deploy

#!/bin/bash

set -o errexit -o nounset -o pipefail

touch lock
exec {fd}< lock
if ! flock -n $fd; then
    echo already deploying >&2
    exit 1
fi

reconfigure=0
if [[ $# -eq 1 ]]; then
    if [[ $1 == reconfigure ]]; then
        reconfigure=1
    else
        echo invalid parameter
        exit 1
    fi
elif [[ $# -ne 0 ]]; then
    echo too many parameters
    exit 1
fi

declare -A receiver_threads=(
    [ns1.grapheneos.org]=2
)

# use YYYYMMDDSS SOA serial format
old_serial=$(cat serial.txt 2>/dev/null || echo -n $(date -u +"%Y%m%d00"))
serial=$(date -u +"%Y%m%d")
if [[ ${old_serial:0:8} = ${serial} ]]; then
    old_sequence=${old_serial:8:2}
    old_sequence=${old_sequence##0}
    [[ $old_sequence -eq 99 ]] && old_sequence=0
    serial+=$(printf %02d $(( $old_sequence + 1 )))
else
    serial+=01
fi
echo serial: $serial
echo
echo -n $serial > serial.txt

. servers.sh

for server in ${servers[@]}; do
    echo $server

    remote=root@$server

    if (( reconfigure )); then
        cp pdns.conf pdns.conf.tmp
        sed -i "s/{{addresses}}/${addresses[$server]}/g;s/{{receiver_threads}}/${receiver_threads[$server]:-1}/g" pdns.conf.tmp
        rsync -pcv --chmod=F644 --fsync --preallocate pdns.conf.tmp $remote:/etc/powerdns/pdns.conf
        rm pdns.conf.tmp
        rsync -pcv --chown root:geoipupdate --chmod=F640 --fsync --preallocate GeoIP.conf $remote:/etc/GeoIP.conf
        rsync -prcv --delete --chmod=D755,F644 --fsync --preallocate systemd/system/{geoipupdate.service.d,geoipupdate.timer.d,pdns.service.d} $remote:/etc/systemd/system/
    fi

    cp zones.yaml zones.yaml.tmp
    sed -i "s/{serial}/$serial/g; s/{serial}/$serial/g" zones.yaml.tmp
    rsync -pcv --chmod=F644 --fsync --preallocate zones.yaml.tmp $remote:/etc/powerdns/zones.yaml
    rm zones.yaml.tmp

    if (( reconfigure )); then
        ssh $remote 'systemctl enable --now geoipupdate.timer pdns.service && systemctl daemon-reload && systemctl restart pdns'
        sleep 5
    else
        ssh $remote pdns_control reload
    fi

    echo
done