deemanone/padelnomics
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
563bd1fb2ecc7d7d202829fb0de9e6c8c66bae3a
padelnomics/infra/bootstrap_supervisor.sh
Deeman 65e51d2972
All checks were successful
CI / test (push) Successful in 52s
Details
CI / tag (push) Successful in 3s
Details
fix(infra): switch landing backup to shared r2-landing rclone remote 
Replace inline LITESTREAM_R2_* credentials in the backup service with
the named [r2-landing] rclone remote and R2_LANDING_* env vars, matching
the beanflows pattern. Add rclone.conf setup to bootstrap_supervisor.sh
so the remote is written from env on each bootstrap run.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-01 18:36:57 +01:00

107 lines
4.7 KiB
Bash
Raw Blame History

#!/bin/bash
# Bootstrap Padelnomics supervisor after setup_server.sh + adding keys.
# Run once on the server after SSH deploy key is added to GitLab
# and the server age key is committed to .env.prod.sops.
#
# Usage:
# ssh root@<server_ip> 'bash -s' < infra/bootstrap_supervisor.sh
#
# Prerequisites:
# - setup_server.sh already run (padelnomics_service user, SSH deploy key, age keypair, uv)
# - Deploy key added to GitLab (Settings → Repository → Deploy Keys)
# - Server age public key added to .sops.yaml + .env.prod.sops committed + pushed
set -euo pipefail
SERVICE_USER="padelnomics_service"
REPO_DIR="/opt/padelnomics"
GITEA_REPO="ssh://git@git.padelnomics.io:2222/deemanone/padelnomics.git"
UV="/home/${SERVICE_USER}/.local/bin/uv"
[ "$(id -u)" = "0" ] || { echo "ERROR: Run as root"; exit 1; }
# ── Check age keypair ─────────────────────────────────────────────────────────
AGE_KEY_FILE="/home/${SERVICE_USER}/.config/sops/age/keys.txt"
if [ ! -f "${AGE_KEY_FILE}" ]; then
echo "ERROR: Age keypair not found at ${AGE_KEY_FILE}"
echo "Run infra/setup_server.sh first, then add the printed keys, then re-run."
exit 1
fi
# ── Clone or update repository ────────────────────────────────────────────────
if [ -d "${REPO_DIR}/.git" ]; then
sudo -u "${SERVICE_USER}" git -C "${REPO_DIR}" fetch --tags --prune-tags origin
else
sudo -u "${SERVICE_USER}" git clone \
"${GITEA_REPO}" "${REPO_DIR}"
fi
LATEST_TAG=$(sudo -u "${SERVICE_USER}" \
git -C "${REPO_DIR}" tag --list --sort=-version:refname "v*" | head -1)
if [ -n "${LATEST_TAG}" ]; then
sudo -u "${SERVICE_USER}" git -C "${REPO_DIR}" checkout --detach "${LATEST_TAG}"
fi
# ── Decrypt secrets ───────────────────────────────────────────────────────────
sudo -u "${SERVICE_USER}" bash -c \
"sops --input-type dotenv --output-type dotenv -d ${REPO_DIR}/.env.prod.sops > ${REPO_DIR}/.env"
chmod 600 "${REPO_DIR}/.env"
# ── Python dependencies ───────────────────────────────────────────────────────
sudo -u "${SERVICE_USER}" bash -c "cd ${REPO_DIR} && ${UV} sync --all-packages"
# ── rclone config (r2-landing remote) ────────────────────────────────────────
_env_get() { grep -E "^${1}=" "${REPO_DIR}/.env" 2>/dev/null | head -1 | cut -d= -f2- | tr -d '"'"'" || true; }
R2_LANDING_KEY=$(_env_get R2_LANDING_ACCESS_KEY_ID)
R2_LANDING_SECRET=$(_env_get R2_LANDING_SECRET_ACCESS_KEY)
R2_ENDPOINT=$(_env_get R2_ENDPOINT)
if [ -n "${R2_LANDING_KEY}" ] && [ -n "${R2_LANDING_SECRET}" ] && [ -n "${R2_ENDPOINT}" ]; then
RCLONE_CONF_DIR="/home/${SERVICE_USER}/.config/rclone"
RCLONE_CONF="${RCLONE_CONF_DIR}/rclone.conf"
sudo -u "${SERVICE_USER}" mkdir -p "${RCLONE_CONF_DIR}"
grep -v '^\[r2-landing\]' "${RCLONE_CONF}" 2>/dev/null > "${RCLONE_CONF}.tmp" || true
cat >> "${RCLONE_CONF}.tmp" <<EOF
[r2-landing]
type = s3
provider = Cloudflare
access_key_id = ${R2_LANDING_KEY}
secret_access_key = ${R2_LANDING_SECRET}
endpoint = ${R2_ENDPOINT}
acl = private
no_check_bucket = true
EOF
mv "${RCLONE_CONF}.tmp" "${RCLONE_CONF}"
chown "${SERVICE_USER}:${SERVICE_USER}" "${RCLONE_CONF}"
chmod 600 "${RCLONE_CONF}"
echo "$(date '+%H:%M:%S') ==> rclone [r2-landing] remote configured."
else
echo "$(date '+%H:%M:%S') ==> R2_LANDING_* not set — skipping rclone config."
fi
# ── Systemd services ──────────────────────────────────────────────────────────
cp "${REPO_DIR}/infra/landing-backup/padelnomics-landing-backup.service" /etc/systemd/system/
cp "${REPO_DIR}/infra/landing-backup/padelnomics-landing-backup.timer" /etc/systemd/system/
cp "${REPO_DIR}/infra/supervisor/padelnomics-supervisor.service" /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now padelnomics-landing-backup.timer
systemctl enable --now padelnomics-supervisor
echo ""
echo "=== Bootstrap complete! ==="
echo ""
echo "Check status: systemctl status padelnomics-supervisor"
echo "View logs: journalctl -u padelnomics-supervisor -f"
echo "Backup timer: systemctl list-timers padelnomics-landing-backup.timer"
echo "Tag: $(sudo -u "${SERVICE_USER}" git -C "${REPO_DIR}" describe --tags --always)"
Reference in New Issue View Git Blame Copy Permalink