Infrastructure audit revealed services running in production with no
corresponding deploy scripts. Closes#11.
- sing-box: server + client deploy scripts. Config generated by sing-box-yg
(https://github.com/yonggekkk/sing-box-yg), stored in infra for recovery.
- tnt: terminal chat server via official install.sh; proper systemd unit
with unprivileged user and security hardening.
- minio: single-binary install from dl.min.io; minio-user, /etc/default/minio.
- galene: binary install from GitHub releases; configurable UDP range for WebRTC.
- frp/server: add FRP_WEB_USER to .env.example and frps.toml.example;
fix hardcoded "root" username in web dashboard config.
- services/forgejo/deploy.sh: deploys Forgejo via Docker to /opt/frp,
sets up nginx vhost, optionally installs GitHub mirror sync cron
- services/forgejo/{.env.example,docker-compose.yml,nginx.conf.example}:
bundled templates following find_template pattern (INFRA_DIR override)
- services/nginx/deploy.sh: fix bare envsubst clobbering nginx $vars
(e.g. $host, $uri) by scoping substitution to known domain vars only
source without set -a sets vars in current shell but does not export them.
Child processes like envsubst cannot see unexported vars, causing all
template substitutions to produce empty strings.
Fix: set -a before source, set +a after — auto-exports every assigned var.
Deploy scripts now look for templates in INFRA_DIR first, then fall back
to the bundled copies in automa. This makes automa fully self-contained:
a .env with filled values is all that is needed — no infra checkout required.
Bundle: config.json.example, privoxy.conf.example, shadowsocks-client.service,
shadowsocks-rust.service, frps.toml.example, frps.service,
frpc.toml.example, frpc.service
Resolves bootstrapping deadlock where downloading sslocal requires internet
access via the very proxy being deployed. Also handles distros (Arch) where
shadowsocks-rust is installed via package manager to /usr/bin instead of
/usr/local/bin.
Priority:
1. /usr/local/bin/sslocal exists → skip download
2. sslocal found in PATH elsewhere → symlink to /usr/local/bin/sslocal
3. not found → download from GitHub releases
Same logic applied to ssserver-rust in server/deploy.sh.
Also: stop conflicting shadowsocks.service before starting shadowsocks-client,
and detect pacman vs apt for privoxy install.
Discovers all deployable modules from services/ automatically.
Grouped menu by role (vps / homeserver / any) with descriptions.
Env resolution priority:
1. pre-filled .env in local infra checkout (--infra-dir)
2. .env.example from infra (interactive fill)
3. .env.example bundled in automa (interactive fill, no infra needed)
Usage:
./setup.sh # fully interactive
./setup.sh --infra-dir /path/to/infra # use pre-filled .env files
./setup.sh --dry-run # preview without deploying
Also add .env.example with role/description metadata to each service
module so setup.sh can build the menu and prompt for values without
requiring an infra checkout.
