deemanone/beanflows
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14b45f7d6ff7711a53a2389d7bd44580df038a1
beanflows/infra/bootstrap_supervisor.sh
Deeman cf65fa16b6 refactor(infra): consolidate tool installs in setup, strip bootstrap to essentials 
- setup_server.sh: add git/curl/ca-certificates apt install, add uv install
  as service user, fix SSH config write (root + chown vs sudo heredoc), remove
  noise log lines after set -e makes them redundant
- bootstrap_supervisor.sh: remove all tool installs (apt, uv, sops, age) —
  setup_server.sh is now the single source of truth; strip to ~45 lines:
  age-key check, clone/fetch, tag checkout, decrypt, uv sync, systemd enable
- readme.md: update step 1 and step 3 descriptions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-26 22:25:31 +01:00

70 lines
3.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Bootstrap Materia supervisor after setup_server.sh + adding keys.
# Run once on the server after SSH deploy key is added to GitLab
# and the server age key is committed to .env.prod.sops.
#
# Usage:
# ssh root@<server_ip> 'bash -s' < infra/bootstrap_supervisor.sh
#
# Prerequisites:
# - setup_server.sh already run (beanflows_service user, SSH deploy key, age keypair, uv)
# - Deploy key added to GitLab (Settings → Repository → Deploy Keys)
# - Server age public key added to .sops.yaml + .env.prod.sops committed + pushed
set -euo pipefail
SERVICE_USER="beanflows_service"
REPO_DIR="/opt/materia"
GITLAB_PROJECT="deemanone/materia"
UV="/home/${SERVICE_USER}/.local/bin/uv"
[ "$(id -u)" = "0" ] || { echo "ERROR: Run as root"; exit 1; }
# ── Check age keypair ─────────────────────────────────────────────────────────
AGE_KEY_FILE="/home/${SERVICE_USER}/.config/sops/age/keys.txt"
if [ ! -f "${AGE_KEY_FILE}" ]; then
echo "ERROR: Age keypair not found at ${AGE_KEY_FILE}"
echo "Run infra/setup_server.sh first, then add the printed keys, then re-run."
exit 1
fi
# ── Clone or update repository ────────────────────────────────────────────────
if [ -d "${REPO_DIR}/.git" ]; then
sudo -u "${SERVICE_USER}" git -C "${REPO_DIR}" fetch --tags --prune-tags origin
else
sudo -u "${SERVICE_USER}" git clone \
"git@gitlab.com:${GITLAB_PROJECT}.git" "${REPO_DIR}"
fi
LATEST_TAG=$(sudo -u "${SERVICE_USER}" \
git -C "${REPO_DIR}" tag --list --sort=-version:refname "v*" | head -1)
if [ -n "${LATEST_TAG}" ]; then
sudo -u "${SERVICE_USER}" git -C "${REPO_DIR}" checkout --detach "${LATEST_TAG}"
fi
# ── Decrypt secrets ───────────────────────────────────────────────────────────
sudo -u "${SERVICE_USER}" bash -c \
"sops --input-type dotenv --output-type dotenv -d ${REPO_DIR}/.env.prod.sops > ${REPO_DIR}/.env"
chmod 600 "${REPO_DIR}/.env"
# ── Python dependencies ───────────────────────────────────────────────────────
sudo -u "${SERVICE_USER}" bash -c "cd ${REPO_DIR} && ${UV} sync --all-packages"
# ── Systemd service ───────────────────────────────────────────────────────────
cp "${REPO_DIR}/infra/supervisor/materia-supervisor.service" /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now materia-supervisor
echo ""
echo "=== Bootstrap complete! ==="
echo ""
echo "Check status: systemctl status materia-supervisor"
echo "View logs: journalctl -u materia-supervisor -f"
echo "Workflow status: sudo -u ${SERVICE_USER} ${UV} run -p ${REPO_DIR} python src/materia/supervisor.py status"
echo "Tag: $(sudo -u "${SERVICE_USER}" git -C "${REPO_DIR}" describe --tags --always)"
Reference in New Issue View Git Blame Copy Permalink