add rollback script and vault helper

2026-01-20 11:00:00 +00:00 · 2026-01-20 11:00:00 +00:00 · e0583c38fb
commit e0583c38fb
parent eec271fb5e
2 changed files with 24 additions and 0 deletions
--- a/lib/vault.sh
+++ b/lib/vault.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+# Thin wrapper around vault kv get for scripts that need secrets at runtime.
+# Usage: source lib/vault.sh && vault_get "secret/nexus/db" "password"
+
+vault_get() {
+    local path="$1"
+    local field="$2"
+    vault kv get -field="$field" "$path"
+}
--- a/scripts/rollback.sh
+++ b/scripts/rollback.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+# Roll back the production deployment to the previous release.
+set -euo pipefail
+
+DEPLOY_HOST="prod.nexus.local"
+PREVIOUS=$(ssh deploy@"$DEPLOY_HOST" "ls -1dt /opt/releases/*/ | sed -n '2p'")
+
+if [ -z "$PREVIOUS" ]; then
+    echo "[rollback] No previous release found." >&2
+    exit 1
+fi
+
+echo "[rollback] Rolling back to: $PREVIOUS"
+ssh deploy@"$DEPLOY_HOST" "ln -sfn '$PREVIOUS' /opt/app && systemctl restart nexus-app"
+echo "[rollback] Done."