#!/bin/bash # ============================================================================= # Vihar Sewa first-time setup on kreonAI5. Run as ROOT. # Sets up OS user, log dirs, clones repo, installs PM2 globally if needed, # starts services. Idempotent - safe to re-run. # ============================================================================= set -euo pipefail OS_USER="vihar" REPO_URL="git@github.com:mindforgeerp/vihar-sewa.git" INSTALL_DIR="/www/wwwroot/vihar" LOG_DIR="/var/log/vihar" DOMAIN="${VIHAR_DOMAIN:-vsg.kreonsolutions.in}" echo "============================================================" echo "Vihar Sewa first-time setup" echo "============================================================" # ---- 1. OS user ---- if ! id -u "$OS_USER" >/dev/null 2>&1; then echo "→ Creating OS user '$OS_USER'..." useradd -m -s /bin/bash "$OS_USER" fi # ---- 2. Log dir ---- mkdir -p "$LOG_DIR" chown "$OS_USER:$OS_USER" "$LOG_DIR" # ---- 3. Install dir ---- mkdir -p "$INSTALL_DIR" chown -R "$OS_USER:$OS_USER" "$INSTALL_DIR" # ---- 4. SSH key for git pull ---- SSH_DIR="/home/$OS_USER/.ssh" if [ ! -f "$SSH_DIR/id_ed25519" ]; then echo "→ Generating SSH key for $OS_USER..." sudo -u "$OS_USER" mkdir -p "$SSH_DIR" sudo -u "$OS_USER" ssh-keygen -t ed25519 -N "" -f "$SSH_DIR/id_ed25519" -C "$OS_USER@kreonai5" echo "" echo "============================================================" echo "ADD THIS PUBLIC KEY AS A DEPLOY KEY ON GITHUB:" echo " https://github.com/mindforgeerp/vihar-sewa/settings/keys/new" echo "============================================================" cat "$SSH_DIR/id_ed25519.pub" echo "============================================================" echo "" read -p "Press ENTER after adding the deploy key..." fi # ---- 5. Add github.com to known_hosts ---- sudo -u "$OS_USER" ssh-keyscan -H github.com >> "$SSH_DIR/known_hosts" 2>/dev/null || true # ---- 6. Clone or pull ---- if [ ! -d "$INSTALL_DIR/.git" ]; then echo "→ Cloning repo..." sudo -u "$OS_USER" git clone "$REPO_URL" "$INSTALL_DIR" else echo "→ Repo already cloned" fi # ---- 7. .env ---- if [ ! -f "$INSTALL_DIR/.env" ]; then cp "$INSTALL_DIR/.env.example" "$INSTALL_DIR/.env" chown "$OS_USER:$OS_USER" "$INSTALL_DIR/.env" chmod 600 "$INSTALL_DIR/.env" echo "" echo "============================================================" echo "EDIT $INSTALL_DIR/.env BEFORE PROCEEDING:" echo " - DATABASE_URL (use the password from init-db.prod.sql)" echo " - JWT_SECRET (openssl rand -hex 64)" echo " - CRON_SECRET (openssl rand -hex 32)" echo " - GOOGLE_MAPS_BACKEND_KEY" echo " - NEXT_PUBLIC_GOOGLE_MAPS_FRONTEND_KEY" echo " - NEXT_PUBLIC_SITE_URL=https://$DOMAIN" echo " - WEB_ORIGIN=https://$DOMAIN" echo "============================================================" read -p "Press ENTER after editing .env..." fi # ---- 8. PM2 ---- if ! command -v pm2 >/dev/null; then echo "→ Installing PM2 globally..." npm install -g pm2 fi # ---- 9. Initial deploy ---- echo "→ Running first deploy..." sudo -u "$OS_USER" "$INSTALL_DIR/deploy/deploy.sh" # ---- 10. PM2 startup hook ---- echo "→ Registering PM2 with systemd..." env PATH=$PATH:/usr/bin pm2 startup systemd -u "$OS_USER" --hp "/home/$OS_USER" sudo -u "$OS_USER" pm2 save # ---- 11. Nginx vhost ---- echo "→ Reminder: copy deploy/nginx-vihar.conf to your nginx vhost dir," echo " replace with $DOMAIN, then issue an SSL cert via aaPanel." echo "" echo "✅ First-time setup complete" echo " Next: configure Nginx vhost, SSL cert, then test https://$DOMAIN"