jerick/faction_war_dispatch_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b2626f56eabb5ba146a86342028f36a135204d6d
faction_war_dispatch_bot/setup_production.sh
jerick b2626f56ea env file edit option
2026-01-28 11:51:25 -05:00

228 lines
7.0 KiB
Bash
Raw Blame History

#!/bin/bash
# Production Setup Script for Faction War Dispatch Bot
# Run this script on your Linux server as root (sudo bash setup_production.sh)
#
# This script will:
# - Create a service user 'factionwar' (no password by default)
# - Clone the repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git
# - Install all dependencies
# - Configure Nginx with SSL
# - Set up systemd service
# - Configure firewall
#
# Note: To set a password for the factionwar user later (if needed for SSH):
# sudo passwd factionwar
set -e # Exit on error
echo "========================================"
echo "Faction War Dispatch Bot - Setup Script"
echo "========================================"
echo ""
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root (use sudo)"
exit 1
fi
# Get domain name
read -p "Enter your domain name (e.g., faction.yourdomain.com): " DOMAIN
if [ -z "$DOMAIN" ]; then
echo "Domain name is required!"
exit 1
fi
# Get email for Let's Encrypt
read -p "Enter your email for SSL certificate (Let's Encrypt): " EMAIL
if [ -z "$EMAIL" ]; then
echo "Email is required for SSL certificate!"
exit 1
fi
echo ""
echo "Installing required packages..."
apt update
apt install -y python3 python3-pip python3-venv nginx certbot python3-certbot-nginx git
echo ""
echo "Creating application user..."
if ! id "factionwar" &>/dev/null; then
# Create user without password (non-interactive)
adduser --disabled-password --gecos "" --home /opt/faction-war factionwar
echo "Created user: factionwar"
fi
echo ""
echo "Setting up application directory..."
mkdir -p /opt/faction-war/app
cd /opt/faction-war/app
# Clone repository if directory is empty
if [ -z "$(ls -A /opt/faction-war/app)" ]; then
echo "Cloning repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git"
git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git .
if [ $? -ne 0 ]; then
echo "Failed to clone repository. Please check:"
echo " - Repository URL is correct"
echo " - You have access to the repository"
echo " - Network connection is working"
exit 1
fi
# Set ownership
chown -R factionwar:factionwar /opt/faction-war/app
echo "Repository cloned successfully"
else
echo "Application directory already exists, skipping clone"
fi
echo ""
echo "Setting up Python virtual environment..."
if [ ! -d "venv" ]; then
sudo -u factionwar python3 -m venv venv
fi
echo "Installing Python dependencies..."
sudo -u factionwar venv/bin/pip install -r requirements.txt
echo ""
echo "Creating data directory..."
mkdir -p /opt/faction-war/app/data
chown -R factionwar:factionwar /opt/faction-war/app/data
chmod 700 /opt/faction-war/app/data
echo ""
echo "Setting up environment file..."
if [ ! -f ".env" ]; then
cp .env.example .env
echo ""
echo "IMPORTANT: You need to configure /opt/faction-war/app/.env with your secrets!"
echo ""
echo "Generate secure secrets with:"
echo " - AUTH_PASSWORD: openssl rand -base64 32"
echo " - JWT_SECRET: openssl rand -hex 64"
echo ""
echo "You can either:"
echo " 1. Edit the .env file now"
echo " 2. Skip and edit it later before starting the application"
echo ""
read -p "Edit .env now? (y/n): " EDIT_NOW
if [[ "$EDIT_NOW" =~ ^[Yy]$ ]]; then
nano .env || true # Don't exit if user cancels nano
else
echo "Skipped. Remember to edit /opt/faction-war/app/.env before starting the service!"
fi
fi
chown factionwar:factionwar .env
chmod 600 .env
echo ""
echo "Setting up Nginx configuration..."
# Create a basic HTTP-only config first (Certbot will add SSL)
cat > /etc/nginx/sites-available/faction-war << EOF
# Basic HTTP configuration - Certbot will add SSL
server {
listen 80;
listen [::]:80;
server_name $DOMAIN;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
ln -sf /etc/nginx/sites-available/faction-war /etc/nginx/sites-enabled/faction-war
# Remove default nginx site if it exists
rm -f /etc/nginx/sites-enabled/default
echo ""
echo "Testing Nginx configuration..."
nginx -t
echo ""
echo "Reloading Nginx..."
systemctl reload nginx
echo ""
echo "Getting SSL certificate from Let's Encrypt..."
echo "Certbot will automatically configure SSL in the Nginx config"
certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email $EMAIL --redirect
echo ""
echo "Setting up systemd service..."
cp faction-war.service /etc/systemd/system/faction-war.service
systemctl daemon-reload
systemctl enable faction-war
systemctl start faction-war
echo ""
echo "Configuring firewall..."
ufw --force enable
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
echo ""
echo "Setting up backup cron job..."
cat > /opt/faction-war/backup.sh << 'EOF'
#!/bin/bash
BACKUP_DIR="/opt/faction-war/backups"
DATE=$(date +%Y%m%d_%H%M%S)
APP_DIR="/opt/faction-war/app"
mkdir -p $BACKUP_DIR
tar -czf $BACKUP_DIR/data_backup_$DATE.tar.gz -C $APP_DIR data/
find $BACKUP_DIR -name "data_backup_*.tar.gz" -mtime +7 -delete
echo "Backup completed: data_backup_$DATE.tar.gz"
EOF
chmod +x /opt/faction-war/backup.sh
# Add to crontab if not already present
(crontab -l 2>/dev/null | grep -v backup.sh; echo "0 2 * * * /opt/faction-war/backup.sh") | crontab -
echo ""
echo "========================================"
echo "Setup Complete!"
echo "========================================"
echo ""
echo "Your application should now be running at: https://$DOMAIN"
echo ""
echo "User Account Information:"
echo " - Service user: factionwar (no password by default)"
echo " - Work as this user: sudo -u factionwar bash"
echo " - Set password (if needed): sudo passwd factionwar"
echo " - Application directory: /opt/faction-war/app"
echo ""
echo "Important next steps:"
echo "1. Configure /opt/faction-war/app/.env with your secrets (if not done already)"
echo " - Edit with: sudo -u factionwar nano /opt/faction-war/app/.env"
echo " - Then restart: sudo systemctl restart faction-war"
echo "2. Visit https://$DOMAIN and log in with your AUTH_PASSWORD"
echo "3. Configure your API keys in the Settings page (or use .env)"
echo "4. Test the application functionality"
echo ""
echo "Useful commands:"
echo " - Check status: sudo systemctl status faction-war"
echo " - View logs: sudo journalctl -u faction-war -f"
echo " - Restart: sudo systemctl restart faction-war"
echo " - Update code: cd /opt/faction-war/app && sudo -u factionwar git pull && sudo systemctl restart faction-war"
echo " - Edit config: sudo -u factionwar nano /opt/faction-war/app/.env"
echo ""
echo "Security reminders:"
echo " - Keep your .env file secure (chmod 600)"
echo " - Regularly update: apt update && apt upgrade"
echo " - Monitor logs for suspicious activity"
echo " - Backup data regularly (automated at 2 AM daily)"
echo ""
Reference in New Issue View Git Blame Copy Permalink