#!/bin/bash set -e # Configuration variables GITEA_HOST="https://git.front.kjuulh.io" REPO_OWNER="kjuulh" REPO_NAME="churn-v2" BINARY_NAME="churn" SERVICE_NAME="churn-agent" SERVICE_USER="churn" RELEASE_TAG="latest" # or specific version like "v1.0.0" # Check if running as root if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit 1 fi # Create service user if it doesn't exist if ! id "$SERVICE_USER" &>/dev/null; then useradd -r -s /bin/false "$SERVICE_USER" fi # Function to get latest release if RELEASE_TAG is "latest" get_latest_release() { curl -s "https://$GITEA_HOST/api/v1/repos/$REPO_OWNER/$REPO_NAME/releases/latest" | \ grep '"tag_name":' | \ sed -E 's/.*"([^"]+)".*/\1/' } # Determine the actual release tag if [ "$RELEASE_TAG" = "latest" ]; then RELEASE_TAG=$(get_latest_release) fi echo "Installing $BINARY_NAME version $RELEASE_TAG..." # Download and install binary TMP_DIR=$(mktemp -d) cd "$TMP_DIR" # Download binary from Gitea curl -L -o "$BINARY_NAME" \ "https://$GITEA_HOST/$REPO_OWNER/$REPO_NAME/releases/download/$RELEASE_TAG/$BINARY_NAME" # Make binary executable and move to appropriate location chmod +x "$BINARY_NAME" mv "$BINARY_NAME" "/usr/local/bin/$BINARY_NAME" # Create systemd service file cat > "/etc/systemd/system/$SERVICE_NAME.service" << EOF [Unit] Description=$SERVICE_NAME Service After=network.target [Service] Type=simple User=$SERVICE_USER ExecStart=/usr/local/bin/$BINARY_NAME Restart=always RestartSec=5 # Security hardening options ProtectSystem=strict ProtectHome=true NoNewPrivileges=true ReadWritePaths=/var/log/$SERVICE_NAME [Install] WantedBy=multi-user.target EOF # Create log directory if logging is needed mkdir -p "/var/log/$SERVICE_NAME" chown "$SERVICE_USER:$SERVICE_USER" "/var/log/$SERVICE_NAME" # Reload systemd and enable service systemctl daemon-reload systemctl enable "$SERVICE_NAME" systemctl start "$SERVICE_NAME" # Clean up cd rm -rf "$TMP_DIR" echo "Installation complete! Service status:" systemctl status "$SERVICE_NAME" # Provide some helpful commands echo " Useful commands: - Check status: systemctl status $SERVICE_NAME - View logs: journalctl -u $SERVICE_NAME - Restart service: systemctl restart $SERVICE_NAME - Stop service: systemctl stop $SERVICE_NAME "