#!/bin/bash set -o errexit INSTALL_DIR=$(pwd) OPENRESTY_VERSION=1.13.6.1 LUAROCKS_VERSION=2.4.1 POSTGRES_PASSWORD=$(cat /dev/urandom | head -c 12 | base64) read -p "Enter email address for use with certbot-auto: " EMAIL_ADDRESS read -p "Enter the domain name this will be running on: " DOMAIN_NAME read -p "Enter the port this will be running on: " PORT if [ -z EMAIL_ADDRESS ] then EMAIL_ADDRESS=no-one@example.com fi if [ -z PORT ] then PORT=9872 # TODO fix this does not work fi ### PREREQUISITES ### if ! command -v nginx >/dev/null 2>&1 then sudo apt-get install nginx -y fi if ! command -v certbot-auto >/dev/null 2>&1 then wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto sudo mv ./certbot-auto /bin/certbot-auto fi if ! command -v psql >/dev/null 2>&1 then sudo apt-get install postgresql -y fi if ! command -v openresty >/dev/null 2>&1 || [ ! -d '/usr/loca/openresty' ] then sudo apt-get install wget curl lua5.1 liblua5.1-0-dev zip unzip libreadline-dev libncurses5-dev libpcre3-dev openssl libssl-dev perl make build-essential -y cd .. wget https://openresty.org/download/openresty-$OPENRESTY_VERSION.tar.gz tar xvf openresty-$OPENRESTY_VERSION.tar.gz cd openresty-$OPENRESTY_VERSION ./configure make sudo make install cd .. rm -rf openresty-$OPENRESTY_VERSION* cd $INSTALL_DIR fi if ! command -v luarocks >/dev/null 2>&1 then sudo apt-get install wget curl lua5.1 liblua5.1-0-dev zip unzip libreadline-dev libncurses5-dev libpcre3-dev openssl libssl-dev perl make build-essential -y cd .. wget https://keplerproject.github.io/luarocks/releases/luarocks-$LUAROCKS_VERSION.tar.gz tar xvf luarocks-$LUAROCKS_VERSION.tar.gz cd luarocks-$LUAROCKS_VERSION ./configure make build sudo make install cd .. rm -rf luarocks-$LUAROCKS_VERSION* cd $INSTALL_DIR fi sudo luarocks install luacrypto # needed for lapis, but lapis doesn't install it sudo luarocks install lapis sudo luarocks install moonscript sudo luarocks install bcrypt sudo luarocks install lapis-console # not used yet, but I totally will # Certificate sudo nginx -s stop sudo certbot-auto certonly --standalone --agree-tos -m $EMAIL_ADDRESS -d $DOMAIN_NAME sudo nginx # Database access sudo -u postgres createuser simplex sudo -u postgres createdb simplex sudo -u postgres bash -c 'psql -c "ALTER USER simplex WITH ENCRYPTED PASSWORD '\'$POSTGRES_PASSWORD\''; GRANT ALL PRIVILEGES ON DATABASE simplex TO simplex;"' # Secrets setup echo "{ sql_password: '$POSTGRES_PASSWORD' session_secret: '$(cat /dev/urandom | head -c 12 | base64)' _domain: '$DOMAIN_NAME' _port: '$PORT' }" > ./secret.moon # Compile, Run migrations moonc . lapis migrate production # As-a-Service sudo echo "[Unit] Description=simplex server [Service] User=www-data Type=forking WorkingDirectory=$INSTALL_DIR ExecStart=$(which lapis) server production ExecReload=$(which lapis) build production ExecStop=$(which lapis) term [Install] WantedBy=multi-user.target" > /etc/systemd/system/simplex.service sudo systemctl daemon-reload sudo systemctl enable simplex.service # Proxy sudo echo "server { listen 443 ssl; server_name $DOMAIN_NAME; ssl_certificate /etc/letsencrypt/live/$DOMAIN_NAME/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN_NAME/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; ssl_dhparam $INSTALL_DIR/dhparams.pem; location / { proxy_pass http://127.0.0.1:$PORT } }" > /etc/nginx/sites-enabled/simplex-proxy.conf # Change owner, start service sudo chown -R www-data:www-data ./ sudo service simplex start