Simplify supervisor architecture and automate bootstrap

- Simplify supervisor.sh following TigerBeetle pattern - Remove complex functions, use simple while loop - Add || sleep 600 for resilience against crashes - Use git switch --discard-changes for clean updates - Run pipelines every hour (SQLMesh handles scheduling) - Use POSIX sh instead of bash - Remove /repo subdirectory nesting - Repository clones directly to /opt/materia - Simpler paths throughout - Move systemd service to repo - Bootstrap copies from repo instead of hardcoding - Service can be updated via git pull - Automate bootstrap in CI/CD - deploy:supervisor now auto-bootstraps on first deploy - Waits for SSH to be ready (retry loop) - Injects secrets via SSH environment - Idempotent: detects if already bootstrapped Result: Push to master and supervisor "just works" 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-13 21:17:12 +02:00
parent 21f99767bf
commit 2fff895a73
5 changed files with 53 additions and 191 deletions
--- a/infra/bootstrap_supervisor.sh
+++ b/infra/bootstrap_supervisor.sh
@@ -26,8 +26,7 @@ if [ "$EUID" -ne 0 ]; then
 fi

 # Configuration
-MATERIA_DIR="/opt/materia"
-REPO_DIR="$MATERIA_DIR/repo"
+REPO_DIR="/opt/materia"
 GITLAB_PROJECT="deemanone/materia"

 # GITLAB_READ_TOKEN should be set in Pulumi ESC (beanflows/prod)
@@ -71,22 +70,20 @@ echo "--- Loading secrets from Pulumi ESC ---"
 eval $(esc env open beanflows/prod --format shell)

 echo "--- Cloning repository ---"
-mkdir -p "$MATERIA_DIR"
 if [ -d "$REPO_DIR" ]; then
    echo "Repository already exists, pulling latest..."
    cd "$REPO_DIR"
    git pull origin master
 else
-    cd "$MATERIA_DIR"
-    git clone "$REPO_URL" repo
-    cd repo
+    git clone "$REPO_URL" "$REPO_DIR"
+    cd "$REPO_DIR"
 fi

 echo "--- Installing Python dependencies ---"
 uv sync

 echo "--- Creating environment file ---"
-cat > "$MATERIA_DIR/.env" <<EOF
+cat > "$REPO_DIR/.env" <<EOF
 # Environment variables for supervisor
 # Loaded from Pulumi ESC: beanflows/prod
 PULUMI_ACCESS_TOKEN=${PULUMI_ACCESS_TOKEN}
@@ -94,32 +91,7 @@ PATH=/root/.cargo/bin:/root/.pulumi/bin:/usr/local/bin:/usr/bin:/bin
 EOF

 echo "--- Setting up systemd service ---"
-cat > /etc/systemd/system/materia-supervisor.service <<'EOF'
-[Unit]
-Description=Materia Supervisor - Pipeline Orchestration
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/materia/repo
-ExecStart=/opt/materia/repo/infra/supervisor/supervisor.sh
-Restart=always
-RestartSec=10
-EnvironmentFile=/opt/materia/.env
-
-# Resource limits
-LimitNOFILE=65536
-
-# Logging
-StandardOutput=journal
-StandardError=journal
-SyslogIdentifier=materia-supervisor
-
-[Install]
-WantedBy=multi-user.target
-EOF
+cp "$REPO_DIR/infra/supervisor/materia-supervisor.service" /etc/systemd/system/materia-supervisor.service

 echo "--- Enabling and starting service ---"
 systemctl daemon-reload