set -exo pipefail
checkpoint=$(cat ./hmn_setup_checkpoint || echo 0)
savecheckpoint() {
echo $1 > ./hmn_setup_checkpoint
do_as() {
sudo -u $1 --preserve-env=PATH bash -s
# Add swap space
if [ $checkpoint -lt 10 ]; then
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
swapon --show
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
sysctl vm.swappiness=10
sysctl vm.vfs_cache_pressure=50
echo 'vm.swappiness=10' >> /etc/sysctl.conf
echo 'vm.vfs_cache_pressure=50' >> /etc/sysctl.conf
savecheckpoint 10
# Configure Linux users
if [ $checkpoint -lt 20 ]; then
groupadd --system caddy
useradd --system \
--gid caddy \
--shell /bin/bash \
--create-home --home-dir /home/caddy \
groupadd --system hmn
useradd --system \
--gid hmn \
--shell /bin/bash \
--create-home --home-dir /home/hmn \
groupadd --system annotations
useradd --system \
--gid annotations \
--shell /bin/bash \
--create-home --home-dir /home/annotations \
savecheckpoint 20
# Install important stuff
if [ $checkpoint -lt 30 ]; then
apt update
apt install -y \
build-essential \
libcurl4-openssl-dev byacc flex \
savecheckpoint 30
# Install Go
if [ $checkpoint -lt 40 ]; then
tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin:/root/go/bin
echo 'export PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.bashrc
go version
do_as hmn <<'SCRIPT'
set -euxo pipefail
echo 'export PATH=$PATH:/usr/local/go/bin:/home/hmn/go/bin' >> ~/.bashrc
go version
savecheckpoint 40
export PATH=$PATH:/usr/local/go/bin:/root/go/bin
# Install Caddy
if [ $checkpoint -lt 50 ]; then
go install
xcaddy build \
--with \
mv caddy /usr/bin
chown root:root /usr/bin/caddy
chmod 755 /usr/bin/caddy
savecheckpoint 50
# Install Postgres
# (instructions at
if [ $checkpoint -lt 60 ]; then
sudo sh -c 'echo "deb $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql
savecheckpoint 60
# Configure Postgres
if [ $checkpoint -lt 70 ]; then
echo "Enter the password for the HMN postgres user:"
sudo -u postgres createuser --createdb --login --pwprompt hmn
2021-08-29 23:11:41 +00:00
savecheckpoint 70
2021-08-28 20:36:52 +00:00
# Set up the folder structure
if [ $checkpoint -lt 80 ]; then
set +x
do_as hmn <<'SCRIPT'
cd ~
mkdir log
mkdir bin
2021-08-29 23:11:41 +00:00
echo 'export PATH=$PATH:/home/hmn/bin' >> ~/.bashrc
savecheckpoint 80
2021-08-29 23:11:41 +00:00
# Set up SSH
if [ $checkpoint -lt 81 ]; then
set +x
do_as hmn <<'SCRIPT'
ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab
git config --global core.sshCommand "ssh -i ~/.ssh/gitlab"
echo ""
echo ""
echo "Copy the following key and add it as a Deploy Key in the project in GitLab ("
echo ""
cat ~/.ssh/
echo ""
echo "Run this script again when you're done - it will continue where it left off."
exit 0
2021-08-29 23:11:41 +00:00
savecheckpoint 81
# This is a special case, where we want to halt the script and allow the
# user to perform an action before moving on.
exit 0
# Test SSH
if [ $checkpoint -lt 82 ]; then
do_as hmn <<'SCRIPT'
set -euxo pipefail
if ! ssh -T -i ~/.ssh/gitlab; then
set +x
echo "Failed to connect to GitLab. Fix the issue and then run this script again."
echo ""
echo "Copy the following key and add it as a Deploy Key in the project in GitLab ("
echo ""
cat ~/.ssh/
echo ""
exit 1
savecheckpoint 82
# Clone the repo
if [ $checkpoint -lt 90 ]; then
do_as hmn <<'SCRIPT'
set -euxo pipefail
cd ~
git clone
2021-08-28 20:36:52 +00:00
savecheckpoint 90
2021-08-28 20:36:52 +00:00
# Copy config files to the right places
if [ $checkpoint -lt 100 ]; then
cp /home/hmn/hmn/server/Caddyfile /home/caddy/Caddyfile
cp /home/hmn/hmn/server/caddy.service /etc/systemd/system/caddy.service
cp /home/hmn/hmn/server/hmn.service /etc/systemd/system/hmn.service
cp /home/hmn/hmn/server/cinera.service /etc/systemd/system/cinera.service
cp /home/hmn/hmn/server/status-email@.service /etc/systemd/system/status-email@.service
chmod 644 /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/hmn.service
chmod 644 /etc/systemd/system/cinera.service
chmod 644 /etc/systemd/system/status-email@.service
cp /home/hmn/hmn/server/logrotate /etc/logrotate.d/hmn
cp /home/hmn/hmn/src/config/config.go.example /home/hmn/hmn/src/config/config.go
cp /home/hmn/hmn/server/hmn.conf.example /home/hmn/hmn/server/hmn.conf
2021-09-04 18:21:11 +00:00
cp /home/hmn/hmn/adminmailer/config.go.example /home/hmn/hmn/adminmailer/config.go
cp /home/hmn/hmn/cinera/cinera.conf.sample /home/hmn/hmn/cinera/cinera.conf
chown hmn:hmn /home/hmn/hmn/src/config/config.go
2021-09-04 14:27:05 +00:00
chown hmn:hmn /home/hmn/hmn/server/hmn.conf
chown hmn:hmn /home/hmn/hmn/cinera/cinera.conf
2021-09-04 14:27:05 +00:00
cp /home/hmn/hmn/server/.s3cfg /home/hmn/.s3cfg
chown hmn:hmn /home/hmn/.s3cfg
chmod 600 /home/hmn/.s3cfg
cp /home/hmn/hmn/server/root.Makefile /root/Makefile
systemctl daemon-reload
2021-08-29 23:11:41 +00:00
savecheckpoint 100
# Set up crons
if [ $checkpoint -lt 105 ]; then
# See
(crontab -l 2>/dev/null; echo "50 4 * * * /home/hmn/hmn/server/") | crontab -
savecheckpoint 105
# Build the site for the first time (despite bad config)
if [ $checkpoint -lt 110 ]; then
do_as hmn <<'SCRIPT'
set -euxo pipefail
cd /home/hmn/hmn
echo "Building the site for the first time. This may take a while..."
2021-08-29 23:11:41 +00:00
go build -v -o /home/hmn/bin/hmn src/main.go
2021-08-29 23:11:41 +00:00
echo 'PATH=$PATH:/home/hmn/bin' >> ~/.bashrc
source ~/.bashrc
savecheckpoint 110
2021-08-28 20:36:52 +00:00
cat <<HELP
Everything has been installed, but before you can run the site, you will need
to edit several config files:
${BLUE_BOLD}Caddy${RESET}: /home/caddy/Caddyfile
Get an API token from Cloudflare and add it to the Caddyfile to allow the
ACME challenge to succeed. The token must have the Zone / Zone / Read and
Zone / DNS / Edit permissions (as laid out in the following links).
2021-08-28 20:36:52 +00:00
the correct domains. (Don't forget to include both the normal and wildcard
Also, in the CGI config, add the name of the Git branch you would like to
use when deploying. For example, a deployment of the beta site should use
2021-08-29 23:11:41 +00:00
the 'beta' branch.
2021-08-28 20:36:52 +00:00
${BLUE_BOLD}Website${RESET}: /home/hmn/hmn/src/config/config.go
First make sure you have Go on your path:
source ~/.bashrc
Then edit the config file using a special make task:
make edit-config
Fill out everything, then rebuild the site:
2021-08-28 20:36:52 +00:00
2021-08-30 00:15:48 +00:00
make build
You don't need to deploy the site yet; wait until you've
configured everything.
2021-08-28 20:36:52 +00:00
${BLUE_BOLD}HMN Environment Vars${RESET}: /home/hmn/hmn/server/hmn.conf
2021-08-28 20:36:52 +00:00
First, go to GitLab and add a webhook with a secret. Set it to trigger on
push events for the branch you are using for deploys.
2021-08-28 21:33:15 +00:00
Then, edit the above file and fill in all the environment vars, including
the secret value from the GitLab webhook.
2021-08-28 20:36:52 +00:00
${BLUE_BOLD}Cinera${RESET}: /home/hmn/hmn/cinera/cinera.conf
2021-08-28 20:36:52 +00:00
Add the correct domain.
2021-09-04 14:27:05 +00:00
${BLUE_BOLD}s3cmd${RESET}: /home/hmn/.s3cfg
Add the DigitalOcean Spaces credentials, and ensure that the bucket info is correct.
2021-09-04 18:21:11 +00:00
${BLUE_BOLD}Admin mailer${RESET}: /home/hmn/hmn/adminmailer/config.go
First make sure you have Go on your path:
source ~/.bashrc
Fill in the config file and build the mailer:
cd /home/hmn/hmn/adminmailer
go build .
${BLUE_BOLD}===== Next steps =====${RESET}
Make sure you have everything on your path:
source ~/.bashrc
2021-09-04 14:27:05 +00:00
Download and restore a database backup:
make download-database
2021-08-28 20:36:52 +00:00
su hmn
cd ~
2021-09-04 14:27:05 +00:00
hmn migrate --list
hmn seedfile <your backup file> <ID of initial migration>
Restore static files:
make restore-static-files
2021-08-28 20:36:52 +00:00
Start up Caddy:
systemctl start caddy
2021-08-28 20:36:52 +00:00
Then deploy the site:
2021-08-28 20:36:52 +00:00
2021-08-29 23:11:41 +00:00
make deploy
2021-08-28 20:36:52 +00:00
Run 'make' on its own to see all the other tasks available to you!
2021-08-28 20:36:52 +00:00