@hasna/shortlinks 0.1.4 → 0.1.6

package/README.md

@@ -138,6 +138,17 @@ shortlinks cloud sync
 
 The cloud database service name is `shortlinks`.
 
+## AWS Origin
+
+For an apex domain that needs stable A records, `infra/aws-ec2-user-data.sh` bootstraps a small EC2 redirect origin with:
+
+- `@hasna/shortlinks` installed through Bun
+- local SQLite data synced with the `shortlinks` RDS database through `@hasna/cloud`
+- Caddy terminating HTTPS and proxying to `shortlinks serve`
+- a systemd timer that syncs links and clicks every minute
+
+The script reads the RDS password from AWS Secrets Manager through the instance role; it does not contain secret values.
+
 ## Development
 
 ```bash

package/dist/cli/index.js

@@ -3435,13 +3435,6 @@ var PG_MIGRATIONS = [
   CREATE INDEX IF NOT EXISTS idx_clicks_domain ON clicks(domain_id);
   CREATE INDEX IF NOT EXISTS idx_clicks_clicked_at ON clicks(clicked_at);
   CREATE INDEX IF NOT EXISTS idx_clicks_updated ON clicks(updated_at);
-
-  CREATE TABLE IF NOT EXISTS _pg_migrations (
-    id INTEGER PRIMARY KEY,
-    applied_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
-  );
-
-  INSERT INTO _pg_migrations (id) VALUES (1) ON CONFLICT DO NOTHING;
   `
 ];
 

package/dist/index.js

@@ -838,13 +838,6 @@ var PG_MIGRATIONS = [
   CREATE INDEX IF NOT EXISTS idx_clicks_domain ON clicks(domain_id);
   CREATE INDEX IF NOT EXISTS idx_clicks_clicked_at ON clicks(clicked_at);
   CREATE INDEX IF NOT EXISTS idx_clicks_updated ON clicks(updated_at);
-
-  CREATE TABLE IF NOT EXISTS _pg_migrations (
-    id INTEGER PRIMARY KEY,
-    applied_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
-  );
-
-  INSERT INTO _pg_migrations (id) VALUES (1) ON CONFLICT DO NOTHING;
   `
 ];
 export {

package/infra/aws-ec2-user-data.sh

@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+export AWS_REGION="${AWS_REGION:-us-east-1}"
+export SHORTLINKS_HOME="/var/lib/shortlinks"
+export SHORTLINKS_PACKAGE="@hasna/shortlinks@latest"
+export RDS_SECRET_ID="rds!db-7a451ce6-83a9-40fa-b24a-81e5d5943511"
+export RDS_HOST="hasnaxyz-prod-opensource.c4limg0qgqvk.us-east-1.rds.amazonaws.com"
+export RDS_USERNAME="hasna_admin"
+
+dnf update -y
+dnf install -y awscli jq tar gzip shadow-utils libcap
+
+if ! id shortlinks >/dev/null 2>&1; then
+  useradd --system --create-home --home-dir "${SHORTLINKS_HOME}" --shell /sbin/nologin shortlinks
+fi
+
+install -d -o shortlinks -g shortlinks "${SHORTLINKS_HOME}/.hasna/cloud"
+install -d -o shortlinks -g shortlinks "${SHORTLINKS_HOME}/.hasna/shortlinks"
+
+cat > "${SHORTLINKS_HOME}/.hasna/cloud/config.json" <<CLOUD_CONFIG
+{
+  "rds": {
+    "host": "${RDS_HOST}",
+    "port": 5432,
+    "username": "${RDS_USERNAME}",
+    "password_env": "HASNA_RDS_PASSWORD",
+    "ssl": true
+  },
+  "mode": "hybrid",
+  "feedback_endpoint": "https://feedback.hasna.com/api/v1/feedback",
+  "auto_sync_interval_minutes": 0,
+  "sync": {
+    "schedule_minutes": 0
+  }
+}
+CLOUD_CONFIG
+chown shortlinks:shortlinks "${SHORTLINKS_HOME}/.hasna/cloud/config.json"
+chmod 600 "${SHORTLINKS_HOME}/.hasna/cloud/config.json"
+
+su -s /bin/bash shortlinks -c 'curl -fsSL https://bun.sh/install | bash'
+su -s /bin/bash shortlinks -c "${SHORTLINKS_HOME}/.bun/bin/bun install -g ${SHORTLINKS_PACKAGE} --no-cache"
+
+cat > /usr/local/bin/shortlinks-env-exec <<'RUNNER'
+#!/usr/bin/env bash
+set -euo pipefail
+
+export AWS_REGION="${AWS_REGION:-us-east-1}"
+export HOME="/var/lib/shortlinks"
+export PATH="/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin"
+export NODE_TLS_REJECT_UNAUTHORIZED="0"
+
+secret_json="$(aws secretsmanager get-secret-value \
+  --region "${AWS_REGION}" \
+  --secret-id "rds!db-7a451ce6-83a9-40fa-b24a-81e5d5943511" \
+  --query SecretString \
+  --output text)"
+
+export HASNA_RDS_PASSWORD
+HASNA_RDS_PASSWORD="$(jq -r '.password' <<<"${secret_json}")"
+
+exec "$@"
+RUNNER
+chmod 750 /usr/local/bin/shortlinks-env-exec
+chown root:shortlinks /usr/local/bin/shortlinks-env-exec
+
+su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json doctor'
+su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json config set default-domain has.na'
+su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json cloud pull --tables domains,links,clicks' || true
+
+caddy_version="$(curl -fsSL https://api.github.com/repos/caddyserver/caddy/releases/latest | jq -r '.tag_name // "v2.10.2"' | sed 's/^v//')"
+case "$(uname -m)" in
+  aarch64|arm64) caddy_arch="arm64" ;;
+  x86_64|amd64) caddy_arch="amd64" ;;
+  *) caddy_arch="arm64" ;;
+esac
+curl -fsSL -o /tmp/caddy.tar.gz "https://github.com/caddyserver/caddy/releases/download/v${caddy_version}/caddy_${caddy_version}_linux_${caddy_arch}.tar.gz"
+tar -xzf /tmp/caddy.tar.gz -C /tmp caddy
+install -m 0755 /tmp/caddy /usr/local/bin/caddy
+setcap cap_net_bind_service=+ep /usr/local/bin/caddy || true
+
+cat > /etc/systemd/system/shortlinks.service <<'SERVICE'
+[Unit]
+Description=Shortlinks redirect server
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=shortlinks
+Group=shortlinks
+WorkingDirectory=/var/lib/shortlinks
+Environment=HOME=/var/lib/shortlinks
+Environment=PATH=/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin
+ExecStartPre=/usr/local/bin/shortlinks-env-exec shortlinks --json cloud pull --tables domains,links
+ExecStart=/usr/local/bin/shortlinks-env-exec shortlinks serve --host 127.0.0.1 --port 8787 --default-host has.na
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+SERVICE
+
+cat > /etc/systemd/system/shortlinks-sync.service <<'SERVICE'
+[Unit]
+Description=Sync shortlinks SQLite data with RDS
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+User=shortlinks
+Group=shortlinks
+WorkingDirectory=/var/lib/shortlinks
+Environment=HOME=/var/lib/shortlinks
+Environment=PATH=/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin
+ExecStart=/usr/local/bin/shortlinks-env-exec shortlinks --json cloud sync --tables domains,links,clicks
+SERVICE
+
+cat > /etc/systemd/system/shortlinks-sync.timer <<'TIMER'
+[Unit]
+Description=Run shortlinks cloud sync every minute
+
+[Timer]
+OnBootSec=2min
+OnUnitActiveSec=1min
+Unit=shortlinks-sync.service
+
+[Install]
+WantedBy=timers.target
+TIMER
+
+cat > /etc/systemd/system/caddy.service <<'SERVICE'
+[Unit]
+Description=Caddy web server for shortlinks
+After=network-online.target shortlinks.service
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --force
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+SERVICE
+
+install -d /etc/caddy
+cat > /etc/caddy/Caddyfile <<'CADDY'
+has.na {
+  encode zstd gzip
+  reverse_proxy 127.0.0.1:8787
+}
+CADDY
+
+systemctl daemon-reload
+systemctl enable shortlinks.service shortlinks-sync.timer caddy.service
+systemctl start shortlinks.service
+systemctl start shortlinks-sync.timer
+systemctl start caddy.service || true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/shortlinks",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "CLI-only shortlink manager for custom domains, click tracking, Cloudflare setup, and @hasna cloud sync",
   "type": "module",
   "main": "dist/index.js",
@@ -25,6 +25,7 @@
   "files": [
     "dist",
     "cloudflare",
+    "infra",
     "LICENSE",
     "README.md",
     "SECURITY.md"