silo/scripts/setup-host.sh

#!/usr/bin/env bash
#
# Silo Host Setup Script
# Run this once on silo.example.internal to prepare for deployment
#
# Usage:
#   sudo ./setup-host.sh
#
# This script:
#   1. Installs required packages (git, go)
#   2. Creates the silo system user
#   3. Creates required directories
#   4. Sets up the environment file template
#   5. Clones the repository
#   6. Runs initial deployment

set -euo pipefail

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

# Configuration
REPO_URL="${SILO_REPO_URL:-https://git.kindred-systems.com/kindred/silo.git}"
REPO_BRANCH="${SILO_BRANCH:-main}"
INSTALL_DIR="/opt/silo"
CONFIG_DIR="/etc/silo"
GO_VERSION="1.23.0"

log_info() { echo -e "${BLUE}[INFO]${NC} $*"; }
log_success() { echo -e "${GREEN}[OK]${NC} $*"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
log_error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
die() { log_error "$*"; exit 1; }

# Check root
if [[ $EUID -ne 0 ]]; then
    die "This script must be run as root (use sudo)"
fi

log_info "============================================"
log_info "Silo Host Setup"
log_info "============================================"
echo ""

# Detect package manager
if command -v apt-get >/dev/null 2>&1; then
    PKG_MANAGER="apt"
elif command -v dnf >/dev/null 2>&1; then
    PKG_MANAGER="dnf"
elif command -v yum >/dev/null 2>&1; then
    PKG_MANAGER="yum"
else
    die "Unsupported package manager. Install git and go manually."
fi

log_info "Detected package manager: ${PKG_MANAGER}"

# Install dependencies
log_info "Installing dependencies..."

case ${PKG_MANAGER} in
    apt)
        apt-get update -qq
        apt-get install -y -qq git curl ca-certificates
        ;;
    dnf|yum)
        ${PKG_MANAGER} install -y -q git curl ca-certificates
        ;;
esac

log_success "System packages installed"

# Install Go if not present or wrong version
install_go() {
    log_info "Installing Go ${GO_VERSION}..."

    local arch
    case $(uname -m) in
        x86_64) arch="amd64" ;;
        aarch64) arch="arm64" ;;
        *) die "Unsupported architecture: $(uname -m)" ;;
    esac

    local go_tar="go${GO_VERSION}.linux-${arch}.tar.gz"
    local go_url="https://go.dev/dl/${go_tar}"

    # Remove existing Go installation
    rm -rf /usr/local/go

    # Download and install
    curl -fsSL "${go_url}" -o "/tmp/${go_tar}"
    tar -C /usr/local -xzf "/tmp/${go_tar}"
    rm -f "/tmp/${go_tar}"

    # Add to PATH for all users
    cat > /etc/profile.d/go.sh << 'EOF'
export PATH=$PATH:/usr/local/go/bin
export GOPATH=/opt/go
export PATH=$PATH:$GOPATH/bin
EOF

    # Source for current session
    export PATH=$PATH:/usr/local/go/bin

    log_success "Go ${GO_VERSION} installed"
}

if command -v go >/dev/null 2>&1; then
    current_go=$(go version | grep -oP '\d+\.\d+' | head -1)
    required_go="1.23"
    if [[ "$(printf '%s\n' "$required_go" "$current_go" | sort -V | head -n1)" != "$required_go" ]]; then
        log_warn "Go ${current_go} found, but ${required_go}+ required"
        install_go
    else
        log_success "Go ${current_go} already installed"
    fi
else
    install_go
fi

# Ensure Go is in PATH
export PATH=$PATH:/usr/local/go/bin

# Create silo system user
if ! id -u silo >/dev/null 2>&1; then
    log_info "Creating silo user..."
    useradd -r -m -d "${INSTALL_DIR}" -s /sbin/nologin -c "Silo Service" silo
    log_success "Created user: silo"
else
    log_info "User silo already exists"
fi

# Create directories
log_info "Creating directories..."

mkdir -p "${INSTALL_DIR}/bin"
mkdir -p "${INSTALL_DIR}/src"
mkdir -p "${CONFIG_DIR}/schemas"
mkdir -p /var/log/silo

# Set ownership
chown -R silo:silo "${INSTALL_DIR}"
chown root:silo "${CONFIG_DIR}"
chmod 750 "${CONFIG_DIR}"
chown silo:silo /var/log/silo
chmod 750 /var/log/silo

log_success "Directories created"

# Create environment file if it doesn't exist
ENV_FILE="${CONFIG_DIR}/silod.env"
if [[ ! -f "${ENV_FILE}" ]]; then
    log_info "Creating environment file..."
    cat > "${ENV_FILE}" << 'EOF'
# Silo daemon environment variables
# Fill in the values below

# Database credentials (psql.example.internal)
# Database: silo, User: silo
SILO_DB_PASSWORD=

# MinIO credentials (minio.example.internal)
# User: silouser
SILO_MINIO_ACCESS_KEY=silouser
SILO_MINIO_SECRET_KEY=

# Optional overrides
# SILO_SERVER_BASE_URL=http://silo.example.internal:8080
EOF
    chmod 600 "${ENV_FILE}"
    chown root:silo "${ENV_FILE}"
    log_warn "Created ${ENV_FILE} - YOU MUST EDIT THIS FILE!"
else
    log_info "Environment file already exists"
fi

# Clone repository
log_info "Cloning repository..."

# Configure git to trust internal Gitea (self-signed cert)
git config --global http.sslVerify false
log_warn "Disabled SSL verification for git (internal Gitea uses self-signed cert)"

if [[ -d "${INSTALL_DIR}/src/.git" ]]; then
    log_info "Repository already cloned, pulling latest..."
    cd "${INSTALL_DIR}/src"
    git fetch origin
    git checkout "${REPO_BRANCH}"
    git reset --hard "origin/${REPO_BRANCH}"
else
    rm -rf "${INSTALL_DIR}/src"
    git clone --branch "${REPO_BRANCH}" "${REPO_URL}" "${INSTALL_DIR}/src"
fi

cd "${INSTALL_DIR}/src"
log_success "Repository ready at $(git rev-parse --short HEAD)"

# Set ownership of source
chown -R silo:silo "${INSTALL_DIR}/src"

# Summary
echo ""
log_info "============================================"
log_info "Host setup complete!"
log_info "============================================"
echo ""
echo "Next steps:"
echo ""
echo "1. Edit ${ENV_FILE} and fill in credentials:"
echo "   sudo nano ${ENV_FILE}"
echo ""
echo "2. Verify database connectivity:"
echo "   psql -h psql.example.internal -U silo -d silo -c 'SELECT 1'"
echo ""
echo "3. Verify MinIO connectivity:"
echo "   curl -I http://minio.example.internal:9000/minio/health/live"
echo ""
echo "4. Run the deployment:"
echo "   sudo ${INSTALL_DIR}/src/scripts/deploy.sh"
echo ""
echo "After deployment, manage the service with:"
echo "   sudo systemctl status silod"
echo "   sudo systemctl restart silod"
echo "   sudo journalctl -u silod -f"
echo ""