt/data/templates/site-stack.allinone.template.yml"
+OUT="/mnt/data/stacks/site-stack.$DOMAIN.yml"
+
+mkdir -p "$BASE"/{code,uploads,plugins,themes,mu-plugins,nginx/conf.d,db,redis}
+chown -R www-data:www-data "$BASE"/{code,uploads,plugins,themes,mu-plugins} || true
+chown -R nobody:nogroup "$BASE/nginx" || true
+
+# Seed WordPress core if empty
+if [ -z "$(ls -A "$BASE/code" 2>/dev/null)" ]; then
+  docker run --rm -v "$BASE/code":/target wordpress:php8.3-fpm \
+    bash -lc 'shopt -s dotglob && cp -a /var/www/html/* /target/'
+  chown -R www-data:www-data "$BASE/code"
+fi
+
+# vhost
+VHOST="$BASE/nginx/conf.d/site.conf"
+if [[ ! -f "$VHOST" ]]; then
+cat > "$VHOST" <<'CONF'
+server {
+  listen 80;
+  server_name __DOMAIN__;
+  root /var/www/html;
+  index index.php index.html;
+
+  location / { try_files $uri $uri/ /index.php?$args; }
+
+  location ~ \.php$ {
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
+    fastcgi_param HTTP_X_FORWARDED_HOST  $host;
+    fastcgi_pass php:9000;
+  }
+
+  client_max_body_size 50m;
+}
+CONF
+  sed -i "s/__DOMAIN__/$DOMAIN/g" "$VHOST"
+fi
+
+# per-site secrets
+ROOT_SEC="mysql_root_password_${DOMAIN}"
+WP_SEC="mysql_wp_password_${DOMAIN}"
+docker secret ls --format '{{.Name}}' | grep -qx "$ROOT_SEC" || openssl rand -base64 32 | docker secret create "$ROOT_SEC" - >/dev/null
+docker secret ls --format '{{.Name}}' | grep -qx "$WP_SEC"   || openssl rand -base64 32 | docker secret create "$WP_SEC"   - >/dev/null
+
+# render stack
+mkdir -p /mnt/data/stacks /mnt/data/templates
+cp -n templates/site-stack.allinone.template.yml "$TPL" 2>/dev/null || true
+sed "s/__DOMAIN__/$DOMAIN/g" "$TPL" > "$OUT"
+
+# deploy
+docker stack deploy -c "$OUT" "$STACK"
+
+echo "Deployed stack '$STACK'. In NPM, proxy https://$DOMAIN -> http://${STACK}_nginx:80 on appNet."