Infrastructure audit revealed services running in production with no
corresponding deploy scripts. Closes#11.
- sing-box: server + client deploy scripts. Config generated by sing-box-yg
(https://github.com/yonggekkk/sing-box-yg), stored in infra for recovery.
- tnt: terminal chat server via official install.sh; proper systemd unit
with unprivileged user and security hardening.
- minio: single-binary install from dl.min.io; minio-user, /etc/default/minio.
- galene: binary install from GitHub releases; configurable UDP range for WebRTC.
- frp/server: add FRP_WEB_USER to .env.example and frps.toml.example;
fix hardcoded "root" username in web dashboard config.
source without set -a sets vars in current shell but does not export them.
Child processes like envsubst cannot see unexported vars, causing all
template substitutions to produce empty strings.
Fix: set -a before source, set +a after — auto-exports every assigned var.
Deploy scripts now look for templates in INFRA_DIR first, then fall back
to the bundled copies in automa. This makes automa fully self-contained:
a .env with filled values is all that is needed — no infra checkout required.
Bundle: config.json.example, privoxy.conf.example, shadowsocks-client.service,
shadowsocks-rust.service, frps.toml.example, frps.service,
frpc.toml.example, frpc.service
Discovers all deployable modules from services/ automatically.
Grouped menu by role (vps / homeserver / any) with descriptions.
Env resolution priority:
1. pre-filled .env in local infra checkout (--infra-dir)
2. .env.example from infra (interactive fill)
3. .env.example bundled in automa (interactive fill, no infra needed)
Usage:
./setup.sh # fully interactive
./setup.sh --infra-dir /path/to/infra # use pre-filled .env files
./setup.sh --dry-run # preview without deploying
Also add .env.example with role/description metadata to each service
module so setup.sh can build the menu and prompt for values without
requiring an infra checkout.
