From 979b2bcb3259c31bd134aa6b8e2ec5890187e4c6 Mon Sep 17 00:00:00 2001
From: Samuel Wilhelmsson <samuel.wilhelmsson@gmail.com>
Date: Sat, 11 Jan 2025 00:45:55 +0100
Subject: add secrets and service template, soon deploying anywhere

---
 deploy                            |  30 ++++++++++++++++++++++++++++++
 prod.env.agebox                   | Bin 594 -> 594 bytes
 service/tinygram.service.template |   1 +
 3 files changed, 31 insertions(+)

diff --git a/deploy b/deploy
index 6bb97ee..62fb075 100755
--- a/deploy
+++ b/deploy
@@ -6,16 +6,22 @@
 
 (def bin-dir "/opt/tinygram/")
 (def asset-dir "/srv/tinygram/")
+(def service-dir "/etc/systemd/system/")
 
 (def ssh-target (string user "@" host))
 
 (def bin-target (string ssh-target ":" bin-dir))
 (def asset-target (string ssh-target ":" asset-dir))
+(def service-target (string ssh-target ":" service-dir))
 
 (def rsync-path ["--rsync-path" "sudo -u tinygram rsync"])
+(def rsync-path-sudo ["--rsync-path" "sudo rsync"])
 
 (def rsync-bin-args [;rsync-path "tinygram" bin-target])
 (def rsync-asset-args [;rsync-path "-r" "assets" asset-target])
+(def rsync-service-args [;rsync-path-sudo "service/tinygram.service" service-target])
+
+(def rsync-service [;rsync-path "-r" "assets" asset-target])
 
 
 (print "-- building templ --")
@@ -30,8 +36,32 @@
 (print "-- syncing assets --")
 ($ rsync ;rsync-asset-args)
 
+(print "-- creating service locally--")
+(def template (slurp "service/tinygram.service.template"))
+
+(print "-- decrypting env --")
+($ agebox decrypt --all)
+(def envfile (slurp "prod.env"))
+($ agebox encrypt --all)
+(print "-- encrypting env --")
+
+(def env-statements
+  (filter (fn [s] (not (empty? s)))
+          (string/split "\n" envfile)))
+
+(def env-block (string ;(map (fn [env] (string "Environment=\"" env "\"\n")) env-statements)))
+
+(spit "service/tinygram.service"
+      (peg/replace "<1>\n" env-block template))
+
+(print "-- syncing service --")
+($ rsync ;rsync-service-args)
+
+(print "-- cleaning up service locally --")
+($ rm "service/tinygram.service")
 
 (print "-- restarting service --")
+($ ssh ,ssh-target "sudo systemctl daemon-reload")
 ($ ssh ,ssh-target "sudo systemctl restart tinygram.service")
 
 (print "done!")
diff --git a/prod.env.agebox b/prod.env.agebox
index bbe712a..bf1d545 100644
Binary files a/prod.env.agebox and b/prod.env.agebox differ
diff --git a/service/tinygram.service.template b/service/tinygram.service.template
index 0667884..6e49781 100644
--- a/service/tinygram.service.template
+++ b/service/tinygram.service.template
@@ -2,6 +2,7 @@
 Description=Tinygram Service
 
 [Service]
+<1>
 Type=simple
 User=tinygram
 WorkingDirectory=/opt/tinygram
-- 
cgit v1.2.3