From 865a08da17583e0451cf8e16ae67e8d79c36f3f4 Mon Sep 17 00:00:00 2001 From: rob thijssen Date: Thu, 7 May 2026 09:08:28 +0300 Subject: [PATCH] chore: setup backend environment --- asset/systemd/blekin.service | 2 ++ script/setup.sh | 48 ++++++++++++++++++++++++++++++++++-- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/asset/systemd/blekin.service b/asset/systemd/blekin.service index e0af234..f008ca3 100644 --- a/asset/systemd/blekin.service +++ b/asset/systemd/blekin.service @@ -5,6 +5,8 @@ Wants=network-online.target [Service] Type=simple +User=blekin +Group=blekin ExecStart=/usr/local/bin/ericrfb-proxy WorkingDirectory=/var/lib/blekin Environment=RUST_LOG=ericrfb_proxy=info diff --git a/script/setup.sh b/script/setup.sh index 84d2cb1..9043227 100755 --- a/script/setup.sh +++ b/script/setup.sh @@ -4,11 +4,46 @@ ui_host=oolon.kosherinata.internal ws_host=frootmig.kosherinata.internal app_fqdn=blekin.kosherinata.internal +repo_path=~/git/grenade/blekin fedora_trusted_root_path=/etc/pki/ca-trust/source/anchors/root-internal.pem fedora_intermediate_path=/etc/pki/ca-trust/source/anchors/intermediate-internal.pem -#ssh ${ui_host} sudo mkdir -p /etc/nginx/tls/${app_fqdn} +if ssh ${ws_host} 'id blekin 2> /dev/null || sudo useradd --system --create-home --home-dir /var/lib/blekin --user-group blekin'; then + echo "blekin system user created or observed on ${ws_host}" +else + echo "failed to create blekin system user on ${ws_host}" + exit 1 +fi +if rsync \ + --archive \ + --compress \ + --rsync-path 'sudo rsync' \ + --chown root:root \ + ${repo_path}/asset/systemd/blekin.service \ + ${ws_host}:/etc/systemd/system/blekin.service \ + && ssh ${ws_host} sudo systemctl daemon-reload; then + echo "blekin.service synced to ${ws_host}" +else + echo "failed to sync blekin.service to ${ws_host}" + exit 1 +fi +if ssh ${ws_host} systemctl is-active --quiet blekin.service; then + if ssh ${ws_host} sudo systemctl restart blekin.service; then + echo "blekin.service restarted on ${ws_host}" + else + echo "failed to restart blekin.service on ${ws_host}" + exit 1 + fi +else + if ssh ${ws_host} sudo systemctl start blekin.service; then + echo "blekin.service started on ${ws_host}" + else + echo "failed to start blekin.service on ${ws_host}" + exit 1 + fi +fi + app_cert_is_valid=false app_cert_remote_path=/etc/nginx/tls/cert/${app_fqdn}.pem app_key_remote_path=/etc/nginx/tls/key/${app_fqdn}.pem @@ -71,7 +106,7 @@ if rsync \ --compress \ --rsync-path 'sudo rsync' \ --chown root:root \ - ~/git/grenade/blekin/asset/nginx/${app_fqdn}.conf \ + ${repo_path}/asset/nginx/${app_fqdn}.conf \ ${ui_host}:/etc/nginx/sites-available/${app_fqdn}.conf; then echo "${app_fqdn}.conf synced to ${ui_host}" else @@ -88,5 +123,14 @@ else echo "failed to reload nginx on ${ui_host}" fi +# todo: +# frootmig: # sudo useradd --system --create-home --home-dir /var/lib/blekin --user-group blekin +# sync asset/sudoers.d/ws_gitea_ci to /etc/sudoers.d/gitea_ci + +# oolon: +# ssh ${ui_host} sudo mkdir -p /etc/nginx/tls/${app_fqdn} +# sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/blekin.kosherinata.internal(/.*)?" +# sudo restorecon -Rv /var/www/blekin.kosherinata.internal/ +# sync asset/sudoers.d/ui_gitea_ci to /etc/sudoers.d/gitea_ci