add airtrail-wip, but I don't think I'll deploy it

airtrail-wip/compose.yml

@@ -0,0 +1,32 @@
+services:
+  db:
+    container_name: airtrail_db
+    image: postgres:16-alpine
+    restart: always
+    env_file:
+      - .env
+    environment:
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      - db_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -U ${DB_USERNAME} -d ${DB_DATABASE_NAME}']
+      interval: 5s
+      timeout: 5s
+      retries: 5
+  airtrail:
+    container_name: airtrail
+    image: johly/airtrail:latest
+    restart: always
+    env_file:
+      - .env
+    ports:
+      - 3000:3000
+    depends_on:
+      db:
+        condition: service_healthy
+
+volumes:
+  db_data:

airtrail-wip/container.env.example.sh

@@ -0,0 +1,25 @@
+# Your domain, e.g https://example.com
+# You might have to add :443 if you are using https through a reverse proxy
+ORIGIN=http://localhost:3000
+# If you need to provide multiple domains, uncomment and pass a comma-separated list to ORIGINS instead (replace ORIGIN)
+# ORIGINS=http://localhost:3000,https://flights.example.com
+
+# The database URL used by the application.
+# If you are using the provided docker-compose file, you should only change the "password" part of the URL
+# If you are using your own database, you should change this to the correct URL
+#                          ∨∨∨∨∨∨∨∨
+DB_URL=postgres://airtrail:password@db:5432/airtrail
+#                                   ∧∧
+# Change "db" to "localhost" if you are developing locally
+
+# Values below this line are only for the default provided postgres database
+###################################################################################
+# Connection secret for postgres. You should change it to a random password
+# Please use only the characters `A-Za-z0-9`, without special characters or spaces
+# When you change the DB_PASSWORD, you should also update the DB_URL accordingly
+DB_PASSWORD=password
+
+# The values below this line do not need to be changed
+###################################################################################
+DB_DATABASE_NAME=airtrail
+DB_USERNAME=airtrail

airtrail-wip/deploy.sh

@@ -0,0 +1,121 @@
+#!/bin/bash
+
+set -eu
+
+. ./env.sh
+
+services=("$CONTAINER_PREFIX-$CONTAINER_SERVICE.service"
+    "$CONTAINER_PREFIX-$CONTAINER_DB.service"
+)
+
+for service in "${services[@]}"; do
+    if systemctl --user list-units --full --all | grep -q "$service"; then
+        echo "Stopping $service..."
+        systemctl --user stop $service
+        echo "$service stopped."
+    fi
+done
+containers=(
+    "$CONTAINER_SERVER"
+    "$CONTAINER_DB"
+)
+for container in "${containers[@]}"; do
+  if podman container exists "$container"; then
+    echo "Stop and delete existing container $container"
+    if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
+      podman stop "$container"
+    fi
+    podman rm "$container"
+  fi
+done
+
+mkdir -p "$APP_ROOT"
+mkdir -p "$DB_DIR"
+if ! podman network exists "$NETWORK_NAME"; then
+  podman network create "$NETWORK_NAME"
+fi
+
+podman create \
+  --name "$CONTAINER_DB" \
+  --network "$NETWORK_NAME" \
+  --userns=keep-id \
+  --restart=always \
+  -p "$DB_PORT:5432" \
+  -e POSTGRES_USER="$DB_USER" \
+  -e POSTGRES_PASSWORD="$DB_PASSWORD" \
+  -e POSTGRES_DB="$DB_NAME" \
+  -e POSTGRES_HOST_AUTH_METHOD=trust \
+  -v "$DB_DIR:/var/lib/postgresql/data:Z" \
+  docker.io/library/postgres:16-alpine
+
+podman generate systemd \
+  --new \
+  --name "$CONTAINER_DB" \
+  --files --restart-policy always --container-prefix="$CONTAINER_PREFIX" > /dev/null
+
+mv "$CONTAINER_PREFIX-$CONTAINER_DB.service" "$USER_SYSTEMD"
+
+systemctl --user daemon-reload
+systemctl --user enable --now "$CONTAINER_PREFIX-$CONTAINER_DB.service"
+
+echo "Waiting for database to be ready..."
+until podman exec "$CONTAINER_DB" pg_isready -U "$DB_USER" -d "$DB_NAME"; do
+  sleep 1
+done
+echo "Database is ready."
+
+podman create \
+  --name "$CONTAINER_SERVER" \
+  --network "$NETWORK_NAME" \
+  --restart=always \
+  -e DB_URL="postgres://$DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT/$DB_NAME" \
+  -e ORIGIN="https://$DOMAIN" \
+  -p "$APP_PORT:3000" \
+  docker.io/johly/airtrail:latest
+
+podman generate systemd \
+  --new \
+  --name "$CONTAINER_SERVER" \
+  --files \
+  --restart-policy always \
+  --container-prefix="$CONTAINER_PREFIX"
+
+sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_SERVICE.service
+
+mv "$CONTAINER_PREFIX-$CONTAINER_SERVER.service" "$USER_SYSTEMD"
+systemctl --user daemon-reload
+systemctl --user enable --now "$CONTAINER_PREFIX-$CONTAINER_SERVER.service"
+
+sudo loginctl enable-linger "$USER"
+
+# generate haproxy config
+sudo mkdir -p $HAPROXY_SERVICE_DIR
+echo "crt $SSL_PATH/fullchain.pem" | sudo tee $HAPROXY_SERVICE_DIR/cert.block > /dev/null
+ACL_CFG=$(cat <<EOF
+acl is_airtrail hdr(host) -i $DOMAIN
+use_backend airtrail_backend if is_airtrail
+EOF
+)
+echo "$ACL_CFG" | sudo tee -a $HAPROXY_SERVICE_DIR/acl.block > /dev/null
+BACKEND_CFG=$(cat <<EOF
+backend airtrail_backend
+    mode http
+    option httpchk GET /login HTTP/1.1\r\nHost:\ $DOMAIN
+    option forwardfor
+    option http-server-close
+
+    server airtrailhttp 127.0.0.1:$APP_PORT alpn http/1.1 check
+    # === CORS & proxy headers ===
+    http-request set-header X-Forwarded-For %[src]
+    http-request set-header X-Forwarded-Proto https
+    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
+    http-request set-header X-Real-IP %[src]
+
+    # === WebSocket support ===
+    http-request set-header Connection "upgrade" if { req.hdr(Upgrade) -i websocket }
+    http-request set-header Upgrade "%[req.hdr(Upgrade)]" if { req.hdr(Upgrade) -i websocket }
+EOF
+)
+echo "$BACKEND_CFG" | sudo tee -a $HAPROXY_SERVICE_DIR/backend.block > /dev/null
+
+echo "Deployment completed successfully, run haproxy config to generate the final config file."

airtrail-wip/env.sh

@@ -0,0 +1,23 @@
+# port range 57xx
+DOMAIN=""
+APP_PORT=5730
+APP_ROOT="$HOME/.local/share/airtrail"
+DB_DIR="$APP_ROOT/db"
+CONTAINER_SERVICE="airtrail_server"
+CONTAINER_DB="airtrail_db"
+NETWORK_NAME="airtrail_network"
+
+DB_HOST="host.containers.internal"
+DB_PORT=5731
+DB_USER="airtrail"
+DB_PASSWORD="airtrail"
+DB_NAME="airtrail"
+CONTAINER_PREFIX="airtrail"
+CONTAINER_SERVER="airtrail_server"
+CONTAINER_DB="airtrail_db"
+
+USER_SYSTEMD="$HOME/.config/systemd/user"
+SSL_PATH=$HOME/.config/ssl/$DOMAIN
+HAPROXY_CFG_DIR="/etc/haproxy"
+HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"
+HAPROXY_SERVICE_DIR="$HAPROXY_CFG_DIR/services/$DOMAIN"

airtrail-wip/uninstall.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -eu
+
+. ./env.sh
+services=("$CONTAINER_PREFIX-$CONTAINER_SERVICE.service"
+    "$CONTAINER_PREFIX-$CONTAINER_DB.service"
+)
+for service in "${services[@]}"; do
+    if systemctl --user list-units --full --all | grep -q "$service"; then
+        echo "Stopping $service..."
+        systemctl --user stop $service
+        echo "$service stopped."
+    fi
+done
+
+containers=(
+    "$CONTAINER_SERVER"
+    "$CONTAINER_DB"
+)
+for container in "${containers[@]}"; do
+    if podman container exists "$container"; then
+        echo "Stop and delete existing container $container"
+        if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
+            podman stop "$container"
+        fi
+        podman rm "$container"
+    fi
+done
+
+for service in "${services[@]}"; do
+    systemctl --user disable --now $service
+    rm $USER_SYSTEMD/$service
+done
+
+sudo rm -rf $HAPROXY_CFG_DIR/services/$DOMAIN