178 lines
6.1 KiB
Bash
Executable File
178 lines
6.1 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
. ./env.sh
|
|
|
|
services=("$CONTAINER_PREFIX-$CONTAINER_SERVER.service"
|
|
"$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service"
|
|
"$CONTAINER_PREFIX-$CONTAINER_REDIS.service"
|
|
)
|
|
|
|
for service in "${services[@]}"; do
|
|
if systemctl --user list-units --full --all | grep -q "$service"; then
|
|
echo "Stopping $service..."
|
|
systemctl --user stop $service
|
|
echo "$service stopped."
|
|
fi
|
|
done
|
|
|
|
containers=(
|
|
"$CONTAINER_SERVER"
|
|
"$CONTAINER_POSTGRES"
|
|
"$CONTAINER_REDIS"
|
|
)
|
|
|
|
for container in "${containers[@]}"; do
|
|
if podman container exists "$container"; then
|
|
echo "Stop and delete existing container $container"
|
|
if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
|
|
podman stop "$container"
|
|
fi
|
|
podman rm "$container"
|
|
fi
|
|
done
|
|
|
|
if ! podman network exists $NETWORK; then
|
|
podman network create $NETWORK
|
|
fi
|
|
|
|
mkdir -p ./systemd-units
|
|
mkdir -p $DB_DATA_LOCATION
|
|
mkdir -p $UPLOAD_LOCATION
|
|
mkdir -p $CONFIG_LOCATION
|
|
podman create \
|
|
--name $CONTAINER_REDIS \
|
|
--network $NETWORK \
|
|
-p $REDIS_SERVER_PORT:$REDIS_SERVER_PORT \
|
|
docker.io/library/redis
|
|
podman generate systemd \
|
|
--new \
|
|
--name $CONTAINER_REDIS \
|
|
--files --restart-policy always --container-prefix=affine > /dev/null
|
|
mv $CONTAINER_PREFIX-$CONTAINER_REDIS.service ./systemd-units/
|
|
|
|
|
|
podman create \
|
|
--name $CONTAINER_POSTGRES \
|
|
--network $NETWORK \
|
|
-p $DATABASE_PORT:$DATABASE_PORT \
|
|
-e POSTGRES_USER=$DB_USERNAME \
|
|
-e POSTGRES_PASSWORD=$DB_PASSWORD \
|
|
-e POSTGRES_DB=$DB_DATABASE \
|
|
-e POSTGRES_HOST_AUTH_METHOD=trust \
|
|
-v "$DB_DATA_LOCATION:/var/lib/postgresql/data:Z" \
|
|
docker.io/library/postgres:16
|
|
|
|
podman generate systemd \
|
|
--new \
|
|
--name $CONTAINER_POSTGRES \
|
|
--files --restart-policy always --container-prefix=affine > /dev/null
|
|
mv $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service ./systemd-units/
|
|
|
|
mkdir -p $USER_SYSTEMD
|
|
cp ./systemd-units/*.service $USER_SYSTEMD
|
|
systemctl --user daemon-reexec
|
|
systemctl --user daemon-reload
|
|
systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_REDIS.service
|
|
systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service
|
|
systemctl --user start $CONTAINER_PREFIX-$CONTAINER_REDIS.service
|
|
systemctl --user start $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service
|
|
|
|
|
|
echo "Wait for PostgreSQL..."
|
|
until podman exec affine_postgres pg_isready -U "$DB_USERNAME" -d "$DB_DATABASE" > /dev/null 2>&1; do
|
|
sleep 2
|
|
done
|
|
echo "PostgreSQL ready"
|
|
|
|
|
|
podman run --rm \
|
|
--name affine_migration_job \
|
|
--network $NETWORK \
|
|
-e REDIS_SERVER_HOST=$REDIS_SERVER_HOST \
|
|
-e DATABASE_URL="postgresql://$DB_USERNAME:$DB_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DB_DATABASE" \
|
|
-v "$UPLOAD_LOCATION:/root/.affine/storage:Z" \
|
|
-v "$CONFIG_LOCATION:/root/.affine/config:Z" \
|
|
ghcr.io/toeverything/affine-graphql:$AFFINE_REVISION \
|
|
sh -c 'node ./scripts/self-host-predeploy.js'
|
|
|
|
|
|
podman create \
|
|
--name $CONTAINER_SERVER \
|
|
--network $NETWORK \
|
|
-p $AFFINE_PORT:3010 \
|
|
-e REDIS_SERVER_HOST=$REDIS_SERVER_HOST \
|
|
-e DATABASE_URL="postgresql://$DB_USERNAME:$DB_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DB_DATABASE" \
|
|
-e MAILER_HOST=$SMTP_HOST \
|
|
-e MAILER_SENDER=$SMTP_FROM \
|
|
-e MAILER_PORT=$SMTP_PORT \
|
|
-e MAILER_USER=$SMTP_USERNAME \
|
|
-e MAILER_PASSWORD=$SMTP_PASSWORD \
|
|
-v "$UPLOAD_LOCATION:/root/.affine/storage:Z" \
|
|
-v "$CONFIG_LOCATION:/root/.affine/config:Z" \
|
|
ghcr.io/toeverything/affine-graphql:$AFFINE_REVISION
|
|
|
|
podman generate systemd \
|
|
--new \
|
|
--name $CONTAINER_SERVER \
|
|
--files --restart-policy always --container-prefix=affine > /dev/null
|
|
mv $CONTAINER_PREFIX-$CONTAINER_SERVER.service ./systemd-units/
|
|
sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service\nRequires=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service" ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service
|
|
|
|
cp ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service $USER_SYSTEMD
|
|
systemctl --user daemon-reload
|
|
systemctl --user enable $CONTAINER_PREFIX-$CONTAINER_SERVER.service
|
|
systemctl --user start $CONTAINER_PREFIX-$CONTAINER_SERVER.service
|
|
|
|
rm -r ./systemd-units
|
|
|
|
# generate haproxy blocks
|
|
sudo mkdir -p $SERVICE_DIR
|
|
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
|
|
ACL_CFG=$(cat <<EOF
|
|
acl is_affine hdr(host) -i $DOMAIN
|
|
use_backend affine_backend if is_affine
|
|
EOF
|
|
)
|
|
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
|
|
BACKEND_CFG=$(cat <<EOF
|
|
backend affine_backend
|
|
mode http
|
|
option http-server-close
|
|
option forwardfor
|
|
|
|
server affine1 127.0.0.1:3010 check
|
|
|
|
# === CORS & proxy headers ===
|
|
http-request set-header X-Forwarded-For %[src]
|
|
http-request set-header X-Forwarded-Proto https
|
|
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
|
|
http-request set-header X-Real-IP %[src]
|
|
|
|
# === WebSocket support ===
|
|
http-request set-header Connection "upgrade" if { req.hdr(Upgrade) -i websocket }
|
|
http-request set-header Upgrade "%[req.hdr(Upgrade)]" if { req.hdr(Upgrade) -i websocket }
|
|
EOF
|
|
)
|
|
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
|
|
|
|
sudo loginctl enable-linger $USER
|
|
|
|
echo "Generate backup script"
|
|
BACKUP_FILE="affine_backup.sh"
|
|
cp backup.sh $BACKUP_FILE
|
|
sed -i "s|^UPLOAD=\"\"|UPLOAD=\"$UPLOAD_LOCATION\"|" "$BACKUP_FILE"
|
|
sed -i "s|^CONFIG=\"\"|CONFIG=\"$CONFIG_LOCATION\"|" "$BACKUP_FILE"
|
|
sed -i "s|^DB_USERNAME=\"\"|DB_USERNAME=\"$DB_USERNAME\"|" "$BACKUP_FILE"
|
|
sed -i "s|^DB_DATABASE=\"\"|DB_DATABASE=\"$DB_DATABASE\"|" "$BACKUP_FILE"
|
|
sed -i "s|^LOCAL_BACKUP=\"\$HOME/.local/backup\"|LOCAL_BACKUP=\"\$HOME/.local/backup/$CONTAINER_PREFIX\"|" "$BACKUP_FILE"
|
|
sed -i "s|^CONTAINER_POSTGRES=\"\"|CONTAINER_POSTGRES=\"$CONTAINER_POSTGRES\"|" "$BACKUP_FILE"
|
|
sed -i "s|^REMOTE=\"\"|REMOTE=\"$BACKUP_REMOTE\"|" "$BACKUP_FILE"
|
|
sed -i "s|^SERVICE_SERVER=\"\"|SERVICE_SERVER=\"${CONTAINER_PREFIX}-${CONTAINER_SERVER}.service\"|" "$BACKUP_FILE"
|
|
|
|
mv $BACKUP_FILE $AFFINE_ROOT
|
|
crontab -l | grep -v "$AFFINE_ROOT/$BACKUP_FILE" | crontab -
|
|
(crontab -l 2>/dev/null; echo "0 3 * * * $AFFINE_ROOT/$BACKUP_FILE") | crontab -
|
|
|
|
echo "Deploy completed, manually run haproxy to generate new config."
|