deemanone/padelnomics
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
619d1570ef5dc1f73af56d2320fcfc5601acf06c
padelnomics/infra/setup_server.sh
Deeman 619d1570ef fix(infra): run services as padelnomics_service user instead of root 
- setup_server.sh now requires root, creates padelnomics_service user,
  adds to docker group, generates deploy key in service user's home,
  owns /opt/padelnomics and /data/padelnomics to service user
- supervisor service: User=padelnomics_service, updated PATH
- landing-backup service: User=padelnomics_service

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 02:51:09 +01:00

98 lines
3.2 KiB
Bash
Raw Blame History

#!/bin/bash
# One-time server setup. Run as root on a fresh server.
# Creates padelnomics_service user, installs system dependencies,
# and registers systemd services that run as that user.
#
# Usage:
# sudo bash infra/setup_server.sh
set -euo pipefail
APP_DIR="/opt/padelnomics"
SERVICE_USER="padelnomics_service"
SERVICE_HOME="/home/${SERVICE_USER}"
KEY_PATH="${SERVICE_HOME}/.ssh/padelnomics_deploy"
# Ensure running as root
if [ "$(id -u)" -ne 0 ]; then
echo "Error: must run as root (use sudo)" >&2
exit 1
fi
# Create service user if not present
if ! id "$SERVICE_USER" &>/dev/null; then
useradd --system --create-home --shell /usr/sbin/nologin "$SERVICE_USER"
echo "Created user $SERVICE_USER"
else
echo "User $SERVICE_USER already exists, skipping"
fi
# Add service user to docker group (needed for deploy.sh)
usermod -aG docker "$SERVICE_USER"
echo "Added $SERVICE_USER to docker group"
# Create app directory owned by service user
mkdir -p "$APP_DIR"
chown "$SERVICE_USER:$SERVICE_USER" "$APP_DIR"
echo "Created $APP_DIR"
# Generate deploy key as service user if not present
if [ ! -f "$KEY_PATH" ]; then
sudo -u "$SERVICE_USER" mkdir -p "${SERVICE_HOME}/.ssh"
sudo -u "$SERVICE_USER" ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" -C "padelnomics-server"
chmod 700 "${SERVICE_HOME}/.ssh"
chmod 600 "$KEY_PATH"
chmod 644 "${KEY_PATH}.pub"
# Configure SSH to use this key for gitlab.com
if ! grep -q "# padelnomics" "${SERVICE_HOME}/.ssh/config" 2>/dev/null; then
sudo -u "$SERVICE_USER" tee -a "${SERVICE_HOME}/.ssh/config" > /dev/null <<EOF
# padelnomics
Host gitlab.com
IdentityFile $KEY_PATH
EOF
chmod 600 "${SERVICE_HOME}/.ssh/config"
fi
echo "Generated deploy key: $KEY_PATH"
else
echo "Deploy key already exists, skipping"
fi
# Install rclone system-wide (we are root, no sudo needed)
if ! command -v rclone &>/dev/null; then
echo "Installing rclone..."
curl -fsSL https://rclone.org/install.sh | bash
echo "Installed rclone $(rclone --version | head -1)"
else
echo "rclone already installed, skipping"
fi
# Create data directories owned by service user
mkdir -p /data/padelnomics/landing
chown -R "$SERVICE_USER:$SERVICE_USER" /data/padelnomics
echo "Created /data/padelnomics/landing"
# Install and enable systemd services
cp "$APP_DIR/infra/landing-backup/padelnomics-landing-backup.service" /etc/systemd/system/
cp "$APP_DIR/infra/landing-backup/padelnomics-landing-backup.timer" /etc/systemd/system/
cp "$APP_DIR/infra/supervisor/padelnomics-supervisor.service" /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now padelnomics-landing-backup.timer
echo "Enabled landing backup timer (every 30 min)"
systemctl enable --now padelnomics-supervisor.service
echo "Enabled supervisor service"
echo ""
echo "=== Next steps ==="
echo "1. Add this deploy key to GitLab (Settings → Repository → Deploy Keys, read-only):"
echo ""
cat "${KEY_PATH}.pub"
echo ""
echo "2. Clone the repo as $SERVICE_USER:"
echo " sudo -u $SERVICE_USER git clone git@gitlab.com:deemanone/padelnomics.git $APP_DIR"
echo ""
echo "3. Deploy (first run generates server age keypair — follow the printed instructions):"
echo " sudo -u $SERVICE_USER bash $APP_DIR/deploy.sh"
Reference in New Issue View Git Blame Copy Permalink