faction_war_dispatch_bot/setup_production.sh

#!/bin/bash
# Production Setup Script for Faction War Dispatch Bot
# Run this script on your Linux server as root (sudo bash setup_production.sh)
#
# This script will:
#   - Create a service user 'factionwar' (no password by default)
#   - Clone the repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git
#   - Install all dependencies
#   - Configure Nginx with SSL
#   - Set up systemd service
#   - Configure firewall
#
# Note: To set a password for the factionwar user later (if needed for SSH):
#   sudo passwd factionwar

set -e  # Exit on error

echo "========================================"
echo "Faction War Dispatch Bot - Setup Script"
echo "========================================"
echo ""

# Check if running as root
if [ "$EUID" -ne 0 ]; then
    echo "Please run as root (use sudo)"
    exit 1
fi

# Get port to run on (default 8000)
read -p "Enter port to run application on (default: 8000): " APP_PORT
APP_PORT=${APP_PORT:-8000}

echo ""
echo "Installing required packages..."
apt update
apt install -y python3 python3-pip python3-venv git

echo ""
echo "Creating application user..."
if ! id "factionwar" &>/dev/null; then
    # Create user without password (non-interactive)
    adduser --disabled-password --gecos "" --home /opt/faction-war factionwar
    echo "Created user: factionwar"
fi

echo ""
echo "Setting up application directory..."
mkdir -p /opt/faction-war/app
cd /opt/faction-war/app

# Clone repository if directory is empty
if [ -z "$(ls -A /opt/faction-war/app)" ]; then
    echo "Cloning repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git"
    git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git .

    if [ $? -ne 0 ]; then
        echo "Failed to clone repository. Please check:"
        echo "  - Repository URL is correct"
        echo "  - You have access to the repository"
        echo "  - Network connection is working"
        exit 1
    fi

    # Set ownership
    chown -R factionwar:factionwar /opt/faction-war/app
    echo "Repository cloned successfully"
else
    echo "Application directory already exists, skipping clone"
fi

echo ""
echo "Setting up Python virtual environment..."
if [ ! -d "venv" ]; then
    sudo -u factionwar python3 -m venv venv
fi

echo "Installing Python dependencies..."
sudo -u factionwar venv/bin/pip install -r requirements.txt

echo ""
echo "Creating data directory..."
mkdir -p /opt/faction-war/app/data
chown -R factionwar:factionwar /opt/faction-war/app/data
chmod 700 /opt/faction-war/app/data

echo ""
echo "Setting up environment file..."
if [ ! -f ".env" ]; then
    cp .env.example .env
    echo ""
    echo "IMPORTANT: You need to configure /opt/faction-war/app/.env with your secrets!"
    echo ""
    echo "Generate secure secrets with:"
    echo "  - AUTH_PASSWORD: openssl rand -base64 32"
    echo "  - JWT_SECRET: openssl rand -hex 64"
    echo ""
    echo "You can either:"
    echo "  1. Edit the .env file now"
    echo "  2. Skip and edit it later before starting the application"
    echo ""
    read -p "Edit .env now? (y/n): " EDIT_NOW

    if [[ "$EDIT_NOW" =~ ^[Yy]$ ]]; then
        nano .env || true  # Don't exit if user cancels nano
    else
        echo "Skipped. Remember to edit /opt/faction-war/app/.env before starting the service!"
    fi
fi

chown factionwar:factionwar .env
chmod 600 .env

echo ""
echo "Setting up systemd service..."
# Update the service file with the configured port
sed "s|ExecStart=.*|ExecStart=/opt/faction-war/app/venv/bin/python main.py --port $APP_PORT|g" faction-war.service > /etc/systemd/system/faction-war.service
systemctl daemon-reload
systemctl enable faction-war
systemctl start faction-war

echo ""
echo "Configuring firewall..."
ufw --force enable
ufw allow ssh
ufw allow $APP_PORT/tcp

echo ""
echo "Setting up backup cron job..."
cat > /opt/faction-war/backup.sh << 'EOF'
#!/bin/bash
BACKUP_DIR="/opt/faction-war/backups"
DATE=$(date +%Y%m%d_%H%M%S)
APP_DIR="/opt/faction-war/app"

mkdir -p $BACKUP_DIR
tar -czf $BACKUP_DIR/data_backup_$DATE.tar.gz -C $APP_DIR data/
find $BACKUP_DIR -name "data_backup_*.tar.gz" -mtime +7 -delete
echo "Backup completed: data_backup_$DATE.tar.gz"
EOF

chmod +x /opt/faction-war/backup.sh

# Add to crontab if not already present
(crontab -l 2>/dev/null | grep -v backup.sh; echo "0 2 * * * /opt/faction-war/backup.sh") | crontab -

echo ""
echo "========================================"
echo "Setup Complete!"
echo "========================================"
echo ""
echo "Your application should now be running on port $APP_PORT"
echo ""
echo "User Account Information:"
echo "  - Service user: factionwar (no password by default)"
echo "  - Work as this user: sudo -u factionwar bash"
echo "  - Set password (if needed): sudo passwd factionwar"
echo "  - Application directory: /opt/faction-war/app"
echo ""
echo "Important next steps:"
echo "1. Configure /opt/faction-war/app/.env with your secrets (if not done already)"
echo "   - Edit with: sudo -u factionwar nano /opt/faction-war/app/.env"
echo "   - Then restart: sudo systemctl restart faction-war"
echo "2. Access the application:"
echo "   - Local: http://localhost:$APP_PORT"
echo "   - Remote: http://YOUR_SERVER_IP:$APP_PORT"
echo "3. Configure your reverse proxy (nginx, caddy, etc.) to handle HTTPS"
echo "4. Configure your API keys in the Settings page (or use .env)"
echo "5. Test the application functionality"
echo ""
echo "Useful commands:"
echo "  - Check status: sudo systemctl status faction-war"
echo "  - View logs: sudo journalctl -u faction-war -f"
echo "  - Restart: sudo systemctl restart faction-war"
echo "  - Update code: cd /opt/faction-war/app && sudo -u factionwar git pull && sudo systemctl restart faction-war"
echo "  - Edit config: sudo -u factionwar nano /opt/faction-war/app/.env"
echo ""
echo "Security reminders:"
echo "  - Configure HTTPS on your reverse proxy"
echo "  - Keep your .env file secure (chmod 600)"
echo "  - Regularly update: apt update && apt upgrade"
echo "  - Monitor logs for suspicious activity"
echo "  - Backup data regularly (automated at 2 AM daily)"
echo ""