Arlind
819f8fa91c
Run the Astro Node standalone server as a hardened systemd service on 127.0.0.1:4322, behind the existing nginx which terminates TLS and proxies the bifrost-portal.fenja.ai hostname. Coexists with the other Fenja site; its config is untouched. - deploy/bifrost-portal.service: systemd unit (bifrost user, EnvironmentFile, ProtectSystem, ReadWritePaths to the data dir only) - deploy/nginx/bifrost-portal.fenja.ai.conf: HTTP->HTTPS + proxy site block - .env.production.example: prod env vars (secret, db path, uploads, host/port) - scripts/deploy.sh: server-side pull -> install (rebuild native dep) -> build -> migrate -> restart; persistent data untouched - scripts/backup.sh: nightly online .backup, 30-day retention - DEPLOY.md: full runbook (port check, DNS, provision, TLS, backups, rollback) Persistent data (db, uploads, backups) lives in /var/lib/bifrost-portal, outside the /opt/bifrost-portal build dir, so redeploys never wipe it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
48 lines
1.4 KiB
Bash
Executable file
48 lines
1.4 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
#
|
|
# Server-side deploy for the Bifrost portal. Run ON THE VPS, as the `bifrost`
|
|
# service user, from inside the checkout (/opt/bifrost-portal).
|
|
#
|
|
# cd /opt/bifrost-portal && ./scripts/deploy.sh
|
|
#
|
|
# Pulls latest, installs deps (rebuilding the native better-sqlite3 for this
|
|
# box's arch), builds, migrates, and restarts the service. Idempotent and
|
|
# safe to re-run. Does NOT touch the database file or uploads — those live in
|
|
# /var/lib/bifrost-portal and persist across deploys.
|
|
|
|
set -euo pipefail
|
|
|
|
APP_DIR="${APP_DIR:-/opt/bifrost-portal}"
|
|
SERVICE="${SERVICE:-bifrost-portal}"
|
|
BRANCH="${BRANCH:-master}"
|
|
ENV_FILE="${ENV_FILE:-/etc/bifrost-portal.env}"
|
|
|
|
cd "$APP_DIR"
|
|
|
|
echo "==> Loading $ENV_FILE for migrate (BIFROST_DB_PATH)"
|
|
set -a; # shellcheck disable=SC1090
|
|
source "$ENV_FILE"; set +a
|
|
|
|
echo "==> Fetching origin/$BRANCH"
|
|
git fetch --prune origin
|
|
git checkout "$BRANCH"
|
|
git reset --hard "origin/$BRANCH"
|
|
|
|
echo "==> Installing dependencies (frozen lockfile)"
|
|
# pnpm rebuilds better-sqlite3 for this machine's arch via onlyBuiltDependencies.
|
|
pnpm install --frozen-lockfile
|
|
|
|
echo "==> Building"
|
|
pnpm build
|
|
|
|
echo "==> Applying database migrations -> $BIFROST_DB_PATH"
|
|
node scripts/migrate.js
|
|
|
|
echo "==> Restarting $SERVICE"
|
|
sudo systemctl restart "$SERVICE"
|
|
|
|
echo "==> Waiting for health"
|
|
sleep 2
|
|
sudo systemctl --no-pager --lines=0 status "$SERVICE"
|
|
|
|
echo "==> Deploy complete: $(git rev-parse --short HEAD)"
|