add airtrail-wip, but I don't think I'll deploy it

airtrail-wip/deploy.sh

@@ -0,0 +1,121 @@
+#!/bin/bash
+
+set -eu
+
+. ./env.sh
+
+services=("$CONTAINER_PREFIX-$CONTAINER_SERVICE.service"
+    "$CONTAINER_PREFIX-$CONTAINER_DB.service"
+)
+
+for service in "${services[@]}"; do
+    if systemctl --user list-units --full --all | grep -q "$service"; then
+        echo "Stopping $service..."
+        systemctl --user stop $service
+        echo "$service stopped."
+    fi
+done
+containers=(
+    "$CONTAINER_SERVER"
+    "$CONTAINER_DB"
+)
+for container in "${containers[@]}"; do
+  if podman container exists "$container"; then
+    echo "Stop and delete existing container $container"
+    if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
+      podman stop "$container"
+    fi
+    podman rm "$container"
+  fi
+done
+
+mkdir -p "$APP_ROOT"
+mkdir -p "$DB_DIR"
+if ! podman network exists "$NETWORK_NAME"; then
+  podman network create "$NETWORK_NAME"
+fi
+
+podman create \
+  --name "$CONTAINER_DB" \
+  --network "$NETWORK_NAME" \
+  --userns=keep-id \
+  --restart=always \
+  -p "$DB_PORT:5432" \
+  -e POSTGRES_USER="$DB_USER" \
+  -e POSTGRES_PASSWORD="$DB_PASSWORD" \
+  -e POSTGRES_DB="$DB_NAME" \
+  -e POSTGRES_HOST_AUTH_METHOD=trust \
+  -v "$DB_DIR:/var/lib/postgresql/data:Z" \
+  docker.io/library/postgres:16-alpine
+
+podman generate systemd \
+  --new \
+  --name "$CONTAINER_DB" \
+  --files --restart-policy always --container-prefix="$CONTAINER_PREFIX" > /dev/null
+
+mv "$CONTAINER_PREFIX-$CONTAINER_DB.service" "$USER_SYSTEMD"
+
+systemctl --user daemon-reload
+systemctl --user enable --now "$CONTAINER_PREFIX-$CONTAINER_DB.service"
+
+echo "Waiting for database to be ready..."
+until podman exec "$CONTAINER_DB" pg_isready -U "$DB_USER" -d "$DB_NAME"; do
+  sleep 1
+done
+echo "Database is ready."
+
+podman create \
+  --name "$CONTAINER_SERVER" \
+  --network "$NETWORK_NAME" \
+  --restart=always \
+  -e DB_URL="postgres://$DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT/$DB_NAME" \
+  -e ORIGIN="https://$DOMAIN" \
+  -p "$APP_PORT:3000" \
+  docker.io/johly/airtrail:latest
+
+podman generate systemd \
+  --new \
+  --name "$CONTAINER_SERVER" \
+  --files \
+  --restart-policy always \
+  --container-prefix="$CONTAINER_PREFIX"
+
+sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_SERVICE.service
+
+mv "$CONTAINER_PREFIX-$CONTAINER_SERVER.service" "$USER_SYSTEMD"
+systemctl --user daemon-reload
+systemctl --user enable --now "$CONTAINER_PREFIX-$CONTAINER_SERVER.service"
+
+sudo loginctl enable-linger "$USER"
+
+# generate haproxy config
+sudo mkdir -p $HAPROXY_SERVICE_DIR
+echo "crt $SSL_PATH/fullchain.pem" | sudo tee $HAPROXY_SERVICE_DIR/cert.block > /dev/null
+ACL_CFG=$(cat <<EOF
+acl is_airtrail hdr(host) -i $DOMAIN
+use_backend airtrail_backend if is_airtrail
+EOF
+)
+echo "$ACL_CFG" | sudo tee -a $HAPROXY_SERVICE_DIR/acl.block > /dev/null
+BACKEND_CFG=$(cat <<EOF
+backend airtrail_backend
+    mode http
+    option httpchk GET /login HTTP/1.1\r\nHost:\ $DOMAIN
+    option forwardfor
+    option http-server-close
+
+    server airtrailhttp 127.0.0.1:$APP_PORT alpn http/1.1 check
+    # === CORS & proxy headers ===
+    http-request set-header X-Forwarded-For %[src]
+    http-request set-header X-Forwarded-Proto https
+    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
+    http-request set-header X-Real-IP %[src]
+
+    # === WebSocket support ===
+    http-request set-header Connection "upgrade" if { req.hdr(Upgrade) -i websocket }
+    http-request set-header Upgrade "%[req.hdr(Upgrade)]" if { req.hdr(Upgrade) -i websocket }
+EOF
+)
+echo "$BACKEND_CFG" | sudo tee -a $HAPROXY_SERVICE_DIR/backend.block > /dev/null
+
+echo "Deployment completed successfully, run haproxy config to generate the final config file."