adjust script to handle seeding, regeneration of configs and alow unprivileged user to execute start.sh

deployment/bare_metal/.env.dist

@@ -2,6 +2,8 @@ NGINX_SERVER_NAME=_
 
 #Example data
 
+#DEPLOY_SEED_DATA=true
+#
 #NGINX_REWRITE_LEGACY_URLS=true
 #NGINX_SSL=true
 #NGINX_SERVER_NAME=stage1.gradido.net

deployment/bare_metal/install.sh

@@ -100,19 +100,9 @@ sudo certbot --certonly
 > Would you be willing, once your first certificate is successfully issued, to > N
 > No names were found in your configuration files. Please enter in your domain > stage1.gradido.net
 
-# Generate gradido.conf from template
-# TODO order - first certbot, then nginx setup
-case "$NGINX_SSL" in
- true) TEMPLATE_FILE="gradido.conf.ssl.template" ;;
-    *) TEMPLATE_FILE="gradido.conf.template" ;;
-esac
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > gradido.conf
+git config pull.ff only
 
-# Generate update-page.conf from template
-case "$NGINX_SSL" in
- true) TEMPLATE_FILE="update-page.conf.ssl.template" ;;
-    *) TEMPLATE_FILE="update-page.conf.template" ;;
-esac
-envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > update-page.conf
-
-git config pull.ff only
+# Allow nginx configuration and restart for gradido
+sudo nano /etc/sudoers.d/gradido
+> gradido ALL=(ALL) NOPASSWD: /etc/init.d/nginx start,/etc/init.d/nginx stop,/etc/init.d/nginx restart
+sudo chmod a+rw /etc/nginx/sites-enabled

deployment/bare_metal/start.sh

@@ -6,6 +6,7 @@ SCRIPT_DIR=$(dirname $SCRIPT_PATH)
 LOCK_FILE=$SCRIPT_DIR/update.lock
 UPDATE_HTML=$SCRIPT_DIR/nginx/update-page/updating.html
 PROJECT_ROOT=$SCRIPT_DIR/../../
+NGINX_CONFIG_DIR=$SCRIPT_DIR/nginx/sites-available
 
 # Load .env or .env.dist if not present
 set -o allexport
@@ -31,8 +32,8 @@ UPDATE_SITE_CONFIG=stage1_updating
 
 # configure nginx for the update-page
 echo 'Configuring nginx to serve the update-page<br>' >> $UPDATE_HTML
-sudo rm /etc/nginx/sites-enabled/gradido.conf
-sudo ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/
+rm /etc/nginx/sites-enabled/gradido.conf
+ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/
 sudo /etc/init.d/nginx restart
 
 
@@ -49,16 +50,32 @@ git checkout $BRANCH
 git pull
 export BUILD_COMMIT="$(git rev-parse HEAD)"
 
+# Generate gradido.conf from template
+case "$NGINX_SSL" in
+ true) TEMPLATE_FILE="gradido.conf.ssl.template" ;;
+    *) TEMPLATE_FILE="gradido.conf.template" ;;
+esac
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf
+
+# Generate update-page.conf from template
+case "$NGINX_SSL" in
+ true) TEMPLATE_FILE="update-page.conf.ssl.template" ;;
+    *) TEMPLATE_FILE="update-page.conf.template" ;;
+esac
+envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/update-page.conf
+
 # Install & build database
 echo 'Updating database<br>' >> $UPDATE_HTML
 cd $PROJECT_ROOT/database
 yarn install
 yarn build
-# TODO only in staging!
-yarn dev_up
-# TODO only in staging!
-yarn dev_reset
-yarn seed 
+if [ "$DEPLOY_SEED_DATA" = "true" ]; then
+  yarn dev_up
+  yarn dev_reset
+  yarn seed 
+else
+  yarn up
+fi
 
 # Install & build backend
 echo 'Updating backend<br>' >> $UPDATE_HTML
@@ -89,8 +106,8 @@ pm2 save
 
 # let nginx showing gradido
 echo 'Configuring nginx to serve gradido again<br>' >> $UPDATE_HTML
-sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/
-sudo rm /etc/nginx/sites-enabled/update-page.conf
+ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/
+rm /etc/nginx/sites-enabled/update-page.conf
 sudo /etc/init.d/nginx restart
 
 #release lock