Modify deploy and env

affine/deploy.sh

@@ -49,7 +49,6 @@ podman generate systemd \
   --files --restart-policy always --container-prefix=affine > /dev/null
 mv $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service ./systemd-units/
 
-USER_SYSTEMD="$HOME/.config/systemd/user"
 mkdir -p $USER_SYSTEMD
 cp ./systemd-units/*.service $USER_SYSTEMD
 systemctl --user daemon-reexec
@@ -84,6 +83,11 @@ podman create \
   -p $AFFINE_PORT:3010 \
   -e REDIS_SERVER_HOST=$REDIS_SERVER_HOST \
   -e DATABASE_URL="postgresql://$DB_USERNAME:$DB_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DB_DATABASE" \
+  -e MAILER_HOST=$SMTP_HOST \
+  -e MAILER_SENDER=$SMTP_FROM \
+  -e MAILER_PORT=$SMTP_PORT \
+  -e MAILER_USER=$SMTP_USERNAME \
+  -e MAILER_PASSWORD=$SMTP_PASSWORD \
   -v "$UPLOAD_LOCATION:/root/.affine/storage:Z" \
   -v "$CONFIG_LOCATION:/root/.affine/config:Z" \
   ghcr.io/toeverything/affine-graphql:$AFFINE_REVISION
@@ -102,4 +106,34 @@ systemctl --user start $CONTAINER_PREFIX-$CONTAINER_SERVER.service
 
 rm -r ./systemd-units
 
+# generate haproxy blocks
+sudo mkdir -p $SERVICE_DIR
+echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
+ACL_CFG=$(cat <<EOF
+acl is_affine hdr(host) -i $DOMAIN
+use_backend affine_backend if is_affine
+EOF
+)
+echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
+BACKEND_CFG=$(cat <<EOF
+backend affine_backend
+    mode http
+    option http-server-close
+    option forwardfor
+
+    server affine1 127.0.0.1:3010 check
+
+    # === CORS & proxy headers ===
+    http-request set-header X-Forwarded-For %[src]
+    http-request set-header X-Forwarded-Proto https
+    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
+    http-request set-header X-Real-IP %[src]
+
+    # === WebSocket support ===
+    http-request set-header Connection "upgrade" if { req.hdr(Upgrade) -i websocket }
+    http-request set-header Upgrade "%[req.hdr(Upgrade)]" if { req.hdr(Upgrade) -i websocket }
+EOF
+)
+echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
+
 sudo loginctl enable-linger $USER

affine/env.sh

@@ -3,6 +3,8 @@ AFFINE_REVISION=stable
 
 NETWORK="affine_net"
 
+DOMAIN=""
+
 # set the port for the server container it will expose the server on
 AFFINE_PORT=3010
 
@@ -19,6 +21,13 @@ UPLOAD_LOCATION=$HOME/.affine/self-host/storage
 # position of the configuration files to persist
 CONFIG_LOCATION=$HOME/.affine/self-host/config
 
+# mailer
+SMTP_HOST=""
+SMTP_FROM=""
+SMTP_PORT="587"
+SMTP_USERNAME=""
+SMTP_PASSWORD=""
+
 REDIS_SERVER_HOST="host.containers.internal"
 REDIS_SERVER_PORT="6379"
 
@@ -33,4 +42,11 @@ DB_DATABASE=affine
 CONTAINER_PREFIX="affine"
 CONTAINER_REDIS="affine_redis"
 CONTAINER_POSTGRES="affine_postgres"
-CONTAINER_SERVER="affine_server"
+CONTAINER_SERVER="affine_server"
+
+USER_SYSTEMD="$HOME/.config/systemd/user"
+
+SSL_PATH=$HOME/.config/ssl/$DOMAIN
+HAPROXY_CFG_DIR="/etc/haproxy"
+HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"
+SERVICE_DIR="$HAPROXY_CFG_DIR/services/$DOMAIN"