hmn/server/serversetup.sh

403 lines
11 KiB
Bash
Raw Permalink Normal View History

2021-08-28 20:36:52 +00:00
#!/bin/bash
2021-08-29 23:11:41 +00:00
set -exo pipefail
2021-08-28 21:33:15 +00:00
BLUE_BOLD=$'\e[1;34m'
2021-08-28 20:36:52 +00:00
RESET=$'\e[0m'
checkpoint=$(cat ./hmn_setup_checkpoint || echo 0)
savecheckpoint() {
echo $1 > ./hmn_setup_checkpoint
}
2021-08-29 23:11:41 +00:00
do_as() {
sudo -u $1 --preserve-env=PATH bash -s
}
2021-08-28 20:36:52 +00:00
# Add swap space
# https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-ubuntu-20-04
if [ $checkpoint -lt 10 ]; then
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
swapon --show
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
sysctl vm.swappiness=10
sysctl vm.vfs_cache_pressure=50
echo 'vm.swappiness=10' >> /etc/sysctl.conf
echo 'vm.vfs_cache_pressure=50' >> /etc/sysctl.conf
2021-08-29 23:11:41 +00:00
savecheckpoint 10
fi
2021-08-28 20:36:52 +00:00
# Configure Linux users
if [ $checkpoint -lt 20 ]; then
groupadd --system caddy
useradd --system \
--gid caddy \
--shell /bin/bash \
--create-home --home-dir /home/caddy \
caddy
groupadd --system hmn
useradd --system \
--gid hmn \
--shell /bin/bash \
--create-home --home-dir /home/hmn \
hmn
groupadd --system annotations
useradd --system \
--gid annotations \
--shell /bin/bash \
--create-home --home-dir /home/annotations \
annotations
2021-09-04 20:19:12 +00:00
usermod -a -G annotations hmn
2021-08-29 23:11:41 +00:00
savecheckpoint 20
fi
2021-08-28 20:36:52 +00:00
# Install important stuff
if [ $checkpoint -lt 30 ]; then
apt update
apt install -y \
build-essential \
2021-09-04 14:27:05 +00:00
libcurl4-openssl-dev byacc flex \
s3cmd
2021-08-29 23:11:41 +00:00
savecheckpoint 30
fi
2021-08-28 20:36:52 +00:00
# Install Go
if [ $checkpoint -lt 40 ]; then
wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz
2021-08-29 23:11:41 +00:00
export PATH=$PATH:/usr/local/go/bin:/root/go/bin
echo 'export PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.bashrc
go version
do_as hmn <<'SCRIPT'
set -euxo pipefail
echo 'export PATH=$PATH:/usr/local/go/bin:/home/hmn/go/bin' >> ~/.bashrc
go version
SCRIPT
savecheckpoint 40
fi
2021-08-28 20:36:52 +00:00
2021-08-29 23:11:41 +00:00
export PATH=$PATH:/usr/local/go/bin:/root/go/bin
2021-08-28 20:36:52 +00:00
# Install Caddy
# https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-18-04
if [ $checkpoint -lt 50 ]; then
go install github.com/caddyserver/xcaddy/cmd/xcaddy@v0.1.9
xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/aksdb/caddy-cgi/v2
mv caddy /usr/bin
chown root:root /usr/bin/caddy
chmod 755 /usr/bin/caddy
2021-08-29 23:11:41 +00:00
savecheckpoint 50
fi
2021-08-28 20:36:52 +00:00
# Install Postgres
# (instructions at https://www.postgresql.org/download/linux/ubuntu/)
if [ $checkpoint -lt 60 ]; then
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql
2021-08-29 23:11:41 +00:00
savecheckpoint 60
fi
2021-08-28 20:36:52 +00:00
# Configure Postgres
if [ $checkpoint -lt 70 ]; then
2021-08-29 23:11:41 +00:00
echo "Enter the password for the HMN postgres user:"
sudo -u postgres createuser --createdb --login --pwprompt hmn
2021-08-29 23:11:41 +00:00
savecheckpoint 70
fi
2021-08-28 20:36:52 +00:00
2021-08-29 23:11:41 +00:00
# Set up the folder structure
if [ $checkpoint -lt 80 ]; then
2021-08-29 23:11:41 +00:00
set +x
2021-08-29 23:11:41 +00:00
do_as hmn <<'SCRIPT'
cd ~
mkdir log
mkdir bin
2021-08-29 23:11:41 +00:00
echo 'export PATH=$PATH:/home/hmn/bin' >> ~/.bashrc
SCRIPT
savecheckpoint 80
fi
# Set up SSH for hmn
2021-08-30 00:15:48 +00:00
if [ $checkpoint -lt 81 ]; then
set +x
2021-08-29 23:11:41 +00:00
do_as hmn <<'SCRIPT'
ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab-hmn
git config --global core.sshCommand "ssh -i ~/.ssh/gitlab-hmn"
SCRIPT
do_as annotations <<'SCRIPT'
ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab-annotation-system
ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab-hmml
SCRIPT
echo ""
echo "Add the following keys as Deploy Keys to the following projects:"
echo ""
cat /home/hmn/.ssh/gitlab-hmn.pub
echo "https://git.handmade.network/hmn/hmn/-/settings/ci_cd#js-deploy-keys-settings"
echo ""
cat /home/annotations/.ssh/gitlab-annotation-system.pub
echo "https://git.handmade.network/Annotation-Pushers/Annotation-System/-/settings/ci_cd#js-deploy-keys-settings"
echo ""
cat /home/annotations/.ssh/gitlab-hmml.pub
echo "https://git.handmade.network/Annotation-Pushers/cinera_handmade.network/-/settings/ci_cd#js-deploy-keys-settings"
echo ""
echo "Run this script again when you're done - it will continue where it left off."
2021-08-29 23:11:41 +00:00
savecheckpoint 81
# This is a special case, where we want to halt the script and allow the
# user to perform an action before moving on.
exit 0
fi
# Test SSH for hmn
2021-08-29 23:11:41 +00:00
if [ $checkpoint -lt 82 ]; then
do_as hmn <<'SCRIPT'
set -euxo pipefail
if ! ssh -T -i ~/.ssh/gitlab-hmn git@gitssh.handmade.network; then
2021-08-29 23:11:41 +00:00
set +x
echo "Copy the following key:"
2021-08-29 23:11:41 +00:00
echo ""
cat ~/.ssh/gitlab-hmn
2021-08-29 23:11:41 +00:00
echo ""
echo "Add it as a Deploy Key to the HMN project in GitLab:"
echo ""
echo " https://git.handmade.network/hmn/hmn/-/settings/ci_cd#js-deploy-keys-settings"
echo ""
exit 1
fi
SCRIPT
do_as annotations <<'SCRIPT'
if ! ssh -T -i ~/.ssh/gitlab-annotation-system git@gitssh.handmade.network; then
set +x
echo "Copy the following key:"
echo ""
cat ~/.ssh/gitlab-annotation-system
echo ""
echo "Add it as a Deploy Key to this project in GitLab:"
echo ""
echo " https://git.handmade.network/Annotation-Pushers/Annotation-System/-/settings/ci_cd#js-deploy-keys-settings"
echo ""
exit 1
fi
if ! ssh -T -i ~/.ssh/gitlab-hmml git@gitssh.handmade.network; then
set +x
echo "Copy the following key:"
echo ""
cat ~/.ssh/gitlab-hmml
echo ""
echo "Add it as a Deploy Key to this project in GitLab:"
echo ""
echo " https://git.handmade.network/Annotation-Pushers/cinera_handmade.network/-/settings/ci_cd#js-deploy-keys-settings"
2021-08-29 23:11:41 +00:00
echo ""
exit 1
fi
SCRIPT
savecheckpoint 82
fi
2021-08-28 21:33:15 +00:00
2021-08-29 23:11:41 +00:00
# Clone the repo
if [ $checkpoint -lt 90 ]; then
do_as hmn <<'SCRIPT'
set -euxo pipefail
cd ~
git clone git@gitssh.handmade.network:hmn/hmn.git
2021-08-28 20:36:52 +00:00
SCRIPT
2021-08-29 23:11:41 +00:00
savecheckpoint 90
fi
2021-08-28 20:36:52 +00:00
# Copy config files to the right places
if [ $checkpoint -lt 100 ]; then
cp /home/hmn/hmn/server/Caddyfile /home/caddy/Caddyfile
cp /home/hmn/hmn/server/caddy.service /etc/systemd/system/caddy.service
cp /home/hmn/hmn/server/hmn.service /etc/systemd/system/hmn.service
cp /home/hmn/hmn/server/cinera.service /etc/systemd/system/cinera.service
chmod 644 /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/hmn.service
chmod 644 /etc/systemd/system/cinera.service
cp /home/hmn/hmn/server/logrotate /etc/logrotate.d/hmn
cp /home/hmn/hmn/src/config/config.go.example /home/hmn/hmn/src/config/config.go
2021-09-04 14:27:05 +00:00
cp /home/hmn/hmn/server/hmn.conf.example /home/hmn/hmn/server/hmn.conf
2021-09-04 18:21:11 +00:00
cp /home/hmn/hmn/adminmailer/config.go.example /home/hmn/hmn/adminmailer/config.go
cp /home/hmn/hmn/cinera/cinera.conf.sample /home/hmn/hmn/cinera/cinera.conf
2021-08-29 23:11:41 +00:00
chown hmn:hmn /home/hmn/hmn/src/config/config.go
2021-09-04 14:27:05 +00:00
chown hmn:hmn /home/hmn/hmn/server/hmn.conf
2021-08-29 23:11:41 +00:00
chown hmn:hmn /home/hmn/hmn/cinera/cinera.conf
2021-09-04 14:27:05 +00:00
cp /home/hmn/hmn/server/.s3cfg /home/hmn/.s3cfg
chown hmn:hmn /home/hmn/.s3cfg
chmod 600 /home/hmn/.s3cfg
2021-08-29 23:11:41 +00:00
cp /home/hmn/hmn/server/root.Makefile /root/Makefile
systemctl daemon-reload
2021-08-29 23:11:41 +00:00
savecheckpoint 100
fi
2021-09-04 14:27:05 +00:00
# Set up crons
if [ $checkpoint -lt 105 ]; then
# See https://stackoverflow.com/a/9625233/1177139
(crontab -l 2>/dev/null; echo "50 4 * * * /home/hmn/hmn/server/backup.sh") | crontab -
2021-09-04 14:27:05 +00:00
# TODO: This seems to fail the first time you run it? But then works fine afterward, thanks
# to checkpoints. Probably should fix this someday.
savecheckpoint 105
2021-09-04 14:27:05 +00:00
fi
# Build the site for the first time (despite bad config)
2021-08-29 23:11:41 +00:00
if [ $checkpoint -lt 110 ]; then
do_as hmn <<'SCRIPT'
set -euxo pipefail
cd /home/hmn/hmn
echo "Building the site for the first time. This may take a while..."
2021-08-29 23:11:41 +00:00
go build -v -o /home/hmn/bin/hmn src/main.go
SCRIPT
2021-08-29 23:11:41 +00:00
echo 'PATH=$PATH:/home/hmn/bin' >> ~/.bashrc
source ~/.bashrc
savecheckpoint 110
fi
2021-08-28 20:36:52 +00:00
2021-08-28 21:33:15 +00:00
cat <<HELP
Everything has been successfully installed!
${BLUE_BOLD}===== Next steps =====${RESET}
First, make sure you have everything on your path:
2021-08-28 20:36:52 +00:00
source ~/.bashrc
2021-08-28 20:36:52 +00:00
${BLUE_BOLD}Edit the Caddy config${RESET}
2021-08-28 20:36:52 +00:00
Get an API token from Cloudflare. The token must have the Zone / Zone / Read and
Zone / DNS / Edit permissions (as laid out in the following links).
2021-08-28 20:36:52 +00:00
https://github.com/caddy-dns/cloudflare
https://github.com/libdns/cloudflare
2021-08-30 00:15:48 +00:00
Then edit the Caddyfile:
2021-08-30 00:15:48 +00:00
vim /home/caddy/Caddyfile
2021-08-30 00:15:48 +00:00
Add the Cloudflare token to allow the ACME challenge to succeed, and add
the correct domains. (Don't forget to include both the normal and wildcard
domains.)
2021-08-30 00:15:48 +00:00
Also, in the CGI config, add the name of the Git branch you would like to
use when deploying. For example, a deployment of the beta site should use
the 'beta' branch.
2021-08-30 00:15:48 +00:00
${BLUE_BOLD}Edit the website config${RESET}
2021-08-28 20:36:52 +00:00
Edit the config file using a special make task:
2021-08-30 00:15:48 +00:00
make edit-config
2021-08-28 20:36:52 +00:00
Fill out everything, then rebuild the site:
2021-08-28 20:36:52 +00:00
make build
2021-08-28 21:33:15 +00:00
You don't need to deploy the site yet; wait until you've
configured everything.
2021-08-28 21:33:15 +00:00
${BLUE_BOLD}Edit HMN environment vars${RESET}
2021-08-28 20:36:52 +00:00
First, go to GitLab and add a webhook with a secret. Set it to trigger on
push events for the branch you are using for deploys.
2021-08-28 20:36:52 +00:00
https://git.handmade.network/hmn/hmn/hooks
2021-08-28 20:36:52 +00:00
Then, edit the following file and fill in all the environment vars, including
the secret value from the GitLab webhook:
2021-09-04 14:27:05 +00:00
/home/hmn/hmn/server/hmn.conf
2021-09-04 14:27:05 +00:00
${BLUE_BOLD}Configure s3cmd${RESET}
2021-09-04 18:21:11 +00:00
Edit the following file:
2021-09-04 18:21:11 +00:00
/home/hmn/.s3cfg
2021-09-04 18:21:11 +00:00
Add the DigitalOcean Spaces credentials, and ensure that the bucket info is correct.
2021-09-04 18:21:11 +00:00
${BLUE_BOLD}Configure Cinera${RESET}
2021-08-28 20:36:52 +00:00
Edit the following file, adding the correct domain:
2021-08-28 20:36:52 +00:00
/home/hmn/hmn/cinera/cinera.conf
2021-08-29 23:11:41 +00:00
${BLUE_BOLD}Configure the admin mailer${RESET}
Fill in the config file and build the mailer:
cd /home/hmn/hmn/adminmailer
vim config.go
go build -o /usr/bin/adminmailer .
2021-08-29 23:11:41 +00:00
${BLUE_BOLD}Download and restore a database backup${RESET}
2021-09-04 14:27:05 +00:00
make download-database
2021-08-28 20:36:52 +00:00
su hmn
cd ~
hmn seedfile <your backup file>
hmn migrate
2021-09-04 14:27:05 +00:00
${BLUE_BOLD}Restore static files${RESET}
2021-09-04 14:27:05 +00:00
make restore-static-files
2021-08-28 20:36:52 +00:00
${BLUE_BOLD}Set up Cinera${RESET}
cd /home/hmn/hmn/cinera
./setup.sh
${BLUE_BOLD}Start up Caddy${RESET}
2021-08-28 20:36:52 +00:00
systemctl start caddy
2021-08-28 20:36:52 +00:00
${BLUE_BOLD}Deploy the site!${RESET}
2021-08-28 20:36:52 +00:00
2021-08-29 23:11:41 +00:00
make deploy
2021-08-28 20:36:52 +00:00
2021-08-30 00:15:48 +00:00
Run 'make' on its own to see all the other tasks available to you!
2021-08-28 20:36:52 +00:00
HELP