diff options
| author | Samuel Wilhelmsson <samuel.wilhelmsson@gmail.com> | 2025-01-11 00:45:55 +0100 |
|---|---|---|
| committer | Samuel Wilhelmsson <samuel.wilhelmsson@gmail.com> | 2025-01-11 00:45:55 +0100 |
| commit | 979b2bcb3259c31bd134aa6b8e2ec5890187e4c6 (patch) | |
| tree | f68299131b071c10459e1cf49330806b3157d05d | |
| parent | 15ad5e7bb68f432d9bc5683fce21c9b5d4bacb60 (diff) | |
| download | tinygram-979b2bcb3259c31bd134aa6b8e2ec5890187e4c6.tar.gz tinygram-979b2bcb3259c31bd134aa6b8e2ec5890187e4c6.zip | |
add secrets and service template, soon deploying anywhere
| -rwxr-xr-x | deploy | 30 | ||||
| -rw-r--r-- | prod.env.agebox | bin | 594 -> 594 bytes | |||
| -rw-r--r-- | service/tinygram.service.template | 1 |
3 files changed, 31 insertions, 0 deletions
@@ -6,16 +6,22 @@ (def bin-dir "/opt/tinygram/") (def asset-dir "/srv/tinygram/") +(def service-dir "/etc/systemd/system/") (def ssh-target (string user "@" host)) (def bin-target (string ssh-target ":" bin-dir)) (def asset-target (string ssh-target ":" asset-dir)) +(def service-target (string ssh-target ":" service-dir)) (def rsync-path ["--rsync-path" "sudo -u tinygram rsync"]) +(def rsync-path-sudo ["--rsync-path" "sudo rsync"]) (def rsync-bin-args [;rsync-path "tinygram" bin-target]) (def rsync-asset-args [;rsync-path "-r" "assets" asset-target]) +(def rsync-service-args [;rsync-path-sudo "service/tinygram.service" service-target]) + +(def rsync-service [;rsync-path "-r" "assets" asset-target]) (print "-- building templ --") @@ -30,8 +36,32 @@ (print "-- syncing assets --") ($ rsync ;rsync-asset-args) +(print "-- creating service locally--") +(def template (slurp "service/tinygram.service.template")) + +(print "-- decrypting env --") +($ agebox decrypt --all) +(def envfile (slurp "prod.env")) +($ agebox encrypt --all) +(print "-- encrypting env --") + +(def env-statements + (filter (fn [s] (not (empty? s))) + (string/split "\n" envfile))) + +(def env-block (string ;(map (fn [env] (string "Environment=\"" env "\"\n")) env-statements))) + +(spit "service/tinygram.service" + (peg/replace "<1>\n" env-block template)) + +(print "-- syncing service --") +($ rsync ;rsync-service-args) + +(print "-- cleaning up service locally --") +($ rm "service/tinygram.service") (print "-- restarting service --") +($ ssh ,ssh-target "sudo systemctl daemon-reload") ($ ssh ,ssh-target "sudo systemctl restart tinygram.service") (print "done!") diff --git a/prod.env.agebox b/prod.env.agebox Binary files differindex bbe712a..bf1d545 100644 --- a/prod.env.agebox +++ b/prod.env.agebox diff --git a/service/tinygram.service.template b/service/tinygram.service.template index 0667884..6e49781 100644 --- a/service/tinygram.service.template +++ b/service/tinygram.service.template @@ -2,6 +2,7 @@ Description=Tinygram Service [Service] +<1> Type=simple User=tinygram WorkingDirectory=/opt/tinygram |