mirror of
https://github.com/m1ngsama/automa.git
synced 2026-03-25 18:23:49 +00:00
m1ngsama
b91512e97f
Infrastructure audit revealed services running in production with no corresponding deploy scripts. Closes #11. - sing-box: server + client deploy scripts. Config generated by sing-box-yg (https://github.com/yonggekkk/sing-box-yg), stored in infra for recovery. - tnt: terminal chat server via official install.sh; proper systemd unit with unprivileged user and security hardening. - minio: single-binary install from dl.min.io; minio-user, /etc/default/minio. - galene: binary install from GitHub releases; configurable UDP range for WebRTC. - frp/server: add FRP_WEB_USER to .env.example and frps.toml.example; fix hardcoded "root" username in web dashboard config.
77 lines
2.4 KiB
Bash
Executable file
77 lines
2.4 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Deploys sing-box proxy server on VPS.
|
|
#
|
|
# Config generated by https://github.com/yonggekkk/sing-box-yg — run that
|
|
# script once interactively to create /etc/s-box/sb.json, certs, and keys.
|
|
# Then commit the generated files into infra for future re-deployment.
|
|
#
|
|
# Usage: INFRA_DIR=/path/to/infra/services/sing-box/server ./deploy.sh
|
|
|
|
set -euo pipefail
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
source "$SCRIPT_DIR/../../../bin/lib/common.sh"
|
|
|
|
ENV_FILE="${INFRA_DIR:-.}/.env"
|
|
[ -f "$ENV_FILE" ] || { log_error "No .env found at $ENV_FILE"; exit 1; }
|
|
set -a; source "$ENV_FILE"; set +a
|
|
|
|
require_env SING_BOX_VERSION
|
|
|
|
INSTALL_DIR="/etc/s-box"
|
|
BIN="$INSTALL_DIR/sing-box"
|
|
|
|
if [[ -x "$BIN" ]]; then
|
|
log_info "sing-box already at $BIN, skipping download"
|
|
else
|
|
log_info "Downloading sing-box ${SING_BOX_VERSION}..."
|
|
ARCH="$(uname -m)"
|
|
case "$ARCH" in
|
|
x86_64) ARCH="amd64" ;;
|
|
aarch64) ARCH="arm64" ;;
|
|
*) log_error "Unsupported arch: $ARCH"; exit 1 ;;
|
|
esac
|
|
URL="https://github.com/SagerNet/sing-box/releases/download/v${SING_BOX_VERSION}/sing-box-${SING_BOX_VERSION}-linux-${ARCH}.tar.gz"
|
|
TMP="$(mktemp -d)"
|
|
wget -qO "$TMP/sing-box.tar.gz" "$URL"
|
|
tar -xf "$TMP/sing-box.tar.gz" -C "$TMP"
|
|
mkdir -p "$INSTALL_DIR"
|
|
install -m 755 "$TMP/sing-box-${SING_BOX_VERSION}-linux-${ARCH}/sing-box" "$BIN"
|
|
rm -rf "$TMP"
|
|
fi
|
|
|
|
log_info "Deploying config from INFRA_DIR..."
|
|
for f in sb.json cert.pem private.key public.key; do
|
|
src="${INFRA_DIR}/$f"
|
|
if [[ -f "$src" ]]; then
|
|
cp "$src" "$INSTALL_DIR/$f"
|
|
log_info " copied $f"
|
|
fi
|
|
done
|
|
|
|
log_info "Installing systemd service..."
|
|
cat > /etc/systemd/system/sing-box.service <<'EOF'
|
|
[Unit]
|
|
After=network.target nss-lookup.target
|
|
|
|
[Service]
|
|
User=root
|
|
WorkingDirectory=/root
|
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
|
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
|
|
ExecStart=/etc/s-box/sing-box run -c /etc/s-box/sb.json
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
Restart=on-failure
|
|
RestartSec=10
|
|
LimitNOFILE=infinity
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable --now sing-box
|
|
|
|
log_info "sing-box server deployed"
|
|
echo ""
|
|
echo "Note: initial config must be generated via sing-box-yg:"
|
|
echo " bash <(curl -Ls https://raw.githubusercontent.com/yonggekkk/sing-box-yg/main/sb.sh)"
|