#!/usr/bin/env bash # Run all remaining operator/infra tasks. Set env flags to execute; otherwise prints commands. # Usage: # ./scripts/run-all-remaining-tasks.sh # print what to run # RUN_W02=1 AMOUNT=0.01 ./scripts/run-all-remaining-tasks.sh # run sendCrossChain (needs PRIVATE_KEY in .env) # RUN_SECURITY=1 ./scripts/run-all-remaining-tasks.sh # run W1-1 and W1-2 --apply (needs Proxmox/SSH) # RUN_VALIDATOR_KEYS=1 ./scripts/run-all-remaining-tasks.sh # run secure-validator-keys (on validator host) set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" cd "$PROJECT_ROOT" [[ -f .env ]] && source .env 2>/dev/null || true [[ -f smom-dbis-138/.env ]] && source smom-dbis-138/.env 2>/dev/null || true echo "=== Remaining tasks runner ===" echo "" # W0-2: sendCrossChain (requires PRIVATE_KEY, LINK) if [[ "${RUN_W02:-0}" = "1" && -n "${AMOUNT:-}" ]]; then echo "W0-2: Running sendCrossChain $AMOUNT..." bash scripts/bridge/run-send-cross-chain.sh "$AMOUNT" "${RECIPIENT:-}" && echo " Done." || echo " Failed (check PRIVATE_KEY, LINK)." else echo "W0-2: bash scripts/bridge/run-send-cross-chain.sh [recipient] (set RUN_W02=1 AMOUNT= to run)" fi echo "" # W1-1, W1-2: Security (run from Proxmox or host with SSH to Proxmox) if [[ "${RUN_SECURITY:-0}" = "1" ]]; then echo "W1-1: SSH key auth --apply..." bash scripts/security/setup-ssh-key-auth.sh --apply || true echo "W1-2: Firewall 8006 --apply..." bash scripts/security/firewall-proxmox-8006.sh --apply "${ADMIN_CIDR:-192.168.11.0/24}" || true else echo "W1-1: bash scripts/security/setup-ssh-key-auth.sh [--dry-run|--apply] (RUN_SECURITY=1 to apply)" echo "W1-2: bash scripts/security/firewall-proxmox-8006.sh [--dry-run|--apply] [CIDR]" fi echo "" # W1-19: Validator keys (run on each Proxmox host that runs validators) if [[ "${RUN_VALIDATOR_KEYS:-0}" = "1" ]]; then echo "W1-19: Securing validator keys..." bash scripts/secure-validator-keys.sh || true else echo "W1-19: bash scripts/secure-validator-keys.sh (on validator host; RUN_VALIDATOR_KEYS=1 to run)" fi echo "" # W2-2 through W3-2, CR-1, API, Paymaster (runbooks / manual) echo "--- Runbook / manual ---" echo "W2-2: Publish Grafana via Cloudflare Access; configure Alertmanager routes (config/monitoring/alertmanager.yml)" echo "W2-3: docs/02-architecture/NETWORK_ARCHITECTURE.md §3-5; UDM Pro VLANs + Proxmox VLAN-aware bridge" echo "W2-4: bash scripts/ccip/ccip-deploy-checklist.sh; docs/07-ccip/CCIP_DEPLOYMENT_SPEC.md (Ops/Admin 5400-5401, NAT pools)" echo "W2-5: bash scripts/deployment/phase4-sovereign-tenants.sh [--show-steps|--dry-run]; OPERATIONAL_RUNBOOKS § Phase 4" echo "W2-7: DBIS/Hyperledger runbooks; docs/03-deployment/MISSING_CONTAINERS_LIST.md" echo "W3-1: CCIP Fleet (5410-5425, 5440-5455, 5470-5476) per CCIP_DEPLOYMENT_SPEC" echo "W3-2: Phase 4 tenant isolation (firewall/ACL per runbook)" echo "CR-1: docs/07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md; smom-dbis-138/scripts/deployment/complete-config-ready-chains.sh" echo "API: reports/API_KEYS_REQUIRED.md → obtain keys → set in .env" echo "Paymaster (optional): cd smom-dbis-138 && forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url \$RPC_URL_138 --broadcast" echo "" echo "=== Done ==="