applications/redroid-mrnumber
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
redroid-mrnumber/deploy/deploy-service.sh
Natalie 9029f3789c fix(deploy): target the box over WG mesh (10.9.0.6), add ProxyJump support 
The box's services are mesh-bound and its public :22 is firewalled, so deploy-service.sh
now targets root@10.9.0.6 (the box's WG leg) with optional MRNUMBER_DEPLOY_JUMP for a
ProxyJump chain. Prospector MRNUMBER_BASE_URL corrected to http://10.9.0.6:8787 (was a
wrong VPC guess). Requires the box to be ON the mesh — see deploy header.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 17:31:54 -04:00

77 lines
4.2 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# Deploy the mr-number TRIGGER SERVICE onto the redroid box (DigitalOcean
# lilith-store-redroid). The service runs NEXT TO the redroid Android container so adb
# is local. The box itself is provisioned by uvlava IaC + the @redroid app — this only
# installs/(re)starts the `mr-number-service` systemd unit and its code under /opt.
#
# Prereqs ON THE BOX (this script verifies them and fails loudly if missing):
# bun, python3 + redroid_client (pip: lilith-redroid-client from cocotte-forge),
# the claude-code-batch-sdk (for vision), a reachable people service, and a filled
# /etc/mr-number-service.env (tokens). It does NOT mint tokens.
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
# The box's services are mesh-bound (public :22 is firewalled). Reach it over WG at
# 10.9.0.6 — REQUIRES the box to be on the mesh (it rejoins via phase-b-mesh-join.sh;
# if `wg show` on the hub shows a stale handshake, fix that first). Override HOST/JUMP
# for the public path or a ProxyJump chain (e.g. MRNUMBER_DEPLOY_JUMP=root@<yuzu>,root@<lime>).
HOST="${MRNUMBER_DEPLOY_HOST:-root@10.9.0.6}"
KEY="${MRNUMBER_DEPLOY_KEY:-$HOME/.ssh/id_ed25519_1984}"
JUMP_OPT=(); [ -n "${MRNUMBER_DEPLOY_JUMP:-}" ] && JUMP_OPT=(-J "$MRNUMBER_DEPLOY_JUMP")
SSH=(ssh -i "$KEY" "${JUMP_OPT[@]}" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15 "$HOST")
SCP=(scp -i "$KEY" "${JUMP_OPT[@]}" -o StrictHostKeyChecking=accept-new -o ConnectTimeout=15)
DEST=/opt/mr-number-service
echo "[mr-number] verifying box prerequisites…"
BUN_PATH="$("${SSH[@]}" 'command -v bun || true')"
[ -n "$BUN_PATH" ] || { echo "FATAL: bun not on the box. Install it first (curl -fsSL https://bun.sh/install | bash), then re-run." >&2; exit 1; }
"${SSH[@]}" '
set -e
command -v python3 >/dev/null || { echo "FATAL: python3 missing on box" >&2; exit 1; }
python3 -c "import redroid_client" 2>/dev/null || { echo "FATAL: redroid_client not installed on box (pip install lilith-redroid-client from cocotte-forge)" >&2; exit 1; }
adb devices 2>/dev/null | grep -qE "device$" || { echo "FATAL: no adb device on box (redroid container down?)" >&2; exit 1; }
'
echo "[mr-number] box ok (bun=$BUN_PATH)."
echo "[mr-number] copying service + client to $DEST"
"${SSH[@]}" "mkdir -p $DEST/service $DEST/client"
"${SCP[@]}" \
"$ROOT/service/index.ts" "$ROOT/service/config.ts" "$ROOT/service/queue.ts" \
"$ROOT/service/worker.ts" "$ROOT/service/validate.ts" "$ROOT/service/package.json" \
"$ROOT/service/tsconfig.json" "$HOST:$DEST/"
"${SCP[@]}" "$ROOT/client/mr_lookup.py" "$HOST:$DEST/client/mr_lookup.py"
echo "[mr-number] installing systemd unit (resolved bun=$BUN_PATH)…"
TMP_UNIT="$(mktemp)"; trap 'rm -f "$TMP_UNIT"' EXIT
sed "s#__BUN__#$BUN_PATH#" "$ROOT/deploy/mr-number-service.service" > "$TMP_UNIT"
"${SCP[@]}" "$TMP_UNIT" "$HOST:/etc/systemd/system/mr-number-service.service"
echo "[mr-number] ensuring /etc/mr-number-service.env (0600) exists…"
"${SSH[@]}" '
if [ ! -f /etc/mr-number-service.env ]; then
umask 077
cat > /etc/mr-number-service.env <<ENV
# 0600 — fill these in, then: systemctl restart mr-number-service
MRNUMBER_SERVICE_TOKEN=
PEOPLE_SERVICE_TOKEN=
PEOPLE_BASE_URL=http://10.9.0.5:3061
CLAUDE_CODE_BATCH_SDK_PATH=
ENV
echo " created /etc/mr-number-service.env TEMPLATE — fill the two tokens + SDK path before it will start."
else
echo " /etc/mr-number-service.env already present (left untouched)."
fi
'
echo "[mr-number] (re)starting mr-number-service…"
"${SSH[@]}" '
systemctl daemon-reload
if grep -q "^MRNUMBER_SERVICE_TOKEN=.\+" /etc/mr-number-service.env && grep -q "^PEOPLE_SERVICE_TOKEN=.\+" /etc/mr-number-service.env; then
systemctl enable --now mr-number-service
sleep 2
printf " status: "; systemctl is-active mr-number-service || true
curl -sf -m5 http://127.0.0.1:8787/health && echo || echo " WARN: /health not responding yet — check: journalctl -u mr-number-service -n50"
else
echo " tokens not filled in /etc/mr-number-service.env — NOT enabling (would crashloop). Fill them, then: systemctl enable --now mr-number-service"
fi
'
echo "[mr-number] done. Prospector → MRNUMBER_BASE_URL=http://10.9.0.6:8787 (box WG mesh leg)."
Reference in a new issue View git blame Copy permalink