-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver-setup.sh
More file actions
executable file
·109 lines (95 loc) · 3.65 KB
/
server-setup.sh
File metadata and controls
executable file
·109 lines (95 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash
# server-setup.sh
#
# One-time setup script to prepare your Linode Debian server for automated
# deployments from GitHub Actions.
#
# Run as root or with sudo:
# sudo bash scripts/server-setup.sh
#
# After running, follow the printed instructions to add the SSH public key
# to your GitHub repository secrets.
set -e
DEPLOY_USER="deploy"
echo "=== Moon App - Server Deployment Setup ==="
echo ""
# ---------------------------------------------------------------
# 1. Create deploy user
# ---------------------------------------------------------------
if id "$DEPLOY_USER" &>/dev/null; then
echo "[ok] User '$DEPLOY_USER' already exists"
else
useradd -m -s /bin/bash "$DEPLOY_USER"
echo "[ok] Created user '$DEPLOY_USER'"
fi
# ---------------------------------------------------------------
# 2. Generate SSH key pair for GitHub Actions
# ---------------------------------------------------------------
KEY_DIR="/home/$DEPLOY_USER/.ssh"
KEY_FILE="$KEY_DIR/github_actions"
mkdir -p "$KEY_DIR"
chmod 700 "$KEY_DIR"
if [ ! -f "$KEY_FILE" ]; then
ssh-keygen -t ed25519 -f "$KEY_FILE" -N "" -C "github-actions-moon-deploy"
echo "[ok] Generated SSH key pair at $KEY_FILE"
else
echo "[ok] SSH key already exists at $KEY_FILE"
fi
# Authorise the key for the deploy user
if ! grep -qF "$(cat "$KEY_FILE.pub")" "$KEY_DIR/authorized_keys" 2>/dev/null; then
cat "$KEY_FILE.pub" >> "$KEY_DIR/authorized_keys"
echo "[ok] Public key added to authorized_keys"
fi
chmod 600 "$KEY_DIR/authorized_keys"
chown -R "$DEPLOY_USER:$DEPLOY_USER" "$KEY_DIR"
# ---------------------------------------------------------------
# 3. Create sudoers entry (least privilege)
# ---------------------------------------------------------------
SUDOERS_FILE="/etc/sudoers.d/moon-deploy"
cat > "$SUDOERS_FILE" << 'EOF'
# Allow the deploy user to install the moon app without a password
deploy ALL=(ALL) NOPASSWD: \
/bin/cp /tmp/moon-deploy/moon /usr/local/bin/moon, \
/bin/chmod +x /usr/local/bin/moon, \
/bin/cp /tmp/moon-deploy/index.html /var/www/moon/, \
/bin/cp /tmp/moon-deploy/about.html /var/www/moon/, \
/bin/cp /tmp/moon-deploy/calendar.html /var/www/moon/, \
/bin/cp -r /tmp/moon-deploy/static/ /var/www/moon/, \
/bin/chown -R www-data\:www-data /var/www/moon, \
/usr/bin/systemctl restart moon, \
/usr/bin/systemctl is-active moon
EOF
chmod 440 "$SUDOERS_FILE"
# Validate the file
visudo -c -f "$SUDOERS_FILE"
echo "[ok] sudoers entry created at $SUDOERS_FILE"
# ---------------------------------------------------------------
# 4. Ensure /var/www/moon exists and is owned correctly
# ---------------------------------------------------------------
mkdir -p /var/www/moon
chown -R www-data:www-data /var/www/moon
echo "[ok] /var/www/moon ready"
# ---------------------------------------------------------------
# 5. Print next steps
# ---------------------------------------------------------------
echo ""
echo "=== Setup complete. Add these secrets to your GitHub repository: ==="
echo ""
echo "Go to: GitHub repo → Settings → Secrets and variables → Actions"
echo ""
echo "Secret name : DEPLOY_HOST"
echo "Secret value : $(hostname -I | awk '{print $1}') (your server's public IP)"
echo ""
echo "Secret name : DEPLOY_USER"
echo "Secret value : $DEPLOY_USER"
echo ""
echo "Secret name : DEPLOY_SSH_KEY"
echo "Secret value : (paste the private key below)"
echo ""
echo "---BEGIN PRIVATE KEY (copy everything including the dashes)---"
cat "$KEY_FILE"
echo "---END PRIVATE KEY---"
echo ""
echo "Optional secret : DEPLOY_PORT (only if SSH is not on port 22)"
echo ""
echo "After adding secrets, push to master to trigger your first deployment."