affine/deploy.sh

#!/bin/bash
set -e

. ./env.sh

if systemctl --user list-units --full --all | grep -q "$CONTAINER_PREFIX-$CONTAINER_SERVER.service"; then
  systemctl --user stop $CONTAINER_PREFIX-$CONTAINER_SERVER.service
fi

if systemctl --user list-units --full --all | grep -q "$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service"; then
  systemctl --user stop $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service
fi

if systemctl --user list-units --full --all | grep -q "$CONTAINER_PREFIX-$CONTAINER_REDIS.service"; then
  systemctl --user stop $CONTAINER_PREFIX-$CONTAINER_REDIS.service
fi

if ! podman network exists $NETWORK; then
  podman network create $NETWORK
fi

mkdir -p ./systemd-units
podman create \
  --name $CONTAINER_REDIS \
  --network $NETWORK \
  -p $REDIS_SERVER_PORT:$REDIS_SERVER_PORT \
  docker.io/library/redis
podman generate systemd \
  --new \
  --name $CONTAINER_REDIS \
  --files --restart-policy always --container-prefix=affine > /dev/null
mv $CONTAINER_PREFIX-$CONTAINER_REDIS.service ./systemd-units/


podman create \
  --name $CONTAINER_POSTGRES \
  --network $NETWORK \
  -p $DATABASE_PORT:$DATABASE_PORT \
  -e POSTGRES_USER=$DB_USERNAME \
  -e POSTGRES_PASSWORD=$DB_PASSWORD \
  -e POSTGRES_DB=$DB_DATABASE \
  -e POSTGRES_HOST_AUTH_METHOD=trust \
  -v "$DB_DATA_LOCATION:/var/lib/postgresql/data:Z" \
  docker.io/library/postgres:16

podman generate systemd \
  --new \
  --name $CONTAINER_POSTGRES \
  --files --restart-policy always --container-prefix=affine > /dev/null
mv $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service ./systemd-units/

mkdir -p $USER_SYSTEMD
cp ./systemd-units/*.service $USER_SYSTEMD
systemctl --user daemon-reexec
systemctl --user daemon-reload
systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_REDIS.service
systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service
systemctl --user start $CONTAINER_PREFIX-$CONTAINER_REDIS.service
systemctl --user start $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service


echo "Wait for PostgreSQL..."
until podman exec affine_postgres pg_isready -U "$DB_USERNAME" -d "$DB_DATABASE" > /dev/null 2>&1; do
  sleep 2
done
echo "PostgreSQL ready"


podman run --rm \
  --name affine_migration_job \
  --network $NETWORK \
  -e REDIS_SERVER_HOST=$REDIS_SERVER_HOST \
  -e DATABASE_URL="postgresql://$DB_USERNAME:$DB_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DB_DATABASE" \
  -v "$UPLOAD_LOCATION:/root/.affine/storage:Z" \
  -v "$CONFIG_LOCATION:/root/.affine/config:Z" \
  ghcr.io/toeverything/affine-graphql:$AFFINE_REVISION \
  sh -c 'node ./scripts/self-host-predeploy.js'


podman create \
  --name $CONTAINER_SERVER \
  --network $NETWORK \
  -p $AFFINE_PORT:3010 \
  -e REDIS_SERVER_HOST=$REDIS_SERVER_HOST \
  -e DATABASE_URL="postgresql://$DB_USERNAME:$DB_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DB_DATABASE" \
  -e MAILER_HOST=$SMTP_HOST \
  -e MAILER_SENDER=$SMTP_FROM \
  -e MAILER_PORT=$SMTP_PORT \
  -e MAILER_USER=$SMTP_USERNAME \
  -e MAILER_PASSWORD=$SMTP_PASSWORD \
  -v "$UPLOAD_LOCATION:/root/.affine/storage:Z" \
  -v "$CONFIG_LOCATION:/root/.affine/config:Z" \
  ghcr.io/toeverything/affine-graphql:$AFFINE_REVISION

podman generate systemd \
  --new \
  --name $CONTAINER_SERVER \
  --files --restart-policy always --container-prefix=affine > /dev/null
mv $CONTAINER_PREFIX-$CONTAINER_SERVER.service ./systemd-units/
sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service\nRequires=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service" ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service

cp ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_SERVER.service
systemctl --user start $CONTAINER_PREFIX-$CONTAINER_SERVER.service

rm -r ./systemd-units

# generate haproxy blocks
sudo mkdir -p $SERVICE_DIR
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
ACL_CFG=$(cat <<EOF
acl is_affine hdr(host) -i $DOMAIN
use_backend affine_backend if is_affine
EOF
)
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
BACKEND_CFG=$(cat <<EOF
backend affine_backend
    mode http
    option http-server-close
    option forwardfor

    server affine1 127.0.0.1:3010 check

    # === CORS & proxy headers ===
    http-request set-header X-Forwarded-For %[src]
    http-request set-header X-Forwarded-Proto https
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Real-IP %[src]

    # === WebSocket support ===
    http-request set-header Connection "upgrade" if { req.hdr(Upgrade) -i websocket }
    http-request set-header Upgrade "%[req.hdr(Upgrade)]" if { req.hdr(Upgrade) -i websocket }
EOF
)
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null

sudo loginctl enable-linger $USER
Affine deploy script based on official compose file 2025-05-02 20:38:15 +02:00			`#!/bin/bash`
			`set -e`

			`. ./env.sh`

			`if systemctl --user list-units --full --all \| grep -q "$CONTAINER_PREFIX-$CONTAINER_SERVER.service"; then`
			`systemctl --user stop $CONTAINER_PREFIX-$CONTAINER_SERVER.service`
			`fi`

			`if systemctl --user list-units --full --all \| grep -q "$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service"; then`
			`systemctl --user stop $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service`
			`fi`

			`if systemctl --user list-units --full --all \| grep -q "$CONTAINER_PREFIX-$CONTAINER_REDIS.service"; then`
			`systemctl --user stop $CONTAINER_PREFIX-$CONTAINER_REDIS.service`
			`fi`

			`if ! podman network exists $NETWORK; then`
			`podman network create $NETWORK`
			`fi`

			`mkdir -p ./systemd-units`
			`podman create \`
			`--name $CONTAINER_REDIS \`
			`--network $NETWORK \`
			`-p $REDIS_SERVER_PORT:$REDIS_SERVER_PORT \`
			`docker.io/library/redis`
			`podman generate systemd \`
			`--new \`
			`--name $CONTAINER_REDIS \`
			`--files --restart-policy always --container-prefix=affine > /dev/null`
			`mv $CONTAINER_PREFIX-$CONTAINER_REDIS.service ./systemd-units/`


			`podman create \`
			`--name $CONTAINER_POSTGRES \`
			`--network $NETWORK \`
			`-p $DATABASE_PORT:$DATABASE_PORT \`
			`-e POSTGRES_USER=$DB_USERNAME \`
			`-e POSTGRES_PASSWORD=$DB_PASSWORD \`
			`-e POSTGRES_DB=$DB_DATABASE \`
			`-e POSTGRES_HOST_AUTH_METHOD=trust \`
			`-v "$DB_DATA_LOCATION:/var/lib/postgresql/data:Z" \`
			`docker.io/library/postgres:16`

			`podman generate systemd \`
			`--new \`
			`--name $CONTAINER_POSTGRES \`
			`--files --restart-policy always --container-prefix=affine > /dev/null`
			`mv $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service ./systemd-units/`

			`mkdir -p $USER_SYSTEMD`
			`cp ./systemd-units/*.service $USER_SYSTEMD`
			`systemctl --user daemon-reexec`
			`systemctl --user daemon-reload`
			`systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_REDIS.service`
			`systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service`
			`systemctl --user start $CONTAINER_PREFIX-$CONTAINER_REDIS.service`
			`systemctl --user start $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service`


			`echo "Wait for PostgreSQL..."`
			`until podman exec affine_postgres pg_isready -U "$DB_USERNAME" -d "$DB_DATABASE" > /dev/null 2>&1; do`
			`sleep 2`
			`done`
			`echo "PostgreSQL ready"`


			`podman run --rm \`
			`--name affine_migration_job \`
			`--network $NETWORK \`
			`-e REDIS_SERVER_HOST=$REDIS_SERVER_HOST \`
			`-e DATABASE_URL="postgresql://$DB_USERNAME:$DB_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DB_DATABASE" \`
			`-v "$UPLOAD_LOCATION:/root/.affine/storage:Z" \`
			`-v "$CONFIG_LOCATION:/root/.affine/config:Z" \`
			`ghcr.io/toeverything/affine-graphql:$AFFINE_REVISION \`
			`sh -c 'node ./scripts/self-host-predeploy.js'`


			`podman create \`
			`--name $CONTAINER_SERVER \`
			`--network $NETWORK \`
			`-p $AFFINE_PORT:3010 \`
			`-e REDIS_SERVER_HOST=$REDIS_SERVER_HOST \`
			`-e DATABASE_URL="postgresql://$DB_USERNAME:$DB_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DB_DATABASE" \`
Modify deploy and env 2025-05-04 16:36:45 +02:00			`-e MAILER_HOST=$SMTP_HOST \`
			`-e MAILER_SENDER=$SMTP_FROM \`
			`-e MAILER_PORT=$SMTP_PORT \`
			`-e MAILER_USER=$SMTP_USERNAME \`
			`-e MAILER_PASSWORD=$SMTP_PASSWORD \`
Affine deploy script based on official compose file 2025-05-02 20:38:15 +02:00			`-v "$UPLOAD_LOCATION:/root/.affine/storage:Z" \`
			`-v "$CONFIG_LOCATION:/root/.affine/config:Z" \`
			`ghcr.io/toeverything/affine-graphql:$AFFINE_REVISION`

			`podman generate systemd \`
			`--new \`
			`--name $CONTAINER_SERVER \`
			`--files --restart-policy always --container-prefix=affine > /dev/null`
			`mv $CONTAINER_PREFIX-$CONTAINER_SERVER.service ./systemd-units/`
			`sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service\nRequires=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service" ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service`

			`cp ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service $USER_SYSTEMD`
			`systemctl --user daemon-reload`
			`systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_SERVER.service`
			`systemctl --user start $CONTAINER_PREFIX-$CONTAINER_SERVER.service`

			`rm -r ./systemd-units`

Modify deploy and env 2025-05-04 16:36:45 +02:00			`# generate haproxy blocks`
			`sudo mkdir -p $SERVICE_DIR`
			`echo "crt $SSL_PATH/fullchain.pem" \| sudo tee $SERVICE_DIR/cert.block > /dev/null`
			`ACL_CFG=$(cat <<EOF`
			`acl is_affine hdr(host) -i $DOMAIN`
			`use_backend affine_backend if is_affine`
			`EOF`
			`)`
			`echo "$ACL_CFG" \| sudo tee $SERVICE_DIR/acl.block > /dev/null`
			`BACKEND_CFG=$(cat <<EOF`
			`backend affine_backend`
			`mode http`
			`option http-server-close`
			`option forwardfor`

			`server affine1 127.0.0.1:3010 check`

			`# === CORS & proxy headers ===`
			`http-request set-header X-Forwarded-For %[src]`
			`http-request set-header X-Forwarded-Proto https`
			`http-request set-header X-Forwarded-Host %[req.hdr(Host)]`
			`http-request set-header X-Real-IP %[src]`

			`# === WebSocket support ===`
			`http-request set-header Connection "upgrade" if { req.hdr(Upgrade) -i websocket }`
			`http-request set-header Upgrade "%[req.hdr(Upgrade)]" if { req.hdr(Upgrade) -i websocket }`
			`EOF`
			`)`
			`echo "$BACKEND_CFG" \| sudo tee $SERVICE_DIR/backend.block > /dev/null`

Affine deploy script based on official compose file 2025-05-02 20:38:15 +02:00			`sudo loginctl enable-linger $USER`