#!/bin/bash # Exit on error set -e echo "===== Project Mycelium Simplified Deployment Script =====" echo "Date: $(date)" echo "User: $(whoami)" # Check required commands for cmd in git cargo zinit caddy; do if ! command -v $cmd &> /dev/null; then echo "Error: Required command '$cmd' not found." echo "Please install all prerequisites before running this script." exit 1 fi done # Variables REPO_URL="https://git.ourworld.tf/tfgrid_research/projectmycelium" INSTALL_DIR="/root/code/github.com/tfgrid_research/projectmycelium" SERVICE_NAME="tf-marketplace" PORT=9999 DOMAIN="example.com" # Replace with your actual domain # Prompt for domain name read -p "Enter your domain name [default: $DOMAIN]: " input_domain DOMAIN=${input_domain:-$DOMAIN} # Generate a random secret key if not provided if [ -z "$SECRET_KEY" ]; then SECRET_KEY=$(openssl rand -base64 32) echo "Generated random SECRET_KEY" fi echo "===== Cloning Repository =====" mkdir -p $(dirname "$INSTALL_DIR") if [ -d "$INSTALL_DIR" ]; then echo "Directory already exists. Updating repository..." cd "$INSTALL_DIR" git checkout main git fetch git pull else echo "Cloning repository..." git clone "$REPO_URL" "$INSTALL_DIR" cd "$INSTALL_DIR" git checkout main fi echo "===== Creating zinit Service =====" # Create service script directory sudo mkdir -p /etc/zinit/cmds # Create service script cat > /tmp/tf-marketplace.sh << EOF #!/bin/bash cd $INSTALL_DIR export RUST_LOG=info export SECRET_KEY="$SECRET_KEY" exec /root/.cargo/bin/cargo run --release -- --port $PORT EOF sudo cp /tmp/tf-marketplace.sh /etc/zinit/cmds/$SERVICE_NAME.sh sudo chmod +x /etc/zinit/cmds/$SERVICE_NAME.sh rm /tmp/tf-marketplace.sh # Create zinit service definition cat > /tmp/tf-marketplace.yaml << EOF exec: "/bin/bash -c /etc/zinit/cmds/$SERVICE_NAME.sh" EOF sudo cp /tmp/tf-marketplace.yaml /etc/zinit/$SERVICE_NAME.yaml rm /tmp/tf-marketplace.yaml echo "===== Configuring Caddy =====" cat > /tmp/Caddyfile << EOF $DOMAIN { # Enable compression encode gzip zstd # Serve static files handle /static/* { root * $INSTALL_DIR/src file_server } # Reverse proxy to the application reverse_proxy localhost:$PORT { # Customize timeouts if needed timeout 2m # Enable WebSocket support header_up Connection {>Connection} header_up Upgrade {>Upgrade} } # Add security headers header { # Enable HSTS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Prevent MIME type sniffing X-Content-Type-Options "nosniff" # Protect against clickjacking X-Frame-Options "SAMEORIGIN" # Enable XSS protection X-XSS-Protection "1; mode=block" # Control browser features Permissions-Policy "geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), payment=()" # Remove server information -Server } # Log access log { output file /var/log/caddy/access.log format json } } EOF sudo mkdir -p /etc/caddy sudo cp /tmp/Caddyfile /etc/caddy/Caddyfile rm /tmp/Caddyfile echo "===== Starting Services =====" # Start the marketplace service zinit start $SERVICE_NAME # Restart Caddy to load new configuration zinit restart caddy echo "===== Configuring Firewall =====" if command -v ufw &> /dev/null; then sudo ufw allow http sudo ufw allow https echo "Firewall configured to allow HTTP and HTTPS traffic." fi echo "===== Deployment Complete =====" echo "Project Mycelium has been deployed at: https://$DOMAIN" echo echo "You can monitor the application with:" echo " zinit list" echo " zinit log $SERVICE_NAME" echo " tail -f /var/log/zinit/$SERVICE_NAME.log" echo echo "Caddy status and logs:" echo " zinit status caddy" echo " zinit log caddy"