From f752df4bcaff914b4d0c7aa64a8471a6593e847b Mon Sep 17 00:00:00 2001 From: ntr Date: Mon, 15 Jul 2019 20:38:04 +1000 Subject: [PATCH] scripts --- Makefile | 12 ++- bin/clean.sh | 10 ++- bin/client.sh | 21 +++++ bin/install.sh | 80 +++++++++++++++++++ bin/{build.sh => server.sh} | 35 ++++---- client/package.json | 4 +- .../sites-available/mnml.gg.DEV.nginx.conf | 2 +- .../mnml.gg.PRODUCTION.nginx.conf | 53 ++++++------ etc/systemd/system/mnml.service | 8 +- server/src/main.rs | 4 +- 10 files changed, 176 insertions(+), 53 deletions(-) create mode 100755 bin/client.sh create mode 100755 bin/install.sh rename bin/{build.sh => server.sh} (72%) diff --git a/Makefile b/Makefile index 14271b1a..026a39d9 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ SHELL:=/bin/bash -all: mnml +all: install deps: ./bin/deps.sh @@ -8,8 +8,14 @@ deps: package: ./bin/package.sh -mnml: - ./bin/build.sh +install: + ./bin/install.sh + +server: + ./bin/server.sh + +client: + ./bin/client.sh clean: ./bin/clean.sh diff --git a/bin/clean.sh b/bin/clean.sh index 2ad64a89..c8f9bb95 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -4,5 +4,11 @@ DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) MNML_PATH=$(realpath "$DIR/../") -rm $MNML_PATH/etc/mnml.env -rm $MNML_PATH/server/.env +sudo rm -Rf /usr/local/mnml/ +sudo rm -Rf /var/lib/mnml/client +sudo rm -Rf /var/lib/mnml/public +sudo rm -Rf /etc/mnml/ +sudo rm -Rf /var/log/mnml + +sudo -u postgres dropdb mnml + diff --git a/bin/client.sh b/bin/client.sh new file mode 100755 index 00000000..0863ad08 --- /dev/null +++ b/bin/client.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# bless you chris and andy <3 +DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +MNML_PATH=$(realpath "$DIR/../") + +VERSION=$(<"$MNML_PATH/VERSION") + +echo "Building client version $VERSION" + +cd $MNML_PATH/client +rm -f "/var/lib/mnml/$VERSION" +rm -rf dist +npm run build + +echo "copying build to /var/lib/mnml/$VERSION" +cp -r dist "/var/lib/mnml/client/$VERSION" +echo "linking current version" +ln -nfs "/var/lib/mnml/client/$VERSION" /var/lib/mnml/public/current + +sudo service nginx restart diff --git a/bin/install.sh b/bin/install.sh new file mode 100755 index 00000000..8b98ee6f --- /dev/null +++ b/bin/install.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +# bless you chris and andy <3 +DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +MNML_PATH=$(realpath "$DIR/../") + +MNML_CONF="/etc/mnml/mnml.conf" + +if [ ! -f $MNML_CONF ]; then + echo "-----------------------------------------------" + echo "creating an env file in $MNML_CONF" + echo "-----------------------------------------------" + + sudo useradd mnml -U --password $(openssl rand -hex 16) + CURRENT_USER=$(whoami) + sudo usermod -aG mnml $CURRENT_USER + sudo mkdir -p /etc/mnml/ + echo "export MNML_USER=mnml" | sudo tee -a $MNML_CONF + echo "export MNML_PG_PASSWORD=\"$(openssl rand -hex 16)\"" | sudo tee -a $MNML_CONF + echo "export MNML_PG_HOST=\"localhost\"" | sudo tee -a $MNML_CONF + sudo chown -R mnml:mnml /etc/mnml/ +fi + +source $MNML_CONF + +# DIRECTORY SETUP + +# /var/lib/mnml +# contains img data, client builds +sudo mkdir -p /var/lib/mnml +sudo mkdir -p /var/lib/mnml/public/imgs +sudo mkdir -p /var/lib/mnml/client +sudo mkdir -p /var/lib/mnml/data + +sudo chmod -R g+w /var/lib/mnml +sudo chmod -R g+s /var/lib/mnml +sudo setfacl -d -m group:mnml:rwx /var/lib/mnml +sudo chown -R $MNML_USER:$MNML_USER /var/lib/mnml + +# /var/log/mnml +sudo mkdir -p /var/log/mnml +sudo chmod g+w /var/log/mnml +sudo chmod g+s /var/log/mnml +sudo setfacl -d -m group:mnml:rwx /var/log/mnml +sudo chown -R $MNML_USER:$MNML_USER /var/log/mnml + +# /usr/local/mnml +sudo mkdir -p /usr/local/mnml +sudo mkdir -p /usr/local/mnml + +sudo setfacl -d -m group:mnml:rwx /usr/local/mnml +sudo chmod -R g+w /usr/local/mnml +sudo chmod -R g+s /usr/local/mnml +sudo chown -R $MNML_USER:$MNML_USER /usr/local/mnml + +# SERVICES +sudo mkdir -p /usr/local/systemd/system/ +sudo cp $MNML_PATH/etc/systemd/system/mnml.service /usr/local/systemd/system/ + +# POSTGRES SETUP +sudo -u postgres createdb mnml +sudo -u postgres createuser --encrypted mnml + +echo "DATABASE_URL=postgres://mnml:$MNML_PG_PASSWORD@$MNML_PG_HOST/mnml" | sudo tee -a /etc/mnml/server.conf +sudo -u postgres psql -c "alter user mnml with encrypted password '$MNML_PG_PASSWORD';" + +cd $MNML_PATH/ops && npm run migrate + +# NGINX +if [ ! -f $MNML_PATH/etc/nginx/sites-available/mnml.gg.nginx.conf ]; then + echo "-----------------------------------------------" + echo "using development nginx config" + echo "$MNML_PATH/etc/nginx/sites-available/mnml.gg.nginx.conf" + echo "-----------------------------------------------" + + cp $MNML_PATH/etc/nginx/sites-available/mnml.gg.DEV.nginx.conf $MNML_PATH/etc/nginx/sites-available/mnml.gg.nginx.conf +fi + +sudo cp $MNML_PATH/etc/nginx/sites-available/mnml.gg.nginx.conf /etc/nginx/sites-available +sudo ln -nfs /etc/nginx/sites-available/mnml.gg.nginx.conf /etc/nginx/sites-enabled/mnml.gg.nginx.conf diff --git a/bin/build.sh b/bin/server.sh similarity index 72% rename from bin/build.sh rename to bin/server.sh index 9615431d..9dc1e06f 100755 --- a/bin/build.sh +++ b/bin/server.sh @@ -4,38 +4,46 @@ DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) MNML_PATH=$(realpath "$DIR/../") -if [ ! -f $MNML_PATH/etc/mnml.env ]; then +MNML_CONF="/etc/mnml/mnml.conf" + +if [ ! -f $MNML_CONF ]; then echo "-----------------------------------------------" - echo "creating an env file in $MNML_PATH/etc/mnml.env" + echo "creating an env file in $MNML_CONF" echo "-----------------------------------------------" - echo "export MNML_USER=\"$(whoami)\"" >> $MNML_PATH/etc/mnml.env - echo "export MNML_PG_PASSWORD=\"$(openssl rand -hex 16)\"" >> $MNML_PATH/etc/mnml.env - echo "export MNML_PG_HOST=\"localhost\"" >> $MNML_PATH/etc/mnml.env + sudo mkdir -p /etc/mnml/ + sudo chown mnml: + echo "export MNML_USER=mnml" >> $MNML_CONF + echo "export MNML_PG_PASSWORD=\"$(openssl rand -hex 16)\"" >> $MNML_CONF + echo "export MNML_PG_HOST=\"localhost\"" >> $MNML_CONF fi -source $MNML_PATH/etc/mnml.env +source $MNML_CONF + +sudo adduser $MNML_USER # DIRECTORY SETUP -sudo mkdir -p /opt/mnml -sudo chown $MNML_USER: /opt/mnml +# /var/lib/mnml +# contains img data, client builds sudo mkdir -p /var/lib/mnml -sudo chown $MNML_USER: /var/lib/mnml -mkdir -p /var/lib/mnml/public mkdir -p /var/lib/mnml/public/imgs mkdir -p /var/lib/mnml/data +sudo chown -R $MNML_USER: /var/lib/mnml +# /var/log/mnml sudo mkdir -p /var/log/mnml -sudo chown $MNML_USER: /var/log/mnml +sudo chown -R $MNML_USER: /var/log/mnml -sudo ln -nfs $MNML_PATH/current /opt/mnml +# /usr/local/mnml +sudo mkdir -p /usr/local/mnml +sudo mkdir -p /usr/local/mnml +sudo chown -R $MNML_USER: /usr/local/mnml # SERVICES sudo cp $MNML_PATH/etc/systemd/system/mnml.service /etc/systemd/system # POSTGRES SETUP -sudo -u postgres dropdb mnml sudo -u postgres createdb mnml sudo -u postgres createuser --encrypted mnml @@ -46,7 +54,6 @@ sudo -u postgres psql -c "alter user mnml with encrypted password '$MNML_PG_PASS cd $MNML_PATH/ops && npm run migrate # RUST SETUP -echo "DATABASE_URL=postgres://mnml:$MNML_PG_PASSWORD@$MNML_PG_HOST/mnml" > $MNML_PATH/server/.env # cargo build # cp -r $MNML_PATH/server/target/release /opt/mnml/bin diff --git a/client/package.json b/client/package.json index 4f9327d6..2182bf77 100644 --- a/client/package.json +++ b/client/package.json @@ -4,9 +4,9 @@ "description": "", "main": "index.js", "scripts": { - "start": "parcel watch index.html --out-dir /var/lib/mnml/public/dist", + "start": "parcel watch index.html --out-dir /var/lib/mnml/public/current", "anims": "parcel animations.html --host 0.0.0.0 --port 40080 --no-source-maps", - "build": "parcel build index.html --out-dir /var/lib/mnml/public/dist", + "build": "parcel build index.html", "scss": "node-sass --watch assets/scss -o assets/styles", "lint": "eslint --fix --ext .jsx src/", "test": "echo \"Error: no test specified\" && exit 1" diff --git a/etc/nginx/sites-available/mnml.gg.DEV.nginx.conf b/etc/nginx/sites-available/mnml.gg.DEV.nginx.conf index 19fe416b..dc7c219d 100644 --- a/etc/nginx/sites-available/mnml.gg.DEV.nginx.conf +++ b/etc/nginx/sites-available/mnml.gg.DEV.nginx.conf @@ -17,7 +17,7 @@ map $http_upgrade $connection_upgrade { # DEV server { location / { - root /var/lib/mnml/public/dist; + root /var/lib/mnml/public/current; index index.html; try_files $uri $uri/ index.html; } diff --git a/etc/nginx/sites-available/mnml.gg.PRODUCTION.nginx.conf b/etc/nginx/sites-available/mnml.gg.PRODUCTION.nginx.conf index f80ca78e..c0d87358 100644 --- a/etc/nginx/sites-available/mnml.gg.PRODUCTION.nginx.conf +++ b/etc/nginx/sites-available/mnml.gg.PRODUCTION.nginx.conf @@ -1,48 +1,51 @@ -error_log /var/log/mnml/nginx.error.log; -access_log /var/log/mnml/nginx.access.log; +error_log /var/log/mnml/nginx.log debug; -upstream mnml { +upstream mnml_http { server 127.0.0.1:40000; } +upstream mnml_ws { + server 127.0.0.1:40055; +} + + map $http_upgrade $connection_upgrade { default upgrade; '' close; } -# PRODUCTION +# DEV server { - root /var/lib/mnml/public/; - index index.html; - - server_name mnml.gg; # managed by Certbot - - if ($host = minimal.gg) { - return 301 https://mnml.gg$request_uri; - } # managed by Certbot - - if ($host = cryps.gg) { - return 301 https://mnml.gg$request_uri; - } # managed by Certbot - location / { + root /var/lib/mnml/public/current; + index index.html; + try_files $uri $uri/ index.html; + } + + location /imgs/ { + root /var/lib/mnml/public/; try_files $uri $uri/ =404; } + location /api/ws { + proxy_pass http://mnml_ws; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_read_timeout 600s; + } + + location /api/ { + proxy_pass http://mnml_http; + proxy_read_timeout 600s; + } + listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/mnml.gg/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mnml.gg/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - location /ws { - proxy_pass http://mnml; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_read_timeout 600s; - } } # http -> https diff --git a/etc/systemd/system/mnml.service b/etc/systemd/system/mnml.service index f5f66fd2..1b60ed47 100644 --- a/etc/systemd/system/mnml.service +++ b/etc/systemd/system/mnml.service @@ -1,10 +1,10 @@ [Unit] -Description=OpenBSD Secure Shell server -After=network.target auditd.service -ConditionPathExists=!/etc/ssh/sshd_not_to_be_run +Description=mnml game server +After=postgresql +User=mnml [Service] -ExecStart=/opt/mnml/bin/mnml +ExecStart=/usr/local/mnml/bin/mnml KillMode=process Restart=on-failure RestartPreventExitStatus=255 diff --git a/server/src/main.rs b/server/src/main.rs index 47d2f8d1..22f0bf2c 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -52,7 +52,7 @@ mod ws; use std::thread::{sleep, spawn}; use std::time::{Duration}; -use dotenv::dotenv; +use std::path::{Path}; use pubsub::pg_listen; use warden::warden; @@ -78,7 +78,7 @@ fn setup_logger() -> Result<(), fern::InitError> { } fn main() { - dotenv().ok(); + dotenv::from_path(Path::new("/etc/mnml/server.conf")).ok(); setup_logger().unwrap(); let pool = pg::create_pool();