191 lines
6.1 KiB
Bash
191 lines
6.1 KiB
Bash
#!/bin/bash
|
|
# Production Setup Script for Faction War Dispatch Bot
|
|
# Run this script on your Linux server as root (sudo bash setup_production.sh)
|
|
#
|
|
# This script will:
|
|
# - Create a service user 'factionwar' (no password by default)
|
|
# - Clone the repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git
|
|
# - Install all dependencies
|
|
# - Configure Nginx with SSL
|
|
# - Set up systemd service
|
|
# - Configure firewall
|
|
#
|
|
# Note: To set a password for the factionwar user later (if needed for SSH):
|
|
# sudo passwd factionwar
|
|
|
|
set -e # Exit on error
|
|
|
|
echo "========================================"
|
|
echo "Faction War Dispatch Bot - Setup Script"
|
|
echo "========================================"
|
|
echo ""
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
# Get port to run on (default 8000)
|
|
read -p "Enter port to run application on (default: 8000): " APP_PORT
|
|
APP_PORT=${APP_PORT:-8000}
|
|
|
|
echo ""
|
|
echo "Installing required packages..."
|
|
apt update
|
|
apt install -y python3 python3-pip python3-venv git
|
|
|
|
echo ""
|
|
echo "Creating application user..."
|
|
if ! id "factionwar" &>/dev/null; then
|
|
# Create user without password (non-interactive)
|
|
adduser --disabled-password --gecos "" --home /opt/faction-war factionwar
|
|
echo "Created user: factionwar"
|
|
fi
|
|
|
|
echo ""
|
|
echo "Setting up application directory..."
|
|
mkdir -p /opt/faction-war/app
|
|
cd /opt/faction-war/app
|
|
|
|
# Clone repository if directory is empty
|
|
if [ -z "$(ls -A /opt/faction-war/app)" ]; then
|
|
echo "Cloning repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git"
|
|
git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git .
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "Failed to clone repository. Please check:"
|
|
echo " - Repository URL is correct"
|
|
echo " - You have access to the repository"
|
|
echo " - Network connection is working"
|
|
exit 1
|
|
fi
|
|
|
|
# Set ownership
|
|
chown -R factionwar:factionwar /opt/faction-war/app
|
|
echo "Repository cloned successfully"
|
|
else
|
|
echo "Application directory already exists, skipping clone"
|
|
fi
|
|
|
|
echo ""
|
|
echo "Setting up Python virtual environment..."
|
|
if [ ! -d "venv" ]; then
|
|
sudo -u factionwar python3 -m venv venv
|
|
fi
|
|
|
|
echo "Installing Python dependencies..."
|
|
sudo -u factionwar venv/bin/pip install -r requirements.txt
|
|
|
|
echo ""
|
|
echo "Creating data directory..."
|
|
mkdir -p /opt/faction-war/app/data
|
|
chown -R factionwar:factionwar /opt/faction-war/app/data
|
|
chmod 700 /opt/faction-war/app/data
|
|
|
|
echo ""
|
|
echo "Setting up environment file..."
|
|
if [ ! -f ".env" ]; then
|
|
cp .env.example .env
|
|
|
|
# Update PORT in .env file
|
|
sed -i "s/^PORT=.*/PORT=$APP_PORT/" .env
|
|
|
|
echo ""
|
|
echo "IMPORTANT: You need to configure /opt/faction-war/app/.env with your secrets!"
|
|
echo ""
|
|
echo "Generate secure secrets with:"
|
|
echo " - AUTH_PASSWORD: openssl rand -base64 32"
|
|
echo " - JWT_SECRET: openssl rand -hex 64"
|
|
echo ""
|
|
echo "Application port has been set to: $APP_PORT"
|
|
echo ""
|
|
echo "You can either:"
|
|
echo " 1. Edit the .env file now"
|
|
echo " 2. Skip and edit it later before starting the application"
|
|
echo ""
|
|
read -p "Edit .env now? (y/n): " EDIT_NOW
|
|
|
|
if [[ "$EDIT_NOW" =~ ^[Yy]$ ]]; then
|
|
nano .env || true # Don't exit if user cancels nano
|
|
else
|
|
echo "Skipped. Remember to edit /opt/faction-war/app/.env before starting the service!"
|
|
fi
|
|
fi
|
|
|
|
chown factionwar:factionwar .env
|
|
chmod 600 .env
|
|
|
|
echo ""
|
|
echo "Setting up systemd service..."
|
|
# Copy the service file
|
|
cp faction-war.service /etc/systemd/system/faction-war.service
|
|
systemctl daemon-reload
|
|
systemctl enable faction-war
|
|
systemctl start faction-war
|
|
|
|
echo ""
|
|
echo "Configuring firewall..."
|
|
ufw --force enable
|
|
ufw allow ssh
|
|
ufw allow $APP_PORT/tcp
|
|
|
|
echo ""
|
|
echo "Setting up backup cron job..."
|
|
cat > /opt/faction-war/backup.sh << 'EOF'
|
|
#!/bin/bash
|
|
BACKUP_DIR="/opt/faction-war/backups"
|
|
DATE=$(date +%Y%m%d_%H%M%S)
|
|
APP_DIR="/opt/faction-war/app"
|
|
|
|
mkdir -p $BACKUP_DIR
|
|
tar -czf $BACKUP_DIR/data_backup_$DATE.tar.gz -C $APP_DIR data/
|
|
find $BACKUP_DIR -name "data_backup_*.tar.gz" -mtime +7 -delete
|
|
echo "Backup completed: data_backup_$DATE.tar.gz"
|
|
EOF
|
|
|
|
chmod +x /opt/faction-war/backup.sh
|
|
|
|
# Add to crontab if not already present
|
|
(crontab -l 2>/dev/null | grep -v backup.sh; echo "0 2 * * * /opt/faction-war/backup.sh") | crontab -
|
|
|
|
echo ""
|
|
echo "========================================"
|
|
echo "Setup Complete!"
|
|
echo "========================================"
|
|
echo ""
|
|
echo "Your application should now be running on port $APP_PORT"
|
|
echo ""
|
|
echo "User Account Information:"
|
|
echo " - Service user: factionwar (no password by default)"
|
|
echo " - Work as this user: sudo -u factionwar bash"
|
|
echo " - Set password (if needed): sudo passwd factionwar"
|
|
echo " - Application directory: /opt/faction-war/app"
|
|
echo ""
|
|
echo "Important next steps:"
|
|
echo "1. Configure /opt/faction-war/app/.env with your secrets (if not done already)"
|
|
echo " - Edit with: sudo -u factionwar nano /opt/faction-war/app/.env"
|
|
echo " - Change PORT or HOST in .env if needed"
|
|
echo " - Then restart: sudo systemctl restart faction-war"
|
|
echo "2. Access the application:"
|
|
echo " - Local: http://localhost:$APP_PORT"
|
|
echo " - Remote: http://YOUR_SERVER_IP:$APP_PORT"
|
|
echo "3. Configure your reverse proxy (nginx, caddy, etc.) to handle HTTPS"
|
|
echo "4. Configure your API keys in the Settings page (or use .env)"
|
|
echo "5. Test the application functionality"
|
|
echo ""
|
|
echo "Useful commands:"
|
|
echo " - Check status: sudo systemctl status faction-war"
|
|
echo " - View logs: sudo journalctl -u faction-war -f"
|
|
echo " - Restart: sudo systemctl restart faction-war"
|
|
echo " - Update code: cd /opt/faction-war/app && sudo -u factionwar git pull && sudo systemctl restart faction-war"
|
|
echo " - Edit config: sudo -u factionwar nano /opt/faction-war/app/.env"
|
|
echo ""
|
|
echo "Security reminders:"
|
|
echo " - Configure HTTPS on your reverse proxy"
|
|
echo " - Keep your .env file secure (chmod 600)"
|
|
echo " - Regularly update: apt update && apt upgrade"
|
|
echo " - Monitor logs for suspicious activity"
|
|
echo " - Backup data regularly (automated at 2 AM daily)"
|
|
echo ""
|