-
Notifications
You must be signed in to change notification settings - Fork 28
/
setup_server.sh
executable file
·119 lines (95 loc) · 3.09 KB
/
setup_server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/usr/bin/env bash
# Setup the server and the feedi app as a service.
# The app will be installed in the running user's home directory and the
# service will run with a new feedi user.
# Tested on a raspberry Pi OS and debian 12.
#
# ssh [email protected] 'bash -s' < setup_server.sh
# TODO: allow to customize pulled git branch
set -e
sudo apt update -y
sudo apt upgrade -y
sudo apt install build-essential gcc python3 python3-dev python3-pip python3-venv python-is-python3 nginx ufw git vim -y
# install node 20 sigh
sudo apt-get install -y ca-certificates curl gnupg
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --yes --dearmor -o /etc/apt/keyrings/nodesource.gpg
NODE_MAJOR=20
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
sudo apt-get update
sudo apt-get install nodejs -y
# setup the firewall
sudo ufw allow ssh
sudo ufw allow 'Nginx HTTP'
sudo ufw --force enable
FEEDI_DIR=/home/feedi
# create a user to run the service
sudo adduser --comment --disabled-login --disabled-password feedi || true
cd $FEEDI_DIR
# install the app
sudo su feedi -c "git clone https://github.com/facundoolano/feedi.git"
cd feedi
sudo su feedi -c "make deps feedi/config/production.py"
sudo su feedi -c "mkdir -p instance"
# disable default auth
sed -i '/DEFAULT_AUTH_USER/s/^# //g' feedi/config/production.py
# mark the database as already migrated
sudo su feedi -c "venv/bin/alembic stamp head"
sudo chown -R feedi .
# FIXME do we really need this?
# let others write so we can overwrite with scp
sudo chmod 666 instance/feedi.db
# allow other users to read static files so nginx can serve them
sudo chmod o+r -R feedi/static/
DIR=$FEEDI_DIR/feedi/feedi/static
while [[ $DIR != / ]]; do chmod +rx "$DIR"; DIR=$(dirname "$DIR"); done;
sudo tee -a /etc/systemd/system/gunicorn.service > /dev/null <<EOF
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
Type=notify
User=feedi
Group=feedi
RuntimeDirectory=gunicorn
WorkingDirectory=$FEEDI_DIR/feedi
ExecStart=$FEEDI_DIR/feedi/venv/bin/gunicorn
ExecReload=/bin/kill -s HUP \$MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true
LimitNOFILE=10240
[Install]
WantedBy=multi-user.target
EOF
sudo tee -a /etc/systemd/system/gunicorn.socket > /dev/null <<EOF
[Unit]
Description=gunicorn socket
[Socket]
ListenStream=/run/gunicorn.sock
SocketUser=www-data
[Install]
WantedBy=sockets.target
EOF
sudo systemctl enable gunicorn
sudo systemctl start gunicorn
# setup nginx as the proxy
sudo tee -a /etc/nginx/sites-available/feedi > /dev/null <<EOF
server {
listen 80;
server_name _;
location ^~ /static/ {
include /etc/nginx/mime.types;
root $FEEDI_DIR/feedi/feedi/;
}
location / {
proxy_pass http://unix:/run/gunicorn.sock;
include proxy_params;
}
}
EOF
sudo rm -f /etc/nginx/sites-enabled/default
sudo ln -sf /etc/nginx/sites-available/feedi /etc/nginx/sites-enabled/feedi
sudo systemctl enable nginx
sudo systemctl restart nginx