padelnomics/infra/setup_server.sh

#!/bin/bash
# One-time server setup: create app directory and GitLab deploy key.
# Run as root on a fresh server before deploying.
#
# Usage:
#   bash infra/setup_server.sh

set -euo pipefail

APP_DIR="/opt/padelnomics"
KEY_PATH="$HOME/.ssh/padelnomics_deploy"

# Create app directory
mkdir -p "$APP_DIR"
echo "Created $APP_DIR"

# Generate deploy key if not already present
if [ ! -f "$KEY_PATH" ]; then
    mkdir -p "$HOME/.ssh"
    ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" -C "padelnomics-server"
    chmod 700 "$HOME/.ssh"
    chmod 600 "$KEY_PATH"
    chmod 644 "$KEY_PATH.pub"

    # Configure SSH to use this key for gitlab.com
    if ! grep -q "# padelnomics" "$HOME/.ssh/config" 2>/dev/null; then
        cat >> "$HOME/.ssh/config" <<EOF

# padelnomics
Host gitlab.com
    IdentityFile $KEY_PATH
EOF
        chmod 600 "$HOME/.ssh/config"
    fi

    echo "Generated deploy key: $KEY_PATH"
else
    echo "Deploy key already exists, skipping"
fi

# NOTE: sops + age installation and keypair generation is handled by deploy.sh
# (self-provisioning on first run). No need to install here.

# Install rclone (landing zone backup to R2)
if ! command -v rclone &>/dev/null; then
    echo "Installing rclone..."
    curl -fsSL https://rclone.org/install.sh | bash
    echo "Installed rclone $(rclone version --check | head -1)"
else
    echo "rclone already installed, skipping"
fi

# Create landing data directory
mkdir -p /data/padelnomics/landing
echo "Created /data/padelnomics/landing"

# Install and enable landing backup timer
cp "$APP_DIR/infra/landing-backup/padelnomics-landing-backup.service" /etc/systemd/system/
cp "$APP_DIR/infra/landing-backup/padelnomics-landing-backup.timer" /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now padelnomics-landing-backup.timer
echo "Enabled landing backup timer (every 30 min)"

# Install and enable supervisor service
cp "$APP_DIR/infra/supervisor/padelnomics-supervisor.service" /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now padelnomics-supervisor.service
echo "Enabled supervisor service"

echo ""
echo "=== Next steps ==="
echo "1. Add this deploy key to GitLab (Settings → Repository → Deploy Keys, read-only):"
echo ""
cat "$KEY_PATH.pub"
echo ""
echo "2. Clone the repo:"
echo "   git clone git@gitlab.com:YOUR_USER/padelnomics.git $APP_DIR"
echo ""
echo "3. Deploy (first run installs sops+age and generates server keypair):"
echo "   cd $APP_DIR && bash deploy.sh"