swissdatabase/rubix-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cbc6ecf14cfa1b1756ddc9cba51b79b463e6afea
rubix-deploy/install-rubix.sh
T
Sinisa Madzar 579822726f Install certbot on new VPS during install-rubix 
- Add certbot to apt packages so host-side Let's Encrypt works before first docker-cms-certbot
2026-06-01 12:52:53 +02:00

174 lines
5.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Step 1 on a new VPS: apt update/upgrade, token prompt, /home/www/callcenter, download rubix release.
#
# Publish: https://gitea.dialer.work/swissdatabase/rubix-deploy
# Clone: https://gitea.dialer.work/swissdatabase/rubix-deploy.git
#
# On the VPS:
# wget -O install-rubix.sh \
# https://gitea.dialer.work/swissdatabase/rubix-deploy/raw/branch/main/install-rubix.sh
# chmod +x install-rubix.sh
# sudo ./install-rubix.sh
set -euo pipefail
RUBIX_DEPLOY_REPO="https://gitea.dialer.work/swissdatabase/rubix-deploy"
RUBIX_DEPLOY_RAW="${RUBIX_DEPLOY_REPO}/raw/branch/main/install-rubix.sh"
GITEA_HOST="${GITEA_HOST:-gitea.dialer.work}"
GITEA_OWNER="${GITEA_OWNER:-swissdatabase}"
GITEA_REPO="${GITEA_REPO:-rubix}"
RUBIX_INSTALL_PATH="${RUBIX_INSTALL_PATH:-/home/www/callcenter}"
GITEA_TOKEN="${GITEA_TOKEN:-${GITEA_REGISTRY_PULL_TOKEN:-}}"
TAG="${1:-}"
APT_PACKAGES=(unzip wget curl python3 ca-certificates git rsync certbot)
DOCKER_APT_PACKAGE="${DOCKER_APT_PACKAGE:-docker.io}"
COMPOSE_PLUGIN_DIR="/usr/lib/docker/cli-plugins"
prepare_system() {
if [[ "$(id -u)" -ne 0 ]]; then
echo "Run with sudo: sudo ./install-rubix.sh" >&2
exit 1
fi
if ! command -v apt-get >/dev/null 2>&1; then
echo "apt-get not found — install ${APT_PACKAGES[*]} manually." >&2
exit 1
fi
export DEBIAN_FRONTEND=noninteractive
echo "[install-rubix] apt-get update ..."
apt-get update -y
if [[ "${SKIP_APT_UPGRADE:-}" != "1" ]]; then
echo "[install-rubix] apt-get upgrade ..."
apt-get upgrade -y
fi
echo "[install-rubix] apt-get install ${APT_PACKAGES[*]} ..."
apt-get install -y "${APT_PACKAGES[@]}"
ensure_docker
}
ensure_docker_compose_plugin() {
if docker compose version >/dev/null 2>&1; then
return 0
fi
if apt-cache show docker-compose-plugin >/dev/null 2>&1; then
echo "[install-rubix] apt-get install docker-compose-plugin ..."
apt-get install -y docker-compose-plugin
return 0
fi
echo "[install-rubix] docker-compose-plugin not in apt — fetching Compose v2 plugin ..."
local arch compose_arch url
arch="$(uname -m)"
case "${arch}" in
x86_64) compose_arch="x86_64" ;;
aarch64|arm64) compose_arch="aarch64" ;;
*)
echo "[install-rubix] ERROR: unsupported CPU for compose plugin: ${arch}" >&2
exit 1
;;
esac
mkdir -p "${COMPOSE_PLUGIN_DIR}"
url="https://github.com/docker/compose/releases/latest/download/docker-compose-linux-${compose_arch}"
curl -fsSL "${url}" -o "${COMPOSE_PLUGIN_DIR}/docker-compose"
chmod +x "${COMPOSE_PLUGIN_DIR}/docker-compose"
}
ensure_docker() {
if command -v docker >/dev/null 2>&1; then
echo "[install-rubix] docker already installed: $(docker --version)"
else
echo "[install-rubix] apt-get install ${DOCKER_APT_PACKAGE} ..."
apt-get install -y "${DOCKER_APT_PACKAGE}"
fi
ensure_docker_compose_plugin
systemctl enable --now docker
if ! docker info >/dev/null 2>&1; then
echo "[install-rubix] ERROR: docker installed but daemon not running." >&2
exit 1
fi
if ! docker compose version >/dev/null 2>&1; then
echo "[install-rubix] ERROR: docker compose plugin missing after install." >&2
exit 1
fi
echo "[install-rubix] docker OK ($(docker compose version | head -1))"
}
prompt_token() {
if [[ -n "${GITEA_TOKEN}" ]]; then
return 0
fi
echo ""
echo "=== Gitea access token (required) ==="
echo "Paste your personal access token from gitea.dialer.work"
echo "(User Settings → Applications → Generate New Token)."
echo "Same token as Docker registry / GITEA_REGISTRY_PULL_TOKEN in .env later."
echo "Input is hidden — type or paste the token, then press Enter:"
echo ""
read -r -s GITEA_TOKEN
echo ""
if [[ -z "${GITEA_TOKEN}" ]]; then
echo "[install-rubix] ERROR: token is required to download the private rubix release." >&2
exit 1
fi
echo "[install-rubix] token received."
}
prepare_system
prompt_token
echo "[install-rubix] install path: ${RUBIX_INSTALL_PATH}"
mkdir -p "${RUBIX_INSTALL_PATH}"
cd "${RUBIX_INSTALL_PATH}"
if [[ -z "${TAG}" ]]; then
echo "[install-rubix] fetching latest release tag ..."
wget -q --header="Authorization: token ${GITEA_TOKEN}" \
-O /tmp/rubix-release.json \
"https://${GITEA_HOST}/api/v1/repos/${GITEA_OWNER}/${GITEA_REPO}/releases/latest"
TAG="$(python3 -c 'import json; print(json.load(open("/tmp/rubix-release.json"))["tag_name"])')"
rm -f /tmp/rubix-release.json
fi
ZIP_URL="https://${GITEA_HOST}/${GITEA_OWNER}/${GITEA_REPO}/archive/${TAG}.zip"
echo "[install-rubix] downloading ${TAG} ..."
# Remove leftover extract dir from a failed previous run (safe: only rubix-* names).
for stale in rubix rubix-*; do
if [[ -d "${stale}" ]]; then
echo "[install-rubix] removing stale extract dir ${stale}/"
rm -rf "${stale}"
fi
done
wget --header="Authorization: token ${GITEA_TOKEN}" -O rubix.zip "${ZIP_URL}"
unzip -oq rubix.zip
TOP=""
for candidate in rubix rubix-*; do
if [[ -d "${candidate}" ]]; then
TOP="${candidate}"
break
fi
done
if [[ -z "${TOP}" ]]; then
TOP="$(find . -maxdepth 1 -mindepth 1 -type d | head -1)"
fi
if [[ -n "${TOP}" ]]; then
echo "[install-rubix] syncing ${TOP}/ into ${RUBIX_INSTALL_PATH} (re-runs merge over existing files)"
rsync -a "${TOP}/" ./
rm -rf "${TOP}"
else
echo "[install-rubix] WARN: no top-level folder in zip — files left as extracted" >&2
fi
rm -f rubix.zip
echo ""
echo "[install-rubix] done — ${RUBIX_INSTALL_PATH} (${TAG})"
echo "[install-rubix] next (see rubix-deploy README step 2):"
echo " cd ${RUBIX_INSTALL_PATH}/deploy/docker"
echo " cp .env.example .env"
echo " nano .env # set GITEA_REGISTRY_PULL_TOKEN, passwords, domains"
echo " # docker login before up.sh (see README step 2)"
echo " sudo ./up.sh"
Reference in New Issue View Git Blame Copy Permalink