Update server config (switching to systemd)

This commit is contained in:
Ben Visness 2021-08-29 15:20:29 -05:00
parent f40936ae61
commit 6056f6c1cc
8 changed files with 264 additions and 111 deletions

33
server/caddy.service Normal file
View File

@ -0,0 +1,33 @@
# This service originally copied from:
# https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --config /home/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /home/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target

15
server/cinera.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Miblo's Cinera program
After=network-online.target nss-lookup.target
[Service]
Type=forking
User=annotations
Group=annotations
ExecStart=/home/hmn/hmn/cinera/start.sh
ExecStop=/home/hmn/hmn/cinera/stop.sh
PIDFile=/home/hmn/hmn/cinera/data/cinera.pid
Restart=always
[Install]
WantedBy=multi-user.target

View File

@ -1,8 +1,7 @@
#!/bin/bash
# This script should be called with the name
# of the branch to deploy. ($1 will be the
# branch name.)
# This script should be called with the name of the branch to deploy. ($1 will
# be the branch name.)
set -euo pipefail
@ -11,13 +10,13 @@ set -euo pipefail
pushd /home/hmn/hmn
git fetch --all
git reset --hard $1
go build -o hmn src/main.go
go build -o /home/hmn/bin/hmn src/main.go
popd
SCRIPT
monit stop hmn
systemctl stop hmn
sudo -u hmn bash -s <<'SCRIPT'
set -euo pipefail
/home/hmn/hmn/hmn migrate
/home/hmn/bin/hmn migrate
SCRIPT
monit start hmn
systemctl start hmn

13
server/hmn.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=The Handmade Network website
After=network-online.target nss-lookup.target
[Service]
User=hmn
Group=hmn
ExecStart=/home/hmn/bin/hmn
Restart=always
TimeoutStopSec=15
[Install]
WantedBy=multi-user.target

View File

@ -1,8 +1,12 @@
SET DAEMON 5
SET LOGFILE /var/log/monit.log
SET STATEFILE /var/lib/monit/state
SET HTTPD UNIXSOCKET /var/run/monit.sock
allow user:pass
#SET HTTPD UNIXSOCKET /var/run/monit.sock
# allow user:pass
SET HTTPD PORT 2812 AND
USE ADDRESS localhost
ALLOW localhost
ALLOW admin:monit
SET MAILSERVER
box.handmadedev.org
PORT 587

View File

@ -2,11 +2,20 @@
set -euxo pipefail
BLACK_BOLD=$'\e[1;30m'
BLUE_BOLD=$'\e[1;34m'
RESET=$'\e[0m'
checkpoint=$(cat ./hmn_setup_checkpoint || echo 0)
savecheckpoint() {
echo $1 > ./hmn_setup_checkpoint
}
# Add swap space
# https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-ubuntu-20-04
if [ $checkpoint -lt 10 ]; then
savecheckpoint 10
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
@ -17,39 +26,57 @@ sysctl vm.swappiness=10
sysctl vm.vfs_cache_pressure=50
echo 'vm.swappiness=10' >> /etc/sysctl.conf
echo 'vm.vfs_cache_pressure=50' >> /etc/sysctl.conf
fi
# Configure Linux users
if [ $checkpoint -lt 20 ]; then
savecheckpoint 20
groupadd --system caddy
useradd --system \
--gid caddy \
--shell /bin/bash \
--create-home --home-dir /home/caddy \
caddy
groupadd --system hmn
useradd --system \
--gid hmn \
--shell /bin/bash \
--create-home --home-dir /home/hmn \
hmn
groupadd --system annotations
useradd --system \
--gid annotations \
--shell /bin/bash \
--create-home --home-dir /home/annotations \
annotations
fi
# Install important stuff
if [ $checkpoint -lt 30 ]; then
savecheckpoint 30
apt update
apt install -y \
build-essential monit \
build-essential \
libcurl4-openssl-dev byacc flex
fi
# Install Go
if [ $checkpoint -lt 40 ]; then
savecheckpoint 40
wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz
echo 'PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.profile
source ~/.profile
echo 'PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.bash_profile
source ~/.bash_profile
fi
# Install Caddy
# https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-18-04
# (with modifications)
if [ $checkpoint -lt 50 ]; then
savecheckpoint 50
go install github.com/caddyserver/xcaddy/cmd/xcaddy@v0.1.9
xcaddy build \
--with github.com/caddy-dns/cloudflare \
@ -57,20 +84,31 @@ xcaddy build \
mv caddy /usr/bin
chown root:root /usr/bin/caddy
chmod 755 /usr/bin/caddy
fi
# Install Postgres
# (instructions at https://www.postgresql.org/download/linux/ubuntu/)
if [ $checkpoint -lt 60 ]; then
savecheckpoint 60
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql
fi
# Configure Postgres
# TODO: This was supposed to create a user without a password - why didn't it?
# ...or was it?
if [ $checkpoint -lt 70 ]; then
savecheckpoint 70
sudo -u postgres createuser --createdb --login --pwprompt hmn
fi
# Set up the folder structure, clone the repo
if [ $checkpoint -lt 80 ]; then
savecheckpoint 80
sudo -u hmn bash -s <<'SCRIPT'
set -euxo pipefail
@ -78,8 +116,8 @@ cd ~
mkdir log
mkdir bin
echo 'PATH=$PATH:/usr/local/go/bin' >> ~/.profile
source ~/.profile
echo 'PATH=$PATH:/usr/local/go/bin:/home/hmn/bin' >> ~/.bash_profile
source ~/.bash_profile
ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab
git config --global core.sshCommand "ssh -i ~/.ssh/gitlab"
@ -92,65 +130,124 @@ echo ""
echo "Press enter to continue when you're done."
read
git clone git@gitssh.handmade.network:hmn/hmn.git
pushd hmn
echo "Building the site for the first time. This may take a while..."
go build -o hmn src/main.go
popd
while true ; do
ssh -T git@gitssh.handmade.network && break || true
echo "Failed to connect to GitLab. Fix the issue and then try again. (Press enter when you're done.)"
read
done
SCRIPT
echo 'PATH=$PATH:/home/hmn/bin' >> ~/.bash_profile
source ~/.bash_profile
fi
if [ $checkpoint -lt 90 ]; then
savecheckpoint 90
sudo -u hmn bash -s <<'SCRIPT'
set -euxo pipefail
cd ~
git clone git@gitssh.handmade.network:hmn/hmn.git
SCRIPT
fi
# Copy config files to the right places
if [ $checkpoint -lt 100 ]; then
savecheckpoint 100
cp /home/hmn/hmn/server/Caddyfile /home/caddy/Caddyfile
cp /home/hmn/hmn/server/caddy.service /etc/systemd/system/caddy.service
cp /home/hmn/hmn/server/hmn.service /etc/systemd/system/hmn.service
cp /home/hmn/hmn/server/cinera.service /etc/systemd/system/cinera.service
chmod 644 /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/hmn.service
chmod 644 /etc/systemd/system/cinera.service
cp /home/hmn/hmn/server/logrotate /etc/logrotate.d/hmn
cp /home/hmn/hmn/server/monitrc ~/.monitrc
cp /home/hmn/hmn/server/deploy.conf.example /home/hmn/hmn/server/deploy.conf
cp /home/hmn/hmn/src/config/config.go.example /home/hmn/hmn/src/config/config.go
cp /home/hmn/hmn/server/deploy.conf.example /home/hmn/hmn/server/deploy.conf
cp /home/hmn/hmn/cinera/cinera.conf.sample /home/hmn/hmn/cinera/cinera.conf
chmod 600 ~/.monitrc
systemctl daemon-reload
fi
# Build the site for the first time (despite bad config)
if [ $checkpoint -lt 110 ]; then
savecheckpoint 110
sudo -u hmn bash -s <<'SCRIPT'
set -euxo pipefail
cd /home/hmn/hmn
echo "Building the site for the first time. This may take a while..."
go build -o /home/hmn/bin/hmn src/main.go
SCRIPT
fi
cat <<HELP
Everything has been installed, but before you can run the site, you will need to edit several config files:
Everything has been installed, but before you can run the site, you will need
to edit several config files:
${BLACK_BOLD}Caddy${RESET}: /home/caddy/Caddyfile
${BLUE_BOLD}Caddy${RESET}: /home/caddy/Caddyfile
Add the Cloudflare key to allow the ACME challenge to succeed, and add the correct domains. (Don't forget to include both the normal and wildcard domains.)
Get an API token from Cloudflare and add it to the Caddyfile to allow the
ACME challenge to succeed. The token must have the Zone / Zone / Read and
Zone / DNS / Edit permissions (as laid out in the following links).
Also, in the CGI config, add the name of the Git branch you would like to use when deploying.
https://github.com/caddy-dns/cloudflare
https://github.com/libdns/cloudflare
${BLACK_BOLD}Monit${RESET}: ~/.monitrc
Add the Cloudflare token to allow the ACME challenge to succeed, and add
the correct domains. (Don't forget to include both the normal and wildcard
domains.)
Also, in the CGI config, add the name of the Git branch you would like to
use when deploying. For example, a deployment of the beta site should use
the `beta` branch.
${BLUE_BOLD}Monit${RESET}: ~/.monitrc
Add the password for the email server.
${BLACK_BOLD}Deploy Secret${RESET}: /home/hmn/hmn/server/deploy.conf
${BLUE_BOLD}Deploy Secret${RESET}: /home/hmn/hmn/server/deploy.conf
First, go to GitLab and add a webhook with a secret. Filter it down to just push events on the branch you care about.
First, go to GitLab and add a webhook with a secret. Set it to trigger on
push events for the branch you are using for deploys.
https://git.handmade.network/hmn/hmn/hooks
Then, edit the above file and fill in the secret value from the GitLab webhook.
Then, edit the above file and fill in the secret value from the
GitLab webhook.
${BLACK_BOLD}Website${RESET}: /home/hmn/hmn/src/config/config.go
${BLUE_BOLD}Website${RESET}: /home/hmn/hmn/src/config/config.go
Fill out everything :)
${BLACK_BOLD}Cinera${RESET}: /home/hmn/hmn/cinera/cinera.conf
Then rebuild the site:
su hmn
cd ~/hmn
go build -o /home/hmn/bin/hmn src/main.go
${BLUE_BOLD}Cinera${RESET}: /home/hmn/hmn/cinera/cinera.conf
Add the correct domain.
${BLACK_BOLD}Next steps:${RESET}
${BLUE_BOLD}===== Next steps =====${RESET}
Restore a database backup:
pg_restore --single-transaction --dbname hmn --host localhost --username hmn ./path/to/dumpfile
Reload the monit config:
monit reload
su hmn
cd ~
/home/hmn/bin/hmn seedfile <I dunno man figure it out>
Start up Caddy:
monit start caddy
systemctl start caddy
Then run the deploy script:

View File

@ -1,5 +0,0 @@
#!/bin/bash
mkdir -p /home/hmn/log
nohup /home/hmn/hmn/hmn > /home/hmn/log/hmn.log 2>&1 &
echo $! > /home/hmn/hmn.pid

View File

@ -1,3 +0,0 @@
#!/bin/bash
kill $(cat /home/hmn/hmn.pid)