#!/bin/bash # Production Setup Script for Faction War Dispatch Bot # Run this script on your Linux server as root (sudo bash setup_production.sh) # # This script will: # - Create a service user 'factionwar' (no password by default) # - Clone the repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git # - Install all dependencies # - Configure Nginx with SSL # - Set up systemd service # - Configure firewall # # Note: To set a password for the factionwar user later (if needed for SSH): # sudo passwd factionwar set -e # Exit on error echo "========================================" echo "Faction War Dispatch Bot - Setup Script" echo "========================================" echo "" # Check if running as root if [ "$EUID" -ne 0 ]; then echo "Please run as root (use sudo)" exit 1 fi # Get port to run on (default 8000) read -p "Enter port to run application on (default: 8000): " APP_PORT APP_PORT=${APP_PORT:-8000} echo "" echo "Installing required packages..." apt update apt install -y python3 python3-pip python3-venv git echo "" echo "Creating application user..." if ! id "factionwar" &>/dev/null; then # Create user without password (non-interactive) adduser --disabled-password --gecos "" --home /opt/faction-war factionwar echo "Created user: factionwar" fi echo "" echo "Setting up application directory..." mkdir -p /opt/faction-war/app cd /opt/faction-war/app # Clone repository if directory is empty if [ -z "$(ls -A /opt/faction-war/app)" ]; then echo "Cloning repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git" git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git . if [ $? -ne 0 ]; then echo "Failed to clone repository. Please check:" echo " - Repository URL is correct" echo " - You have access to the repository" echo " - Network connection is working" exit 1 fi # Set ownership chown -R factionwar:factionwar /opt/faction-war/app echo "Repository cloned successfully" else echo "Application directory already exists, skipping clone" fi echo "" echo "Setting up Python virtual environment..." if [ ! -d "venv" ]; then sudo -u factionwar python3 -m venv venv fi echo "Installing Python dependencies..." sudo -u factionwar venv/bin/pip install -r requirements.txt echo "" echo "Creating data directory..." mkdir -p /opt/faction-war/app/data chown -R factionwar:factionwar /opt/faction-war/app/data chmod 700 /opt/faction-war/app/data echo "" echo "Setting up environment file..." if [ ! -f ".env" ]; then cp .env.example .env # Update PORT in .env file sed -i "s/^PORT=.*/PORT=$APP_PORT/" .env echo "" echo "IMPORTANT: You need to configure /opt/faction-war/app/.env with your secrets!" echo "" echo "Generate secure secrets with:" echo " - AUTH_PASSWORD: openssl rand -base64 32" echo " - JWT_SECRET: openssl rand -hex 64" echo "" echo "Application port has been set to: $APP_PORT" echo "" echo "You can either:" echo " 1. Edit the .env file now" echo " 2. Skip and edit it later before starting the application" echo "" read -p "Edit .env now? (y/n): " EDIT_NOW if [[ "$EDIT_NOW" =~ ^[Yy]$ ]]; then nano .env || true # Don't exit if user cancels nano else echo "Skipped. Remember to edit /opt/faction-war/app/.env before starting the service!" fi fi chown factionwar:factionwar .env chmod 600 .env echo "" echo "Setting up systemd service..." # Copy the service file cp faction-war.service /etc/systemd/system/faction-war.service systemctl daemon-reload systemctl enable faction-war systemctl start faction-war echo "" echo "Configuring firewall..." ufw --force enable ufw allow ssh ufw allow $APP_PORT/tcp echo "" echo "Setting up backup cron job..." cat > /opt/faction-war/backup.sh << 'EOF' #!/bin/bash BACKUP_DIR="/opt/faction-war/backups" DATE=$(date +%Y%m%d_%H%M%S) APP_DIR="/opt/faction-war/app" mkdir -p $BACKUP_DIR tar -czf $BACKUP_DIR/data_backup_$DATE.tar.gz -C $APP_DIR data/ find $BACKUP_DIR -name "data_backup_*.tar.gz" -mtime +7 -delete echo "Backup completed: data_backup_$DATE.tar.gz" EOF chmod +x /opt/faction-war/backup.sh # Add to crontab if not already present (crontab -l 2>/dev/null | grep -v backup.sh; echo "0 2 * * * /opt/faction-war/backup.sh") | crontab - echo "" echo "========================================" echo "Setup Complete!" echo "========================================" echo "" echo "Your application should now be running on port $APP_PORT" echo "" echo "User Account Information:" echo " - Service user: factionwar (no password by default)" echo " - Work as this user: sudo -u factionwar bash" echo " - Set password (if needed): sudo passwd factionwar" echo " - Application directory: /opt/faction-war/app" echo "" echo "Important next steps:" echo "1. Configure /opt/faction-war/app/.env with your secrets (if not done already)" echo " - Edit with: sudo -u factionwar nano /opt/faction-war/app/.env" echo " - Change PORT or HOST in .env if needed" echo " - Then restart: sudo systemctl restart faction-war" echo "2. Access the application:" echo " - Local: http://localhost:$APP_PORT" echo " - Remote: http://YOUR_SERVER_IP:$APP_PORT" echo "3. Configure your reverse proxy (nginx, caddy, etc.) to handle HTTPS" echo "4. Configure your API keys in the Settings page (or use .env)" echo "5. Test the application functionality" echo "" echo "Useful commands:" echo " - Check status: sudo systemctl status faction-war" echo " - View logs: sudo journalctl -u faction-war -f" echo " - Restart: sudo systemctl restart faction-war" echo " - Update code: cd /opt/faction-war/app && sudo -u factionwar git pull && sudo systemctl restart faction-war" echo " - Edit config: sudo -u factionwar nano /opt/faction-war/app/.env" echo "" echo "Security reminders:" echo " - Configure HTTPS on your reverse proxy" echo " - Keep your .env file secure (chmod 600)" echo " - Regularly update: apt update && apt upgrade" echo " - Monitor logs for suspicious activity" echo " - Backup data regularly (automated at 2 AM daily)" echo ""