churn-v2/install.sh

#!/bin/bash

set -e

# Configuration variables
GITEA_HOST="https://git.front.kjuulh.io"
REPO_OWNER="kjuulh"
REPO_NAME="churn-v2"
BINARY_NAME="churn"
SERVICE_NAME="churn-agent"
SERVICE_USER="churn"
RELEASE_TAG="latest"  # or specific version like "v1.0.0"

# Check if running as root
if [ "$EUID" -ne 0 ]; then 
    echo "Please run as root"
    exit 1
fi

# Create service user if it doesn't exist
if ! id "$SERVICE_USER" &>/dev/null; then
    useradd -r -s /bin/false "$SERVICE_USER"
fi

# Function to get latest release if RELEASE_TAG is "latest"
get_latest_release() {
    curl -s "https://$GITEA_HOST/api/v1/repos/$REPO_OWNER/$REPO_NAME/releases/latest" | \
    grep '"tag_name":' | \
    sed -E 's/.*"([^"]+)".*/\1/'
}

# Determine the actual release tag
if [ "$RELEASE_TAG" = "latest" ]; then
    RELEASE_TAG=$(get_latest_release)
fi

echo "Installing $BINARY_NAME version $RELEASE_TAG..."

# Download and install binary
TMP_DIR=$(mktemp -d)
cd "$TMP_DIR"

# Download binary from Gitea
curl -L -o "$BINARY_NAME" \
    "https://$GITEA_HOST/$REPO_OWNER/$REPO_NAME/releases/download/$RELEASE_TAG/$BINARY_NAME"

# Make binary executable and move to appropriate location
chmod +x "$BINARY_NAME"
mv "$BINARY_NAME" "/usr/local/bin/$BINARY_NAME"

# Create systemd service file
cat > "/etc/systemd/system/$SERVICE_NAME.service" << EOF
[Unit]
Description=$SERVICE_NAME Service
After=network.target

[Service]
Type=simple
User=$SERVICE_USER
ExecStart=/usr/local/bin/$BINARY_NAME
Restart=always
RestartSec=5

# Security hardening options
ProtectSystem=strict
ProtectHome=true
NoNewPrivileges=true
ReadWritePaths=/var/log/$SERVICE_NAME

[Install]
WantedBy=multi-user.target
EOF

# Create log directory if logging is needed
mkdir -p "/var/log/$SERVICE_NAME"
chown "$SERVICE_USER:$SERVICE_USER" "/var/log/$SERVICE_NAME"

# Reload systemd and enable service
systemctl daemon-reload
systemctl enable "$SERVICE_NAME"
systemctl start "$SERVICE_NAME"

# Clean up
cd
rm -rf "$TMP_DIR"

echo "Installation complete! Service status:"
systemctl status "$SERVICE_NAME"

# Provide some helpful commands
echo "
Useful commands:
- Check status: systemctl status $SERVICE_NAME
- View logs: journalctl -u $SERVICE_NAME
- Restart service: systemctl restart $SERVICE_NAME
- Stop service: systemctl stop $SERVICE_NAME
"
feat: add agent Signed-off-by: kjuulh <contact@kjuulh.io> 2024-11-24 00:53:43 +01:00			`#!/bin/bash`

			`set -e`

			`# Configuration variables`
			`GITEA_HOST="https://git.front.kjuulh.io"`
			`REPO_OWNER="kjuulh"`
			`REPO_NAME="churn-v2"`
			`BINARY_NAME="churn"`
			`SERVICE_NAME="churn-agent"`
			`SERVICE_USER="churn"`
			`RELEASE_TAG="latest" # or specific version like "v1.0.0"`

			`# Check if running as root`
			`if [ "$EUID" -ne 0 ]; then`
			`echo "Please run as root"`
			`exit 1`
			`fi`

			`# Create service user if it doesn't exist`
			`if ! id "$SERVICE_USER" &>/dev/null; then`
			`useradd -r -s /bin/false "$SERVICE_USER"`
			`fi`

			`# Function to get latest release if RELEASE_TAG is "latest"`
			`get_latest_release() {`
			`curl -s "https://$GITEA_HOST/api/v1/repos/$REPO_OWNER/$REPO_NAME/releases/latest" \| \`
			`grep '"tag_name":' \| \`
			`sed -E 's/."([^"]+)"./\1/'`
			`}`

			`# Determine the actual release tag`
			`if [ "$RELEASE_TAG" = "latest" ]; then`
			`RELEASE_TAG=$(get_latest_release)`
			`fi`

			`echo "Installing $BINARY_NAME version $RELEASE_TAG..."`

			`# Download and install binary`
			`TMP_DIR=$(mktemp -d)`
			`cd "$TMP_DIR"`

			`# Download binary from Gitea`
			`curl -L -o "$BINARY_NAME" \`
			`"https://$GITEA_HOST/$REPO_OWNER/$REPO_NAME/releases/download/$RELEASE_TAG/$BINARY_NAME"`

			`# Make binary executable and move to appropriate location`
			`chmod +x "$BINARY_NAME"`
			`mv "$BINARY_NAME" "/usr/local/bin/$BINARY_NAME"`

			`# Create systemd service file`
			`cat > "/etc/systemd/system/$SERVICE_NAME.service" << EOF`
			`[Unit]`
			`Description=$SERVICE_NAME Service`
			`After=network.target`

			`[Service]`
			`Type=simple`
			`User=$SERVICE_USER`
			`ExecStart=/usr/local/bin/$BINARY_NAME`
			`Restart=always`
			`RestartSec=5`

			`# Security hardening options`
			`ProtectSystem=strict`
			`ProtectHome=true`
			`NoNewPrivileges=true`
			`ReadWritePaths=/var/log/$SERVICE_NAME`

			`[Install]`
			`WantedBy=multi-user.target`
			`EOF`

			`# Create log directory if logging is needed`
			`mkdir -p "/var/log/$SERVICE_NAME"`
			`chown "$SERVICE_USER:$SERVICE_USER" "/var/log/$SERVICE_NAME"`

			`# Reload systemd and enable service`
			`systemctl daemon-reload`
			`systemctl enable "$SERVICE_NAME"`
			`systemctl start "$SERVICE_NAME"`

			`# Clean up`
			`cd`
			`rm -rf "$TMP_DIR"`

			`echo "Installation complete! Service status:"`
			`systemctl status "$SERVICE_NAME"`

			`# Provide some helpful commands`
			`echo "`
			`Useful commands:`
			`- Check status: systemctl status $SERVICE_NAME`
			`- View logs: journalctl -u $SERVICE_NAME`
			`- Restart service: systemctl restart $SERVICE_NAME`
			`- Stop service: systemctl stop $SERVICE_NAME`
			`"`