theta42/sovereign-orchestrator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
70c71161f3da508d1160e10cac2f1031876b85f6
sovereign-orchestrator/setup.sh
T
wmantly 70c71161f3 feat: initial orchestrator service with FastAPI backend and premium GUI 
- FastAPI backend with full Proxmox VE API integration
- ISO builder using proxmox-auto-install-assistant
- Premium dark-mode SPA frontend with glassmorphism design
- VM lifecycle management (create, start, stop, destroy)
- Build pipeline tracking with real-time logs
- Deployment automation for custom auto-installer ISOs
- Production deployment script (setup.sh + systemd)
- Comprehensive README with API documentation
2026-06-21 22:57:32 -04:00

154 lines
5.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# setup.sh - Deploy the Sovereign Orchestrator service
# This script installs all dependencies and configures the service
# to run on a Debian-based LXC container on the production Proxmox host.
#
# Usage: bash setup.sh
#
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
APP_DIR="/opt/sovereign-orchestrator"
SERVICE_NAME="sovereign-orchestrator"
SERVICE_USER="sovereign"
PORT=8888
echo "╔══════════════════════════════════════════════╗"
echo "║ Sovereign Orchestrator - Setup Script ║"
echo "║ Theta42 Infrastructure Automation ║"
echo "╚══════════════════════════════════════════════╝"
echo ""
# --- 1. System Dependencies ---
echo "[1/6] Installing system dependencies..."
apt-get update -qq
apt-get install -y -qq \
python3 \
python3-pip \
python3-venv \
xorriso \
curl \
jq \
wget \
2>/dev/null
# --- 2. Install proxmox-auto-install-assistant ---
echo "[2/6] Checking for proxmox-auto-install-assistant..."
if ! command -v proxmox-auto-install-assistant &>/dev/null; then
echo " -> Installing proxmox-auto-install-assistant from Proxmox repos..."
# Add Proxmox repository for the assistant tool
if [ ! -f /etc/apt/sources.list.d/proxmox.list ]; then
echo "deb [arch=amd64] http://download.proxmox.com/debian/pve trixie pve-no-subscription" \
> /etc/apt/sources.list.d/proxmox.list
wget -qO /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg \
http://download.proxmox.com/debian/proxmox-release-trixie.gpg 2>/dev/null || true
apt-get update -qq
fi
apt-get install -y -qq proxmox-auto-install-assistant 2>/dev/null || {
echo " [!] Could not install from repo. Checking if binary exists locally..."
if [ -f /usr/bin/proxmox-auto-install-assistant ]; then
echo " -> Found at /usr/bin/proxmox-auto-install-assistant"
else
echo " [WARNING] proxmox-auto-install-assistant not available."
echo " ISO generation will fail until this is installed."
fi
}
else
echo " -> Already installed: $(which proxmox-auto-install-assistant)"
fi
# --- 3. Create service user ---
echo "[3/6] Setting up service user..."
if ! id "$SERVICE_USER" &>/dev/null; then
useradd --system --home-dir "$APP_DIR" --shell /usr/sbin/nologin "$SERVICE_USER"
echo " -> Created user: $SERVICE_USER"
else
echo " -> User already exists: $SERVICE_USER"
fi
# --- 4. Install application ---
echo "[4/6] Installing application to $APP_DIR..."
mkdir -p "$APP_DIR"
cp -r "$SCRIPT_DIR/app" "$APP_DIR/"
cp -r "$SCRIPT_DIR/static" "$APP_DIR/"
cp "$SCRIPT_DIR/requirements.txt" "$APP_DIR/"
# Create Python virtual environment
python3 -m venv "$APP_DIR/venv"
"$APP_DIR/venv/bin/pip" install --quiet --upgrade pip
"$APP_DIR/venv/bin/pip" install --quiet -r "$APP_DIR/requirements.txt"
# Create data directories
mkdir -p "$APP_DIR/data/isos"
mkdir -p "$APP_DIR/data/builds"
mkdir -p "$APP_DIR/data/logs"
chown -R "$SERVICE_USER:$SERVICE_USER" "$APP_DIR"
echo " -> Application installed successfully"
# --- 5. Configure Proxmox credentials ---
echo "[5/6] Configuring Proxmox credentials..."
CRED_FILE="$APP_DIR/.proxmox-credentials"
if [ -f "$HOME/.proxmox-credentials" ]; then
cp "$HOME/.proxmox-credentials" "$CRED_FILE"
chown "$SERVICE_USER:$SERVICE_USER" "$CRED_FILE"
chmod 600 "$CRED_FILE"
echo " -> Credentials copied from $HOME/.proxmox-credentials"
elif [ -f /root/.proxmox-credentials ]; then
cp /root/.proxmox-credentials "$CRED_FILE"
chown "$SERVICE_USER:$SERVICE_USER" "$CRED_FILE"
chmod 600 "$CRED_FILE"
echo " -> Credentials copied from /root/.proxmox-credentials"
else
echo " [WARNING] No Proxmox credentials found."
echo " Create $CRED_FILE with:"
echo " PROXMOX_HOST=https://your-pve-host:8006"
echo " PROXMOX_TOKEN_ID=user@pam!tokenname"
echo " PROXMOX_TOKEN_SECRET=your-token-secret"
fi
# --- 6. Create systemd service ---
echo "[6/6] Creating systemd service..."
cat > /etc/systemd/system/${SERVICE_NAME}.service << EOF
[Unit]
Description=Sovereign Orchestrator - Theta42 Infrastructure Automation
After=network.target
Wants=network-online.target
[Service]
Type=simple
User=${SERVICE_USER}
Group=${SERVICE_USER}
WorkingDirectory=${APP_DIR}
EnvironmentFile=-${CRED_FILE}
ExecStart=${APP_DIR}/venv/bin/uvicorn app.main:app --host 0.0.0.0 --port ${PORT}
Restart=on-failure
RestartSec=5
StandardOutput=append:${APP_DIR}/data/logs/service.log
StandardError=append:${APP_DIR}/data/logs/service-error.log
# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ReadWritePaths=${APP_DIR}/data
ProtectHome=true
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable ${SERVICE_NAME}
echo " -> Service created and enabled"
echo ""
echo "╔══════════════════════════════════════════════╗"
echo "║ Setup Complete! ║"
echo "╚══════════════════════════════════════════════╝"
echo ""
echo " Start the service: systemctl start ${SERVICE_NAME}"
echo " Check status: systemctl status ${SERVICE_NAME}"
echo " View logs: journalctl -u ${SERVICE_NAME} -f"
echo " Web UI: http://$(hostname -I | awk '{print $1}'):${PORT}"
echo ""
Reference in New Issue View Git Blame Copy Permalink