61 lines
1.5 KiB
Bash
Executable file
61 lines
1.5 KiB
Bash
Executable file
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
SERVICE_DIR="/root/service"
|
|
mkdir -p ${SERVICE_DIR}
|
|
cd ${SERVICE_DIR}
|
|
|
|
echo "== Fetch Source Code (from git)"
|
|
# Clone if not yet cloned
|
|
if [ ! -d .git ]; then
|
|
git clone \
|
|
--depth 1 \
|
|
--no-checkout \
|
|
--filter=tree:0 \
|
|
https://github.com/tjo-space/tjo-cloud-infrastructure.git .
|
|
git sparse-checkout set --no-cone /id.tjo.cloud
|
|
git checkout
|
|
else
|
|
git fetch --depth=1
|
|
git reset --hard origin/main
|
|
fi
|
|
|
|
echo "=== Copy Configuration Files"
|
|
rsync -a id.tjo.cloud/root/ /
|
|
systemctl daemon-reload
|
|
|
|
echo "=== Prepare srv directories"
|
|
mkdir -p /srv/authentik/{media,certs,custom-templates}
|
|
chown -R 1200:1200 /srv/authentik
|
|
|
|
mkdir -p /srv/postgresql/{data,backups}
|
|
|
|
echo "=== Read Secrets"
|
|
age -d -i /etc/age/key.txt id.tjo.cloud/secrets.env.encrypted >id.tjo.cloud/secrets.env
|
|
set -a && source id.tjo.cloud/secrets.env && set +a
|
|
|
|
echo "=== Prepare Configurations"
|
|
cat <<EOF >/etc/postgresql/secrets.env
|
|
POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD}
|
|
EOF
|
|
cat <<EOF >/etc/authentik/secrets.env
|
|
AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
|
|
AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRESQL_PASSWORD}
|
|
EOF
|
|
|
|
echo "=== Setup Caddy"
|
|
systemctl restart caddy
|
|
|
|
echo "=== Setup Postgresql"
|
|
systemctl restart postgresql
|
|
systemctl start postgresql-backup.timer
|
|
|
|
echo "=== Setup Valkey"
|
|
systemctl restart valkey
|
|
|
|
echo "=== Setup Authentik Server"
|
|
systemctl restart authentik-server
|
|
|
|
echo "=== Setup Authentik Worker"
|
|
systemctl restart authentik-worker
|