Update server config (switching to systemd)

server/caddy.service

@@ -0,0 +1,33 @@
+# This service originally copied from:
+# https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service
+
+# caddy.service
+#
+# For using Caddy with a config file.
+#
+# Make sure the ExecStart and ExecReload commands are correct
+# for your installation.
+#
+# See https://caddyserver.com/docs/install for instructions.
+
+[Unit]
+Description=Caddy
+Documentation=https://caddyserver.com/docs/
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=notify
+User=caddy
+Group=caddy
+ExecStart=/usr/bin/caddy run --config /home/caddy/Caddyfile
+ExecReload=/usr/bin/caddy reload --config /home/caddy/Caddyfile
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+LimitNPROC=512
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target

server/cinera.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Miblo's Cinera program
+After=network-online.target nss-lookup.target
+
+[Service]
+Type=forking
+User=annotations
+Group=annotations
+ExecStart=/home/hmn/hmn/cinera/start.sh
+ExecStop=/home/hmn/hmn/cinera/stop.sh
+PIDFile=/home/hmn/hmn/cinera/data/cinera.pid
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

server/deploy.sh

@@ -1,8 +1,7 @@
 #!/bin/bash
 
-# This script should be called with the name
+# This script should be called with the name of the branch to deploy. ($1 will
-# of the branch to deploy. ($1 will be the
+# be the branch name.)
-# branch name.)
 
 set -euo pipefail
 
@@ -11,13 +10,13 @@ set -euo pipefail
 pushd /home/hmn/hmn
     git fetch --all
     git reset --hard $1
-    go build -o hmn src/main.go
+    go build -o /home/hmn/bin/hmn src/main.go
 popd
 SCRIPT
 
-monit stop hmn
+systemctl stop hmn
 sudo -u hmn bash -s <<'SCRIPT'
 set -euo pipefail
-/home/hmn/hmn/hmn migrate
+/home/hmn/bin/hmn migrate
 SCRIPT
-monit start hmn
+systemctl start hmn

server/hmn.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=The Handmade Network website
+After=network-online.target nss-lookup.target
+
+[Service]
+User=hmn
+Group=hmn
+ExecStart=/home/hmn/bin/hmn
+Restart=always
+TimeoutStopSec=15
+
+[Install]
+WantedBy=multi-user.target

server/monitrc

@@ -1,8 +1,12 @@
 SET DAEMON 5
 SET LOGFILE /var/log/monit.log
 SET STATEFILE /var/lib/monit/state
-SET HTTPD UNIXSOCKET /var/run/monit.sock
+#SET HTTPD UNIXSOCKET /var/run/monit.sock
-    allow user:pass
+#    allow user:pass
+SET HTTPD PORT 2812 AND
+    USE ADDRESS localhost
+    ALLOW localhost
+    ALLOW admin:monit
 SET MAILSERVER
     box.handmadedev.org
     PORT 587

server/serversetup.sh

@@ -2,155 +2,252 @@
 
 set -euxo pipefail
 
-BLACK_BOLD=$'\e[1;30m'
+BLUE_BOLD=$'\e[1;34m'
 RESET=$'\e[0m'
 
+checkpoint=$(cat ./hmn_setup_checkpoint || echo 0)
+
+savecheckpoint() {
+    echo $1 > ./hmn_setup_checkpoint
+}
+
 # Add swap space
 # https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-ubuntu-20-04
-fallocate -l 1G /swapfile
+if [ $checkpoint -lt 10 ]; then
-chmod 600 /swapfile
+    savecheckpoint 10
-mkswap /swapfile
+
-swapon /swapfile
+    fallocate -l 1G /swapfile
-swapon --show
+    chmod 600 /swapfile
-echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
+    mkswap /swapfile
-sysctl vm.swappiness=10
+    swapon /swapfile
-sysctl vm.vfs_cache_pressure=50
+    swapon --show
-echo 'vm.swappiness=10' >> /etc/sysctl.conf
+    echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
-echo 'vm.vfs_cache_pressure=50' >> /etc/sysctl.conf
+    sysctl vm.swappiness=10
+    sysctl vm.vfs_cache_pressure=50
+    echo 'vm.swappiness=10' >> /etc/sysctl.conf
+    echo 'vm.vfs_cache_pressure=50' >> /etc/sysctl.conf
+fi
 
 # Configure Linux users
-groupadd --system caddy
+if [ $checkpoint -lt 20 ]; then
-useradd --system \
+    savecheckpoint 20
-    --gid caddy \
+
-    --create-home --home-dir /home/caddy \
+    groupadd --system caddy
-    caddy
+    useradd --system \
-groupadd --system hmn
+        --gid caddy \
-useradd --system \
+        --shell /bin/bash \
-    --gid hmn \
+        --create-home --home-dir /home/caddy \
-    --create-home --home-dir /home/hmn \
+        caddy
-    hmn
+    groupadd --system hmn
-groupadd --system annotations
+    useradd --system \
-useradd --system \
+        --gid hmn \
-    --gid annotations \
+        --shell /bin/bash \
-    --create-home --home-dir /home/annotations \
+        --create-home --home-dir /home/hmn \
-    annotations
+        hmn
+    groupadd --system annotations
+    useradd --system \
+        --gid annotations \
+        --shell /bin/bash \
+        --create-home --home-dir /home/annotations \
+        annotations
+fi
 
 # Install important stuff
-apt update
+if [ $checkpoint -lt 30 ]; then
-apt install -y \
+    savecheckpoint 30
-    build-essential monit \
+
-    libcurl4-openssl-dev byacc flex
+    apt update
+    apt install -y \
+        build-essential \
+        libcurl4-openssl-dev byacc flex
+fi
 
 # Install Go
-wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
+if [ $checkpoint -lt 40 ]; then
-tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz
+    savecheckpoint 40
-echo 'PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.profile
+
-source ~/.profile
+    wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
+    tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz
+    echo 'PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.bash_profile
+    source ~/.bash_profile
+fi
 
 # Install Caddy
 # https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-18-04
-# (with modifications)
+if [ $checkpoint -lt 50 ]; then
-go install github.com/caddyserver/xcaddy/cmd/xcaddy@v0.1.9
+    savecheckpoint 50
-xcaddy build \
+
-    --with github.com/caddy-dns/cloudflare \
+    go install github.com/caddyserver/xcaddy/cmd/xcaddy@v0.1.9
-    --with github.com/aksdb/caddy-cgi/v2
+    xcaddy build \
-mv caddy /usr/bin
+        --with github.com/caddy-dns/cloudflare \
-chown root:root /usr/bin/caddy
+        --with github.com/aksdb/caddy-cgi/v2
-chmod 755 /usr/bin/caddy
+    mv caddy /usr/bin
+    chown root:root /usr/bin/caddy
+    chmod 755 /usr/bin/caddy
+fi
 
 # Install Postgres
 # (instructions at https://www.postgresql.org/download/linux/ubuntu/)
-sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
+if [ $checkpoint -lt 60 ]; then
-wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+    savecheckpoint 60
-sudo apt-get update
+
-sudo apt-get -y install postgresql
+    sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
+    wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+    sudo apt-get update
+    sudo apt-get -y install postgresql
+fi
 
 # Configure Postgres
 # TODO: This was supposed to create a user without a password - why didn't it?
 # ...or was it?
-sudo -u postgres createuser --createdb --login --pwprompt hmn
+if [ $checkpoint -lt 70 ]; then
+    savecheckpoint 70
+    sudo -u postgres createuser --createdb --login --pwprompt hmn
+fi
 
 # Set up the folder structure, clone the repo
-sudo -u hmn bash -s <<'SCRIPT'
+if [ $checkpoint -lt 80 ]; then
-set -euxo pipefail
+    savecheckpoint 80
 
-cd ~
+    sudo -u hmn bash -s <<'SCRIPT'
-mkdir log
+        set -euxo pipefail
-mkdir bin
 
-echo 'PATH=$PATH:/usr/local/go/bin' >> ~/.profile
+        cd ~
-source ~/.profile
+        mkdir log
+        mkdir bin
 
-ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab
+        echo 'PATH=$PATH:/usr/local/go/bin:/home/hmn/bin' >> ~/.bash_profile
-git config --global core.sshCommand "ssh -i ~/.ssh/gitlab"
+        source ~/.bash_profile
-echo ""
-echo ""
-echo "Copy the following key and add it as a Deploy Key in the project in GitLab (https://git.handmade.network/hmn/hmn/-/settings/ci_cd#js-deploy-keys-settings):"
-echo ""
-cat ~/.ssh/gitlab.pub
-echo ""
-echo "Press enter to continue when you're done."
-read
 
-git clone git@gitssh.handmade.network:hmn/hmn.git
+        ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab
-pushd hmn
+        git config --global core.sshCommand "ssh -i ~/.ssh/gitlab"
-    echo "Building the site for the first time. This may take a while..."
+        echo ""
-    go build -o hmn src/main.go
+        echo ""
-popd
+        echo "Copy the following key and add it as a Deploy Key in the project in GitLab (https://git.handmade.network/hmn/hmn/-/settings/ci_cd#js-deploy-keys-settings):"
+        echo ""
+        cat ~/.ssh/gitlab.pub
+        echo ""
+        echo "Press enter to continue when you're done."
+        read
+
+        while true ; do
+            ssh -T git@gitssh.handmade.network && break || true
+            echo "Failed to connect to GitLab. Fix the issue and then try again. (Press enter when you're done.)"
+            read
+        done
 SCRIPT
 
+    echo 'PATH=$PATH:/home/hmn/bin' >> ~/.bash_profile
+    source ~/.bash_profile
+fi
+
+if [ $checkpoint -lt 90 ]; then
+    savecheckpoint 90
+
+    sudo -u hmn bash -s <<'SCRIPT'
+        set -euxo pipefail
+
+        cd ~
+        git clone git@gitssh.handmade.network:hmn/hmn.git
+SCRIPT
+fi
+
 # Copy config files to the right places
-cp /home/hmn/hmn/server/Caddyfile /home/caddy/Caddyfile
+if [ $checkpoint -lt 100 ]; then
-cp /home/hmn/hmn/server/logrotate /etc/logrotate.d/hmn
+    savecheckpoint 100
-cp /home/hmn/hmn/server/monitrc ~/.monitrc
+
-cp /home/hmn/hmn/server/deploy.conf.example /home/hmn/hmn/server/deploy.conf
+    cp /home/hmn/hmn/server/Caddyfile /home/caddy/Caddyfile
-cp /home/hmn/hmn/src/config/config.go.example /home/hmn/hmn/src/config/config.go
+
-cp /home/hmn/hmn/cinera/cinera.conf.sample /home/hmn/hmn/cinera/cinera.conf
+    cp /home/hmn/hmn/server/caddy.service /etc/systemd/system/caddy.service
-chmod 600 ~/.monitrc
+    cp /home/hmn/hmn/server/hmn.service /etc/systemd/system/hmn.service
+    cp /home/hmn/hmn/server/cinera.service /etc/systemd/system/cinera.service
+    chmod 644 /etc/systemd/system/caddy.service
+    chmod 644 /etc/systemd/system/hmn.service
+    chmod 644 /etc/systemd/system/cinera.service
+
+    cp /home/hmn/hmn/server/logrotate /etc/logrotate.d/hmn
+    
+    cp /home/hmn/hmn/src/config/config.go.example /home/hmn/hmn/src/config/config.go
+    cp /home/hmn/hmn/server/deploy.conf.example /home/hmn/hmn/server/deploy.conf
+    cp /home/hmn/hmn/cinera/cinera.conf.sample /home/hmn/hmn/cinera/cinera.conf
+
+    systemctl daemon-reload
+fi
+
+# Build the site for the first time (despite bad config)
+if [ $checkpoint -lt 110 ]; then
+    savecheckpoint 110
+    
+    sudo -u hmn bash -s <<'SCRIPT'
+        set -euxo pipefail
+
+        cd /home/hmn/hmn
+        echo "Building the site for the first time. This may take a while..."
+        go build -o /home/hmn/bin/hmn src/main.go
+SCRIPT
+fi
 
 cat <<HELP
-Everything has been installed, but before you can run the site, you will need to edit several config files:
+Everything has been installed, but before you can run the site, you will need
+to edit several config files:
 
-${BLACK_BOLD}Caddy${RESET}: /home/caddy/Caddyfile
+${BLUE_BOLD}Caddy${RESET}: /home/caddy/Caddyfile
 
-    Add the Cloudflare key to allow the ACME challenge to succeed, and add the correct domains. (Don't forget to include both the normal and wildcard domains.)
+    Get an API token from Cloudflare and add it to the Caddyfile to allow the
+    ACME challenge to succeed. The token must have the Zone / Zone / Read and 
+    Zone / DNS / Edit permissions (as laid out in the following links).
 
-    Also, in the CGI config, add the name of the Git branch you would like to use when deploying.
+        https://github.com/caddy-dns/cloudflare
+        https://github.com/libdns/cloudflare
 
-${BLACK_BOLD}Monit${RESET}: ~/.monitrc
+    Add the Cloudflare token to allow the ACME challenge to succeed, and add
+    the correct domains. (Don't forget to include both the normal and wildcard
+    domains.)
+
+    Also, in the CGI config, add the name of the Git branch you would like to
+    use when deploying. For example, a deployment of the beta site should use
+    the `beta` branch.
+
+${BLUE_BOLD}Monit${RESET}: ~/.monitrc
 
     Add the password for the email server.
 
-${BLACK_BOLD}Deploy Secret${RESET}: /home/hmn/hmn/server/deploy.conf
+${BLUE_BOLD}Deploy Secret${RESET}: /home/hmn/hmn/server/deploy.conf
 
-    First, go to GitLab and add a webhook with a secret. Filter it down to just push events on the branch you care about.
+    First, go to GitLab and add a webhook with a secret. Set it to trigger on
+    push events for the branch you are using for deploys.
 
-    https://git.handmade.network/hmn/hmn/hooks
+        https://git.handmade.network/hmn/hmn/hooks
 
-    Then, edit the above file and fill in the secret value from the GitLab webhook.
+    Then, edit the above file and fill in the secret value from the
+    GitLab webhook.
 
-${BLACK_BOLD}Website${RESET}: /home/hmn/hmn/src/config/config.go
+${BLUE_BOLD}Website${RESET}: /home/hmn/hmn/src/config/config.go
 
     Fill out everything :)
 
-${BLACK_BOLD}Cinera${RESET}: /home/hmn/hmn/cinera/cinera.conf
+    Then rebuild the site:
+
+        su hmn
+        cd ~/hmn
+        go build -o /home/hmn/bin/hmn src/main.go
+
+${BLUE_BOLD}Cinera${RESET}: /home/hmn/hmn/cinera/cinera.conf
 
     Add the correct domain.
 
 
-${BLACK_BOLD}Next steps:${RESET}
+${BLUE_BOLD}===== Next steps =====${RESET}
 
 Restore a database backup:
 
-    pg_restore --single-transaction --dbname hmn --host localhost --username hmn ./path/to/dumpfile
+    su hmn
-
+    cd ~
-Reload the monit config:
+    /home/hmn/bin/hmn seedfile <I dunno man figure it out>
-
-    monit reload
 
 Start up Caddy:
 
-    monit start caddy
+    systemctl start caddy
 
 Then run the deploy script:
 

server/start.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-mkdir -p /home/hmn/log
-nohup /home/hmn/hmn/hmn > /home/hmn/log/hmn.log 2>&1 &
-echo $! > /home/hmn/hmn.pid

server/stop.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-kill $(cat /home/hmn/hmn.pid)