Infrastructure audit revealed services running in production with no
corresponding deploy scripts. Closes#11.
- sing-box: server + client deploy scripts. Config generated by sing-box-yg
(https://github.com/yonggekkk/sing-box-yg), stored in infra for recovery.
- tnt: terminal chat server via official install.sh; proper systemd unit
with unprivileged user and security hardening.
- minio: single-binary install from dl.min.io; minio-user, /etc/default/minio.
- galene: binary install from GitHub releases; configurable UDP range for WebRTC.
- frp/server: add FRP_WEB_USER to .env.example and frps.toml.example;
fix hardcoded "root" username in web dashboard config.
- services/forgejo/deploy.sh: deploys Forgejo via Docker to /opt/frp,
sets up nginx vhost, optionally installs GitHub mirror sync cron
- services/forgejo/{.env.example,docker-compose.yml,nginx.conf.example}:
bundled templates following find_template pattern (INFRA_DIR override)
- services/nginx/deploy.sh: fix bare envsubst clobbering nginx $vars
(e.g. $host, $uri) by scoping substitution to known domain vars only
source without set -a sets vars in current shell but does not export them.
Child processes like envsubst cannot see unexported vars, causing all
template substitutions to produce empty strings.
Fix: set -a before source, set +a after — auto-exports every assigned var.
Deploy scripts now look for templates in INFRA_DIR first, then fall back
to the bundled copies in automa. This makes automa fully self-contained:
a .env with filled values is all that is needed — no infra checkout required.
Bundle: config.json.example, privoxy.conf.example, shadowsocks-client.service,
shadowsocks-rust.service, frps.toml.example, frps.service,
frpc.toml.example, frpc.service
Resolves bootstrapping deadlock where downloading sslocal requires internet
access via the very proxy being deployed. Also handles distros (Arch) where
shadowsocks-rust is installed via package manager to /usr/bin instead of
/usr/local/bin.
Priority:
1. /usr/local/bin/sslocal exists → skip download
2. sslocal found in PATH elsewhere → symlink to /usr/local/bin/sslocal
3. not found → download from GitHub releases
Same logic applied to ssserver-rust in server/deploy.sh.
Also: stop conflicting shadowsocks.service before starting shadowsocks-client,
and detect pacman vs apt for privoxy install.
Discovers all deployable modules from services/ automatically.
Grouped menu by role (vps / homeserver / any) with descriptions.
Env resolution priority:
1. pre-filled .env in local infra checkout (--infra-dir)
2. .env.example from infra (interactive fill)
3. .env.example bundled in automa (interactive fill, no infra needed)
Usage:
./setup.sh # fully interactive
./setup.sh --infra-dir /path/to/infra # use pre-filled .env files
./setup.sh --dry-run # preview without deploying
Also add .env.example with role/description metadata to each service
module so setup.sh can build the menu and prompt for values without
requiring an infra checkout.
- Add prerequisite checks before backup operations
- Validate container status before attempting backups
- Load .env file for database credentials (security improvement)
- Remove hardcoded default password from Nextcloud backup
- Use centralized config for container names
- Add --single-transaction flag for database dumps
- Improve cleanup with better reporting of removed files
- Add help command and environment variable documentation
- Add config.sh with centralized container names and ports
- Update healthcheck.sh to use config variables (avoid hardcoding)
- Add health check targets to Makefile (health, health-*)
- Add backup utility targets to Makefile (backup, backup-*)
- Reorganize Makefile help output by service category
Standardize shebang to #!/usr/bin/env bash
Add descriptive headers to all scripts
Make all scripts executable
Consistent with Unix best practices:
- Portable shebang usage
- Self-documenting code
- Proper file permissions
Add healthcheck.sh for service status monitoring
- Check container health and port accessibility
- Support individual service or all-services check
Add backup.sh for data protection
- Backup service data and configurations
- List existing backups
- Cleanup old backups with retention policy
Unix philosophy: small sharp tools that do one thing well
Provide consistent interface for all operations
Simplify common tasks across services
Support both individual and batch operations
Unix philosophy: composable tools with standard interface
Make targets: help, status, up, down, logs, restart per service
Document project philosophy and structure
Provide clear usage instructions for all services
Follow documentation-as-code principle
Unix philosophy: be clear about what tools do
