infra: fix CRLF line endings in setup_server.sh
This commit is contained in:
Deeman
@@ -1,45 +1,45 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# One-time server setup: create app user, /opt/beanflows, and GitLab deploy key.
|
# One-time server setup: create app user, /opt/beanflows, and GitLab deploy key.
|
||||||
# Run as root on a fresh Hetzner server before bootstrapping the supervisor.
|
# Run as root on a fresh Hetzner server before bootstrapping the supervisor.
|
||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
# bash infra/setup_server.sh
|
# bash infra/setup_server.sh
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
APP_USER="beanflows_service"
|
APP_USER="beanflows_service"
|
||||||
APP_DIR="/opt/beanflows"
|
APP_DIR="/opt/beanflows"
|
||||||
KEY_PATH="/home/$APP_USER/.ssh/gitlab_deploy"
|
KEY_PATH="/home/$APP_USER/.ssh/gitlab_deploy"
|
||||||
|
|
||||||
# Create system user with a home dir (needed for .ssh) but no login shell
|
# Create system user with a home dir (needed for .ssh) but no login shell
|
||||||
if ! id "$APP_USER" &>/dev/null; then
|
if ! id "$APP_USER" &>/dev/null; then
|
||||||
useradd --system --create-home --shell /usr/sbin/nologin "$APP_USER"
|
useradd --system --create-home --shell /usr/sbin/nologin "$APP_USER"
|
||||||
echo "Created user: $APP_USER"
|
echo "Created user: $APP_USER"
|
||||||
else
|
else
|
||||||
echo "User $APP_USER already exists, skipping"
|
echo "User $APP_USER already exists, skipping"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create app directory owned by app user
|
# Create app directory owned by app user
|
||||||
mkdir -p "$APP_DIR"
|
mkdir -p "$APP_DIR"
|
||||||
chown "$APP_USER:$APP_USER" "$APP_DIR"
|
chown "$APP_USER:$APP_USER" "$APP_DIR"
|
||||||
chmod 750 "$APP_DIR"
|
chmod 750 "$APP_DIR"
|
||||||
echo "Created $APP_DIR (owner: $APP_USER)"
|
echo "Created $APP_DIR (owner: $APP_USER)"
|
||||||
|
|
||||||
# Generate deploy key if not already present
|
# Generate deploy key if not already present
|
||||||
if [ ! -f "$KEY_PATH" ]; then
|
if [ ! -f "$KEY_PATH" ]; then
|
||||||
mkdir -p "/home/$APP_USER/.ssh"
|
mkdir -p "/home/$APP_USER/.ssh"
|
||||||
ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" -C "beanflows-server"
|
ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" -C "beanflows-server"
|
||||||
chown -R "$APP_USER:$APP_USER" "/home/$APP_USER/.ssh"
|
chown -R "$APP_USER:$APP_USER" "/home/$APP_USER/.ssh"
|
||||||
chmod 700 "/home/$APP_USER/.ssh"
|
chmod 700 "/home/$APP_USER/.ssh"
|
||||||
chmod 600 "$KEY_PATH"
|
chmod 600 "$KEY_PATH"
|
||||||
chmod 644 "$KEY_PATH.pub"
|
chmod 644 "$KEY_PATH.pub"
|
||||||
echo "Generated deploy key: $KEY_PATH"
|
echo "Generated deploy key: $KEY_PATH"
|
||||||
else
|
else
|
||||||
echo "Deploy key already exists, skipping"
|
echo "Deploy key already exists, skipping"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "=== Add this deploy key to GitLab ==="
|
echo "=== Add this deploy key to GitLab ==="
|
||||||
echo "GitLab → repo → Settings → Repository → Deploy Keys (read-only)"
|
echo "GitLab → repo → Settings → Repository → Deploy Keys (read-only)"
|
||||||
echo ""
|
echo ""
|
||||||
cat "$KEY_PATH.pub"
|
cat "$KEY_PATH.pub"
|
||||||
|
|||||||
Reference in New Issue
Block a user