deploy/proxmox-install.sh bootstraps a fresh LXC end-to-end: apt prereqs, Go toolchain (if missing), git clone, build, then hands off to deploy/install.sh. README documents the curl|bash invocation.
This commit is contained in:
@@ -41,11 +41,29 @@ PXE boot), see [docs/operations.md § First vetting run](docs/operations.md#firs
|
|||||||
|
|
||||||
## Production install (Proxmox LXC)
|
## Production install (Proxmox LXC)
|
||||||
|
|
||||||
|
On a fresh Debian/Ubuntu LXC, as root:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
curl -fsSL https://gitea.thewrightserver.net/josh/Vetting/raw/branch/main/deploy/proxmox-install.sh | bash
|
||||||
|
```
|
||||||
|
|
||||||
|
That installs Go (if missing), clones the repo to `/opt/vetting-src`,
|
||||||
|
builds `vetting-linux-amd64`, and hands off to `deploy/install.sh` —
|
||||||
|
which lays down the binary, systemd unit, example config, and
|
||||||
|
`vetting` service user. Then:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Edit /etc/vetting/vetting.yaml (bcrypt password, session secret, public URL)
|
||||||
|
sudo systemctl enable --now vetting
|
||||||
|
journalctl -fu vetting
|
||||||
|
```
|
||||||
|
|
||||||
|
Prefer to build yourself? The manual path:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
make orchestrator-linux
|
make orchestrator-linux
|
||||||
scp -r bin deploy lxc:/opt/vetting/
|
scp -r bin deploy lxc:/opt/vetting/
|
||||||
ssh lxc "cd /opt/vetting && sudo ./deploy/install.sh"
|
ssh lxc "cd /opt/vetting && sudo ./deploy/install.sh"
|
||||||
# Edit /etc/vetting/vetting.yaml, then:
|
|
||||||
ssh lxc "sudo systemctl enable --now vetting"
|
ssh lxc "sudo systemctl enable --now vetting"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,84 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# proxmox-install.sh — one-shot fetch + build + install for a fresh
|
||||||
|
# Proxmox LXC (or any Debian/Ubuntu host). Designed to be piped
|
||||||
|
# straight from the repo:
|
||||||
|
#
|
||||||
|
# curl -fsSL https://gitea.thewrightserver.net/josh/Vetting/raw/branch/main/deploy/proxmox-install.sh | sudo bash
|
||||||
|
#
|
||||||
|
# What it does:
|
||||||
|
# 1. apt-installs build prereqs (git, curl, build-essential).
|
||||||
|
# 2. Drops Go into /usr/local/go if a recent enough toolchain isn't
|
||||||
|
# already present.
|
||||||
|
# 3. Clones the repo to /opt/vetting-src (or pulls latest if already
|
||||||
|
# there), then `make orchestrator-linux`.
|
||||||
|
# 4. Hands off to deploy/install.sh to lay down the binary, the
|
||||||
|
# systemd unit, the example config, and the vetting user.
|
||||||
|
#
|
||||||
|
# Override via env: GO_VERSION, TEMPL_VERSION, SRC_DIR, BRANCH, REPO_URL.
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
GO_VERSION="${GO_VERSION:-1.23.4}"
|
||||||
|
TEMPL_VERSION="${TEMPL_VERSION:-v0.3.1001}"
|
||||||
|
SRC_DIR="${SRC_DIR:-/opt/vetting-src}"
|
||||||
|
BRANCH="${BRANCH:-main}"
|
||||||
|
REPO_URL="${REPO_URL:-https://gitea.thewrightserver.net/josh/Vetting.git}"
|
||||||
|
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
echo "proxmox-install.sh must be run as root (try: sudo bash)" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "==> installing build prerequisites"
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
apt-get update -qq
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
git curl ca-certificates build-essential
|
||||||
|
|
||||||
|
need_go=1
|
||||||
|
if command -v go >/dev/null 2>&1; then
|
||||||
|
have="$(go env GOVERSION 2>/dev/null || true)"
|
||||||
|
# Accept any go1.23+ toolchain already on the host.
|
||||||
|
if [[ "${have}" =~ ^go1\.(2[3-9]|[3-9][0-9]) ]]; then
|
||||||
|
echo "==> using existing ${have}"
|
||||||
|
need_go=0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [[ ${need_go} -eq 1 ]]; then
|
||||||
|
echo "==> installing Go ${GO_VERSION} into /usr/local/go"
|
||||||
|
tmp="$(mktemp -d)"
|
||||||
|
curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" -o "${tmp}/go.tgz"
|
||||||
|
rm -rf /usr/local/go
|
||||||
|
tar -C /usr/local -xzf "${tmp}/go.tgz"
|
||||||
|
rm -rf "${tmp}"
|
||||||
|
ln -sf /usr/local/go/bin/go /usr/local/bin/go
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "==> fetching source into ${SRC_DIR}"
|
||||||
|
if [[ -d "${SRC_DIR}/.git" ]]; then
|
||||||
|
git -C "${SRC_DIR}" fetch --depth=1 origin "${BRANCH}"
|
||||||
|
git -C "${SRC_DIR}" checkout -B "${BRANCH}" "origin/${BRANCH}"
|
||||||
|
else
|
||||||
|
install -d -m 0755 "$(dirname "${SRC_DIR}")"
|
||||||
|
git clone --depth=1 --branch "${BRANCH}" "${REPO_URL}" "${SRC_DIR}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "==> installing templ ${TEMPL_VERSION}"
|
||||||
|
GOBIN=/usr/local/bin go install "github.com/a-h/templ/cmd/templ@${TEMPL_VERSION}"
|
||||||
|
|
||||||
|
echo "==> building orchestrator (make orchestrator-linux)"
|
||||||
|
cd "${SRC_DIR}"
|
||||||
|
make orchestrator-linux
|
||||||
|
|
||||||
|
echo "==> running deploy/install.sh"
|
||||||
|
bash deploy/install.sh --binary "bin/vetting-linux-amd64"
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
|
||||||
|
vetting source is at ${SRC_DIR}.
|
||||||
|
|
||||||
|
To upgrade later, rerun this one-liner, or from the source dir:
|
||||||
|
cd ${SRC_DIR} && git pull && make orchestrator-linux \\
|
||||||
|
&& sudo ./deploy/install.sh --binary bin/vetting-linux-amd64 \\
|
||||||
|
&& sudo systemctl restart vetting
|
||||||
|
|
||||||
|
EOF
|
||||||
Reference in New Issue
Block a user