applications/redroid-mrnumber
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(deploy): target the box over WG mesh (10.9.0.6), add ProxyJump support

Browse source 
The box's services are mesh-bound and its public :22 is firewalled, so deploy-service.sh
now targets root@10.9.0.6 (the box's WG leg) with optional MRNUMBER_DEPLOY_JUMP for a
ProxyJump chain. Prospector MRNUMBER_BASE_URL corrected to http://10.9.0.6:8787 (was a
wrong VPC guess). Requires the box to be ON the mesh — see deploy header.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Natalie 2026-06-29 17:31:54 -04:00
parent c5c124faa1
commit 9029f3789c
3 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -105,7 +105,7 @@ container so adb is local), bound `0.0.0.0:8787`. Deploy from here:
```bash
deploy/deploy-service.sh # scp service+client to /opt, install unit, restart
# then on the box fill /etc/mr-number-service.env (tokens), and point Prospector at:
# MRNUMBER_BASE_URL=http://10.20.0.4:8787 (box VPC)
# MRNUMBER_BASE_URL=http://10.9.0.6:8787 (box WG mesh leg)
```
**Local dev (plum):**
```bash

13
deploy/deploy-service.sh
View file

@ -10,10 +10,15 @@
# /etc/mr-number-service.env (tokens). It does NOT mint tokens.
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
HOST="${MRNUMBER_DEPLOY_HOST:-root@45.55.191.82}"
# The box's services are mesh-bound (public :22 is firewalled). Reach it over WG at
# 10.9.0.6 — REQUIRES the box to be on the mesh (it rejoins via phase-b-mesh-join.sh;
# if `wg show` on the hub shows a stale handshake, fix that first). Override HOST/JUMP
# for the public path or a ProxyJump chain (e.g. MRNUMBER_DEPLOY_JUMP=root@<yuzu>,root@<lime>).
HOST="${MRNUMBER_DEPLOY_HOST:-root@10.9.0.6}"
KEY="${MRNUMBER_DEPLOY_KEY:-$HOME/.ssh/id_ed25519_1984}"
SSH=(ssh -i "$KEY" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15 "$HOST")
SCP=(scp -i "$KEY" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15)
JUMP_OPT=(); [ -n "${MRNUMBER_DEPLOY_JUMP:-}" ] && JUMP_OPT=(-J "$MRNUMBER_DEPLOY_JUMP")
SSH=(ssh -i "$KEY" "${JUMP_OPT[@]}" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15 "$HOST")
SCP=(scp -i "$KEY" "${JUMP_OPT[@]}" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15)
DEST=/opt/mr-number-service
echo "[mr-number] verifying box prerequisites…"
@ -69,4 +74,4 @@ echo "[mr-number] (re)starting mr-number-service…"
echo " tokens not filled in /etc/mr-number-service.env — NOT enabling (would crashloop). Fill them, then: systemctl enable --now mr-number-service"
fi
'
echo "[mr-number] done. Prospector → MRNUMBER_BASE_URL=http://10.20.0.4:8787 (box VPC) or http://45.55.191.82:8787."
echo "[mr-number] done. Prospector → MRNUMBER_BASE_URL=http://10.9.0.6:8787 (box WG mesh leg)."

2
deploy/install.sh
View file

@ -84,7 +84,7 @@ cat <<EOS
[mr-number] trigger service (prod) deploys to the redroid box, not plum:
• fill tokens on the box: /etc/mr-number-service.env (MRNUMBER_SERVICE_TOKEN, PEOPLE_SERVICE_TOKEN)
• deploy: $ROOT/deploy/deploy-service.sh
• Prospector → MRNUMBER_BASE_URL=http://10.20.0.4:8787 (box VPC)
• Prospector → MRNUMBER_BASE_URL=http://10.9.0.6:8787 (box mesh leg)
Local dev on plum: cd $ROOT/service && ./run (loads ~/.config/cocotte-secrets/*)
EOS