From 50ced5b0296d8bbcfccdecc528b8850afc8f79f0 Mon Sep 17 00:00:00 2001
From: Evan <evanpelle@gmail.com>
Date: Thu, 17 Apr 2025 14:00:25 -0700
Subject: [PATCH] deploy using openfront user instead of root

---
 deploy.sh   | 24 +++++++-------
 example.env | 30 ++++++++++-------
 setup.sh    | 93 +++++++++++++++++++++++++++++++++++++++--------------
 update.sh   |  8 +++--
 4 files changed, 103 insertions(+), 52 deletions(-)

diff --git a/deploy.sh b/deploy.sh
index 0f5e53f0c..cb7bcc741 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -31,6 +31,7 @@ REGION=$1
 VERSION_TAG="latest"
 DOCKER_REPO=""
 ENV=""
+SSH_KEY=""
 
 # Set environment-specific variables
 if [ "$REGION" == "staging" ]; then
@@ -38,15 +39,18 @@ if [ "$REGION" == "staging" ]; then
     SERVER_HOST=$SERVER_HOST_STAGING
     DOCKER_REPO=$DOCKER_REPO_STAGING
     ENV="staging"
+    SSH_KEY=$SSH_KEY_STAGING
 elif [ "$REGION" == "us" ]; then
     print_header "DEPLOYING TO US ENVIRONMENT"
     SERVER_HOST=$SERVER_HOST_US
     DOCKER_REPO=$DOCKER_REPO_PROD  # Uses prod Docker repo for alt environment
+    SSH_KEY=$SSH_KEY_PROD
     ENV="prod"
 else
     print_header "DEPLOYING TO EU ENVIRONMENT"
     SERVER_HOST=$SERVER_HOST_EU
     DOCKER_REPO=$DOCKER_REPO_PROD
+    SSH_KEY=$SSH_KEY_PROD
     ENV="prod"
 fi
 
@@ -57,10 +61,11 @@ if [ -z "$SERVER_HOST" ]; then
 fi
 
 # Configuration
-SSH_KEY=${SSH_KEY:-"~/.ssh/id_rsa"}      # Use default or override from .env
 DOCKER_USERNAME=${DOCKER_USERNAME} # Docker Hub username
 UPDATE_SCRIPT="./update.sh"                    # Path to your update script
-REMOTE_UPDATE_SCRIPT="/root/update-openfront.sh"  # Where to place the script on server
+REMOTE_USER="openfront"                        
+REMOTE_UPDATE_PATH="/home/$REMOTE_USER"        
+REMOTE_UPDATE_SCRIPT="$REMOTE_UPDATE_PATH/update-openfront.sh"  # Where to place the script on server
 
 # Check if update script exists
 if [ ! -f "$UPDATE_SCRIPT" ]; then
@@ -90,28 +95,23 @@ if [ $? -ne 0 ]; then
     exit 1
 fi
 
-if [ $? -ne 0 ]; then
-    echo "❌ Failed to push image to Docker Hub. Stopping deployment."
-    exit 1
-fi
-
 echo "✅ Docker image built and pushed successfully."
 
 # Step 2: Copy update script to Hetzner server
 print_header "STEP 2: Copying update script to server"
-echo "Target: $SERVER_HOST"
+echo "Target: $REMOTE_USER@$SERVER_HOST"
 
 # Make sure the update script is executable
 chmod +x $UPDATE_SCRIPT
 
 # Copy the update script to the server
-scp -i $SSH_KEY $UPDATE_SCRIPT $SERVER_HOST:$REMOTE_UPDATE_SCRIPT
+scp -i $SSH_KEY $UPDATE_SCRIPT $REMOTE_USER@$SERVER_HOST:$REMOTE_UPDATE_SCRIPT
 
 # Copy environment variables if needed
 if [ -f .env ]; then
-    scp -i $SSH_KEY .env $SERVER_HOST:/root/.env
+    scp -i $SSH_KEY .env $REMOTE_USER@$SERVER_HOST:$REMOTE_UPDATE_PATH/.env
     # Secure the .env file
-    ssh -i $SSH_KEY $SERVER_HOST "chmod 600 /root/.env"
+    ssh -i $SSH_KEY $REMOTE_USER@$SERVER_HOST "chmod 600 $REMOTE_UPDATE_PATH/.env"
 fi
 
 if [ $? -ne 0 ]; then
@@ -125,7 +125,7 @@ echo "✅ Update script successfully copied to server."
 print_header "STEP 3: Executing update script on server"
 
 # Make the script executable on the remote server and execute it with the environment parameter
-ssh -i $SSH_KEY $SERVER_HOST "chmod +x $REMOTE_UPDATE_SCRIPT && $REMOTE_UPDATE_SCRIPT $REGION $DOCKER_USERNAME $DOCKER_REPO"
+ssh -i $SSH_KEY $REMOTE_USER@$SERVER_HOST "chmod +x $REMOTE_UPDATE_SCRIPT && $REMOTE_UPDATE_SCRIPT $REGION $DOCKER_USERNAME $DOCKER_REPO"
 
 if [ $? -ne 0 ]; then
     echo "❌ Failed to execute update script on server."
diff --git a/example.env b/example.env
index 200f08507..1be8f5410 100644
--- a/example.env
+++ b/example.env
@@ -1,14 +1,20 @@
-# AWS Configuration
-AWS_REGION=region-name
-AWS_ACCOUNT_ID=your-account-id
+# Server Configuration
+SERVER_HOST_STAGING=xxx.xxx.xx.xxx
+SERVER_HOST_EU=xxx.xxx.xxx.xxx
+SERVER_HOST_US=x.xxx.xxx.xxx
+SSH_KEY_STAGING=~/.ssh/your-staging-key
+SSH_KEY_PROD=~/.ssh/your-prod-key
 
-# ECR (Elastic Container Registry)
-ECR_REPO_NAME=your-repo-name
+# Docker Configuration
+DOCKER_USERNAME=username
+DOCKER_REPO_PROD=your-prod-repo
+DOCKER_REPO_STAGING=your-staging-repo
+DOCKER_TOKEN=your_docker_token
 
-# EC2 Deployment Hosts
-EC2_HOST_STAGING=ec2-user@your-staging-ip
-EC2_HOST_PROD=ec2-user@your-production-ip
-EC2_KEY=~/.ssh/your-key-file.pem
-
-# Application Secrets
-ADMIN_TOKEN=your-admin-token
\ No newline at end of file
+# Admin credentials
+ADMIN_TOKEN=your_admin_token
+R2_ACCESS_KEY=your_r2_access_key
+R2_SECRET_KEY=your_r2_secret_key
+R2_ACCOUNT_ID=your_r2_account_id
+R2_PROD_BUCKET=your-prod-bucket
+R2_STAGING_BUCKET=your-staging-bucket
\ No newline at end of file
diff --git a/setup.sh b/setup.sh
index d8e5d489d..926b11768 100644
--- a/setup.sh
+++ b/setup.sh
@@ -1,37 +1,80 @@
 #!/bin/bash
-# Comprehensive setup script for Hetzner server with Docker and Cloudflare R2 configuration
-
+# Comprehensive setup script for Hetzner server with Docker and user setup
 # Exit on error
 set -e
 
+echo "====================================================="
+echo "🚀 STARTING SERVER SETUP"
+echo "====================================================="
+
 echo "🔄 Updating system..."
 apt update && apt upgrade -y
 
-echo "🐳 Installing Docker..."
-# Install Docker using official script
-curl -fsSL https://get.docker.com -o get-docker.sh
-sh get-docker.sh
-systemctl enable --now docker
+# Check if Docker is already installed
+if command -v docker &> /dev/null; then
+    echo "Docker is already installed"
+else
+    echo "🐳 Installing Docker..."
+    # Install Docker using official script
+    curl -fsSL https://get.docker.com -o get-docker.sh
+    sh get-docker.sh
+    systemctl enable --now docker
+    echo "Docker installed successfully"
+fi
 
-# Set up Docker Hub credentials
-echo "🔐 Setting up Docker Hub login..."
-echo "Enter your Docker Hub username:"
-read DOCKER_USERNAME
-echo "Enter your Docker Hub password/token:"
-read -s DOCKER_PASSWORD
-echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
-echo "✅ Docker Hub login configured"
+echo "👤 Setting up openfront user..."
+# Create openfront user if it doesn't exist
+if id "openfront" &>/dev/null; then
+    echo "User openfront already exists"
+else
+    useradd -m -s /bin/bash openfront
+    echo "User openfront created"
+fi
 
-echo "🔄 Installing Node Exporter..."
+# Check if openfront is already in docker group
+if groups openfront | grep -q '\bdocker\b'; then
+    echo "User openfront is already in the docker group"
+else
+    # Add openfront to docker group
+    usermod -aG docker openfront
+    echo "Added openfront to docker group"
+fi
 
-docker run -d --name node-exporter --restart=unless-stopped \
-  --net="host" \
-  --pid="host" \
-  -v "/:/host:ro,rslave" \
-  prom/node-exporter:latest \
-  --path.rootfs=/host
+# Create .ssh directory for openfront if it doesn't exist
+if [ ! -d "/home/openfront/.ssh" ]; then
+    mkdir -p /home/openfront/.ssh
+    chmod 700 /home/openfront/.ssh
+    echo "Created .ssh directory for openfront"
+fi
 
-echo "node-exporter installed"
+# Copy SSH keys from root if they exist and haven't been copied yet
+if [ -f /root/.ssh/authorized_keys ] && [ ! -f /home/openfront/.ssh/authorized_keys ]; then
+    cp /root/.ssh/authorized_keys /home/openfront/.ssh/
+    chmod 600 /home/openfront/.ssh/authorized_keys
+    echo "SSH keys copied from root to openfront"
+fi
 
-echo "🎉 Setup complete! You can find helpful Docker and R2 commands in ~/docker-commands.sh"
-echo "Test your R2 connection: aws s3 ls --profile r2"
\ No newline at end of file
+# Check if node-exporter container already exists
+if docker ps -a | grep -q "node-exporter"; then
+    echo "Node Exporter is already installed"
+else
+    echo "🔄 Installing Node Exporter..."
+    docker run -d --name node-exporter --restart=unless-stopped \
+      --net="host" \
+      --pid="host" \
+      -v "/:/host:ro,rslave" \
+      prom/node-exporter:latest \
+      --path.rootfs=/host
+    echo "Node Exporter installed successfully"
+fi
+
+# Set proper ownership for openfront's home directory
+chown -R openfront:openfront /home/openfront
+echo "Set proper ownership for openfront's home directory"
+
+echo "====================================================="
+echo "🎉 SETUP COMPLETE!"
+echo "====================================================="
+echo "The openfront user has been set up and has Docker permissions."
+echo "You can now deploy using the openfront user."
+echo "====================================================="
\ No newline at end of file
diff --git a/update.sh b/update.sh
index f66390d1a..8aea4b024 100755
--- a/update.sh
+++ b/update.sh
@@ -26,11 +26,13 @@ echo "Container name: ${CONTAINER_NAME}"
 echo "Docker image: ${FULL_IMAGE_NAME}"
 
 # Load environment variables if .env exists
-if [ -f /root/.env ]; then
+if [ -f /home/openfront/.env ]; then
   echo "Loading environment variables from .env file..."
-  export $(grep -v '^#' /root/.env | xargs)
+  export $(grep -v '^#' /home/openfront/.env | xargs)
 fi
 
+docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
+
 # Install Loki Docker plugin if not already installed
 if ! docker plugin ls | grep -q "loki"; then
   echo "Installing Loki Docker plugin..."
@@ -99,7 +101,7 @@ docker run -d -p 80:80 -p 127.0.0.1:9090:9090 \
   --log-opt loki-external-labels="job=docker,environment=${ENV},host=${REGION},region=${REGION}" \
   --env GAME_ENV=${ENV} \
   --env REGION=${REGION} \
-  --env-file /root/.env \
+  --env-file /home/openfront/.env \
   --name ${CONTAINER_NAME} \
   $FULL_IMAGE_NAME