Make tons of fixes to server setup

2021-08-29 18:11:41 -05:00 · 2021-08-29 18:11:41 -05:00 · 4204081563
parent 6056f6c1cc
commit 4204081563
4 changed files with 159 additions and 73 deletions
--- a/server/deploy.sh
+++ b/server/deploy.sh
@ -1,21 +1,30 @@
 #!/bin/bash
-# This script should be called with the name of the branch to deploy. ($1 will
+set -eo pipefail
 # be the branch name.)
-set -euo pipefail
+branch=$1
 if [ -z "$branch" ]; then
    echo "Type the name of the branch you would like to deploy: "
    read branch
 fi
-sudo -u hmn bash -s <<SCRIPT
+echo "Deploying branch $branch..."
 do_as() {
    sudo -u $1 --preserve-env=PATH bash -s
 }
 do_as hmn <<SCRIPT
 set -euo pipefail
-pushd /home/hmn/hmn
+cd /home/hmn/hmn
-    git fetch --all
+git fetch --all
-    git reset --hard $1
+git reset --hard origin/$branch
-    go build -o /home/hmn/bin/hmn src/main.go
+go build -o /home/hmn/bin/hmn src/main.go
 popd
 SCRIPT
 echo "Running migrations..."
 systemctl stop hmn
-sudo -u hmn bash -s <<'SCRIPT'
+do_as hmn <<'SCRIPT'
 set -euo pipefail
 /home/hmn/bin/hmn migrate
 SCRIPT
--- a/server/root.Makefile
+++ b/server/root.Makefile
@ -0,0 +1,28 @@
 # from https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
 help: ## Print this help.
 	@#                                                                  wrap text here -> |
 	@#                                                                                    |
 	@echo 'This Makefile contains tasks for the root user only. Most website management'
 	@echo 'commands must be run as a different user account, e.g. hmn or caddy. To become'
 	@echo 'another user, run "su <username>" and then "cd ~".'
 	@echo ''
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort \
 		| sed 's/^.*\/\(.*\)/\1/' \
 		| awk 'BEGIN {FS = ":[^:]*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 deploy:
 	/home/hmn/hmn/server/deploy.sh $1
 edit-config:
 	vim /home/hmn/hmn/src/config/config.go
 	@echo 'Now that you have edited the config, you probably want to re-deploy the site:'
 	@echo ''
 	@echo '    make deploy'
 	@echo ''
 logs-hmn: ## View logs for the website
 	journalctl -u hmn.service -f
 logs-caddy: ## View logs for Caddy
 	journalctl -u caddy.service -f
--- a/server/serversetup.sh
+++ b/server/serversetup.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-set -euxo pipefail
+set -exo pipefail
 BLUE_BOLD=$'\e[1;34m'
 RESET=$'\e[0m'
@ -11,11 +11,13 @@ savecheckpoint() {
    echo $1 > ./hmn_setup_checkpoint
 }
 do_as() {
    sudo -u $1 --preserve-env=PATH bash -s
 }
 # Add swap space
 # https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-ubuntu-20-04
 if [ $checkpoint -lt 10 ]; then
    savecheckpoint 10
    fallocate -l 1G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
@ -26,12 +28,12 @@ if [ $checkpoint -lt 10 ]; then
    sysctl vm.vfs_cache_pressure=50
    echo 'vm.swappiness=10' >> /etc/sysctl.conf
    echo 'vm.vfs_cache_pressure=50' >> /etc/sysctl.conf
    savecheckpoint 10
 fi
 # Configure Linux users
 if [ $checkpoint -lt 20 ]; then
    savecheckpoint 20
    groupadd --system caddy
    useradd --system \
        --gid caddy \
@ -50,33 +52,43 @@ if [ $checkpoint -lt 20 ]; then
        --shell /bin/bash \
        --create-home --home-dir /home/annotations \
        annotations
    savecheckpoint 20
 fi
 # Install important stuff
 if [ $checkpoint -lt 30 ]; then
    savecheckpoint 30
    apt update
    apt install -y \
        build-essential \
        libcurl4-openssl-dev byacc flex
    savecheckpoint 30
 fi
 # Install Go
 if [ $checkpoint -lt 40 ]; then
    savecheckpoint 40
    wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
    tar -C /usr/local -xzf go1.17.linux-amd64.tar.gz
-    echo 'PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.bash_profile
+    
-    source ~/.bash_profile
+    export PATH=$PATH:/usr/local/go/bin:/root/go/bin
    echo 'export PATH=$PATH:/usr/local/go/bin:/root/go/bin' >> ~/.bashrc
    go version
    do_as hmn <<'SCRIPT'
        set -euxo pipefail
        echo 'export PATH=$PATH:/usr/local/go/bin:/home/hmn/go/bin' >> ~/.bashrc
        go version
 SCRIPT
    savecheckpoint 40
 fi
 export PATH=$PATH:/usr/local/go/bin:/root/go/bin
 # Install Caddy
 # https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-18-04
 if [ $checkpoint -lt 50 ]; then
    savecheckpoint 50
    go install github.com/caddyserver/xcaddy/cmd/xcaddy@v0.1.9
    xcaddy build \
        --with github.com/caddy-dns/cloudflare \
@ -84,41 +96,47 @@ if [ $checkpoint -lt 50 ]; then
    mv caddy /usr/bin
    chown root:root /usr/bin/caddy
    chmod 755 /usr/bin/caddy
    savecheckpoint 50
 fi
 # Install Postgres
 # (instructions at https://www.postgresql.org/download/linux/ubuntu/)
 if [ $checkpoint -lt 60 ]; then
    savecheckpoint 60
    sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
    wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
    sudo apt-get update
    sudo apt-get -y install postgresql
    savecheckpoint 60
 fi
 # Configure Postgres
 # TODO: This was supposed to create a user without a password - why didn't it?
 # ...or was it?
 if [ $checkpoint -lt 70 ]; then
-    savecheckpoint 70
+    echo "Enter the password for the HMN postgres user:"
    sudo -u postgres createuser --createdb --login --pwprompt hmn
    savecheckpoint 70
 fi
-# Set up the folder structure, clone the repo
+# Set up the folder structure
 if [ $checkpoint -lt 80 ]; then
-    savecheckpoint 80
+    set +x
    sudo -u hmn bash -s <<'SCRIPT'
        set -euxo pipefail
    do_as hmn <<'SCRIPT'
        cd ~
        mkdir log
        mkdir bin
-        echo 'PATH=$PATH:/usr/local/go/bin:/home/hmn/bin' >> ~/.bash_profile
+        echo 'export PATH=$PATH:/home/hmn/bin' >> ~/.bashrc
-        source ~/.bash_profile
+SCRIPT
    savecheckpoint 80
 fi
 # Set up SSH
 if [ $checkpoint -lt 81]
    do_as hmn <<'SCRIPT'
        ssh-keygen -t ed25519 -C "beta-server" -N "" -f ~/.ssh/gitlab
        git config --global core.sshCommand "ssh -i ~/.ssh/gitlab"
        echo ""
@ -127,35 +145,52 @@ if [ $checkpoint -lt 80 ]; then
        echo ""
        cat ~/.ssh/gitlab.pub
        echo ""
-        echo "Press enter to continue when you're done."
+        echo "Run this script again when you're done - it will continue where it left off."
-        read
+        exit 0
        while true ; do
            ssh -T git@gitssh.handmade.network && break || true
            echo "Failed to connect to GitLab. Fix the issue and then try again. (Press enter when you're done.)"
            read
        done
 SCRIPT
-    echo 'PATH=$PATH:/home/hmn/bin' >> ~/.bash_profile
+    savecheckpoint 81
-    source ~/.bash_profile
+
    # This is a special case, where we want to halt the script and allow the
    # user to perform an action before moving on.
    exit 0
 fi
-if [ $checkpoint -lt 90 ]; then
+# Test SSH
-    savecheckpoint 90
+if [ $checkpoint -lt 82 ]; then
    do_as hmn <<'SCRIPT'
        set -euxo pipefail
-    sudo -u hmn bash -s <<'SCRIPT'
+        if ! ssh -T -i ~/.ssh/gitlab git@gitssh.handmade.network; then
            set +x
            echo "Failed to connect to GitLab. Fix the issue and then run this script again."
            echo ""
            echo "Copy the following key and add it as a Deploy Key in the project in GitLab (https://git.handmade.network/hmn/hmn/-/settings/ci_cd#js-deploy-keys-settings):"
            echo ""
            cat ~/.ssh/gitlab.pub
            echo ""
            exit 1
        fi
 SCRIPT
    savecheckpoint 82
 fi
 # Clone the repo
 if [ $checkpoint -lt 90 ]; then
    do_as hmn <<'SCRIPT'
        set -euxo pipefail
        cd ~
        git clone git@gitssh.handmade.network:hmn/hmn.git
 SCRIPT
    savecheckpoint 90
 fi
 # Copy config files to the right places
 if [ $checkpoint -lt 100 ]; then
    savecheckpoint 100
    cp /home/hmn/hmn/server/Caddyfile /home/caddy/Caddyfile
    cp /home/hmn/hmn/server/caddy.service /etc/systemd/system/caddy.service
@ -170,21 +205,31 @@ if [ $checkpoint -lt 100 ]; then
    cp /home/hmn/hmn/src/config/config.go.example /home/hmn/hmn/src/config/config.go
    cp /home/hmn/hmn/server/deploy.conf.example /home/hmn/hmn/server/deploy.conf
    cp /home/hmn/hmn/cinera/cinera.conf.sample /home/hmn/hmn/cinera/cinera.conf
    chown hmn:hmn /home/hmn/hmn/src/config/config.go
    chown hmn:hmn /home/hmn/hmn/server/deploy.conf
    chown hmn:hmn /home/hmn/hmn/cinera/cinera.conf
    cp /home/hmn/hmn/server/root.Makefile /root/Makefile
    systemctl daemon-reload
    savecheckpoint 100
 fi
 # Build the site for the first time (despite bad config)
 if [ $checkpoint -lt 110 ]; then    
-    savecheckpoint 110
+    do_as hmn <<'SCRIPT'
    sudo -u hmn bash -s <<'SCRIPT'
        set -euxo pipefail
        cd /home/hmn/hmn
        echo "Building the site for the first time. This may take a while..."
-        go build -o /home/hmn/bin/hmn src/main.go
+        go build -v -o /home/hmn/bin/hmn src/main.go
 SCRIPT
    echo 'PATH=$PATH:/home/hmn/bin' >> ~/.bashrc
    source ~/.bashrc
    savecheckpoint 110
 fi
 cat <<HELP
@ -206,7 +251,7 @@ ${BLUE_BOLD}Caddy${RESET}: /home/caddy/Caddyfile
    Also, in the CGI config, add the name of the Git branch you would like to
    use when deploying. For example, a deployment of the beta site should use
-    the `beta` branch.
+    the 'beta' branch.
 ${BLUE_BOLD}Monit${RESET}: ~/.monitrc
@ -239,18 +284,22 @@ ${BLUE_BOLD}Cinera${RESET}: /home/hmn/hmn/cinera/cinera.conf
 ${BLUE_BOLD}===== Next steps =====${RESET}
 Make sure you have everything on your path:
    source ~/.bashrc
 Restore a database backup:
    su hmn
    cd ~
-    /home/hmn/bin/hmn seedfile <I dunno man figure it out>
+    hmn seedfile <I dunno man figure it out>
 Start up Caddy:
    systemctl start caddy
-Then run the deploy script:
+Then deploy the site:
-    /home/hmn/hmn/server/deploy.sh
+    make deploy
 HELP
--- a/src/config/config.go.example
+++ b/src/config/config.go.example
@ -10,16 +10,16 @@ var Config = HMNConfig{
 	Addr:        ":9001",
 	PrivateAddr: ":9002",
 	BaseUrl:     "http://handmade.local:9001",
-	LogLevel:    zerolog.TraceLevel,
+	LogLevel:    zerolog.TraceLevel, // InfoLevel is recommended for production
 	Postgres: PostgresConfig{
 		User:     "hmn",
 		Password: "password",
 		Hostname: "handmade.local",
 		Port:     5432,
 		DbName:   "hmn",
-		LogLevel: pgx.LogLevelTrace,
+		LogLevel: pgx.LogLevelTrace, // LogLevelWarn is recommended for production
 		MinConn:  2, // Keep these low for dev, high for production
-		MaxConn:  2,
+		MaxConn:  10,
 	},
 	Auth: AuthConfig{
 		CookieDomain: ".handmade.local",