server-infra/setup.sh

#!/bin/bash
# Phase 1: Create infra_service user, directories, and install uv.
# Pipeable — no repo needed on the server.
#
# Usage (from workstation):
#   ssh root@<server-ip> 'bash -s' < setup.sh
#
# What it does:
#   1. Creates infra_service system user (nologin, docker group)
#   2. Creates /opt/server-infra/ and /data/server-infra/
#   3. Installs uv as infra_service
#
# After this script: rsync the repo, then run bootstrap.sh.

set -euo pipefail

SERVICE_USER="infra_service"
REPO_DIR="/opt/server-infra"
DATA_DIR="/data/server-infra"

[ "$(id -u)" = "0" ] || { echo "ERROR: Run as root"; exit 1; }

log() { echo "$(date '+%H:%M:%S') ==> $*"; }

# ── Service user ───────────────────────────────────────────────────────────────

log "Creating service user ${SERVICE_USER}..."
if ! id "${SERVICE_USER}" >/dev/null 2>&1; then
    useradd --system --create-home --shell /usr/sbin/nologin "${SERVICE_USER}"
    log "  User created."
else
    log "  User already exists — skipping."
fi
usermod -aG docker "${SERVICE_USER}"

# ── Directories ────────────────────────────────────────────────────────────────

log "Creating directories..."
mkdir -p "${REPO_DIR}" "${DATA_DIR}"
chown "${SERVICE_USER}:${SERVICE_USER}" "${REPO_DIR}"
chown -R "${SERVICE_USER}:${SERVICE_USER}" "${DATA_DIR}"

# ── uv ────────────────────────────────────────────────────────────────────────

if [ ! -f "/home/${SERVICE_USER}/.local/bin/uv" ]; then
    log "Installing uv..."
    sudo -u "${SERVICE_USER}" bash -c 'curl -LsSf https://astral.sh/uv/install.sh | sh'
    log "  uv installed."
else
    log "  uv already installed — skipping."
fi

# ── Summary ────────────────────────────────────────────────────────────────────

SERVER_IP=$(hostname -I | awk '{print $1}')

echo ""
echo "=================================================================="
echo ""
echo "  Phase 1 complete."
echo ""
echo "  Service user: ${SERVICE_USER} (docker group)"
echo "  Repo dir:     ${REPO_DIR}/"
echo "  Data dir:     ${DATA_DIR}/"
echo ""
echo "=================================================================="
echo ""
echo "  Next step — rsync repo from workstation, then run bootstrap:"
echo ""
echo "  1. On your workstation:"
echo "       rsync -av --chown=root:root ~/Projects/server-infra/ root@${SERVER_IP}:${REPO_DIR}/"
echo ""
echo "  2. Then run bootstrap:"
echo "       ssh root@${SERVER_IP} 'bash -s' < bootstrap.sh"
echo ""
echo "=================================================================="
echo ""