npm - @hasna/shortlinks - Versions diffs - 0.1.5 → 0.1.6 - Mend

@hasna/shortlinks 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md +11 -0
package/infra/aws-ec2-user-data.sh +168 -0
package/package.json +2 -1

package/README.md CHANGED Viewed

@@ -138,6 +138,17 @@ shortlinks cloud sync
 The cloud database service name is `shortlinks`.
+## AWS Origin
+For an apex domain that needs stable A records, `infra/aws-ec2-user-data.sh` bootstraps a small EC2 redirect origin with:
+- `@hasna/shortlinks` installed through Bun
+- local SQLite data synced with the `shortlinks` RDS database through `@hasna/cloud`
+- Caddy terminating HTTPS and proxying to `shortlinks serve`
+- a systemd timer that syncs links and clicks every minute
+The script reads the RDS password from AWS Secrets Manager through the instance role; it does not contain secret values.
 ## Development
 ```bash

package/infra/aws-ec2-user-data.sh ADDED Viewed

@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+set -euo pipefail
+export AWS_REGION="${AWS_REGION:-us-east-1}"
+export SHORTLINKS_HOME="/var/lib/shortlinks"
+export SHORTLINKS_PACKAGE="@hasna/shortlinks@latest"
+export RDS_SECRET_ID="rds!db-7a451ce6-83a9-40fa-b24a-81e5d5943511"
+export RDS_HOST="hasnaxyz-prod-opensource.c4limg0qgqvk.us-east-1.rds.amazonaws.com"
+export RDS_USERNAME="hasna_admin"
+dnf update -y
+dnf install -y awscli jq tar gzip shadow-utils libcap
+if ! id shortlinks >/dev/null 2>&1; then
+  useradd --system --create-home --home-dir "${SHORTLINKS_HOME}" --shell /sbin/nologin shortlinks
+fi
+install -d -o shortlinks -g shortlinks "${SHORTLINKS_HOME}/.hasna/cloud"
+install -d -o shortlinks -g shortlinks "${SHORTLINKS_HOME}/.hasna/shortlinks"
+cat > "${SHORTLINKS_HOME}/.hasna/cloud/config.json" <<CLOUD_CONFIG
+{
+  "rds": {
+    "host": "${RDS_HOST}",
+    "port": 5432,
+    "username": "${RDS_USERNAME}",
+    "password_env": "HASNA_RDS_PASSWORD",
+    "ssl": true
+  },
+  "mode": "hybrid",
+  "feedback_endpoint": "https://feedback.hasna.com/api/v1/feedback",
+  "auto_sync_interval_minutes": 0,
+  "sync": {
+    "schedule_minutes": 0
+  }
+}
+CLOUD_CONFIG
+chown shortlinks:shortlinks "${SHORTLINKS_HOME}/.hasna/cloud/config.json"
+chmod 600 "${SHORTLINKS_HOME}/.hasna/cloud/config.json"
+su -s /bin/bash shortlinks -c 'curl -fsSL https://bun.sh/install | bash'
+su -s /bin/bash shortlinks -c "${SHORTLINKS_HOME}/.bun/bin/bun install -g ${SHORTLINKS_PACKAGE} --no-cache"
+cat > /usr/local/bin/shortlinks-env-exec <<'RUNNER'
+#!/usr/bin/env bash
+set -euo pipefail
+export AWS_REGION="${AWS_REGION:-us-east-1}"
+export HOME="/var/lib/shortlinks"
+export PATH="/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin"
+export NODE_TLS_REJECT_UNAUTHORIZED="0"
+secret_json="$(aws secretsmanager get-secret-value \
+  --region "${AWS_REGION}" \
+  --secret-id "rds!db-7a451ce6-83a9-40fa-b24a-81e5d5943511" \
+  --query SecretString \
+  --output text)"
+export HASNA_RDS_PASSWORD
+HASNA_RDS_PASSWORD="$(jq -r '.password' <<<"${secret_json}")"
+exec "$@"
+RUNNER
+chmod 750 /usr/local/bin/shortlinks-env-exec
+chown root:shortlinks /usr/local/bin/shortlinks-env-exec
+su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json doctor'
+su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json config set default-domain has.na'
+su -s /bin/bash shortlinks -c '/usr/local/bin/shortlinks-env-exec shortlinks --json cloud pull --tables domains,links,clicks' || true
+caddy_version="$(curl -fsSL https://api.github.com/repos/caddyserver/caddy/releases/latest | jq -r '.tag_name // "v2.10.2"' | sed 's/^v//')"
+case "$(uname -m)" in
+  aarch64|arm64) caddy_arch="arm64" ;;
+  x86_64|amd64) caddy_arch="amd64" ;;
+  *) caddy_arch="arm64" ;;
+esac
+curl -fsSL -o /tmp/caddy.tar.gz "https://github.com/caddyserver/caddy/releases/download/v${caddy_version}/caddy_${caddy_version}_linux_${caddy_arch}.tar.gz"
+tar -xzf /tmp/caddy.tar.gz -C /tmp caddy
+install -m 0755 /tmp/caddy /usr/local/bin/caddy
+setcap cap_net_bind_service=+ep /usr/local/bin/caddy || true
+cat > /etc/systemd/system/shortlinks.service <<'SERVICE'
+[Unit]
+Description=Shortlinks redirect server
+After=network-online.target
+Wants=network-online.target
+[Service]
+Type=simple
+User=shortlinks
+Group=shortlinks
+WorkingDirectory=/var/lib/shortlinks
+Environment=HOME=/var/lib/shortlinks
+Environment=PATH=/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin
+ExecStartPre=/usr/local/bin/shortlinks-env-exec shortlinks --json cloud pull --tables domains,links
+ExecStart=/usr/local/bin/shortlinks-env-exec shortlinks serve --host 127.0.0.1 --port 8787 --default-host has.na
+Restart=always
+RestartSec=5
+[Install]
+WantedBy=multi-user.target
+SERVICE
+cat > /etc/systemd/system/shortlinks-sync.service <<'SERVICE'
+[Unit]
+Description=Sync shortlinks SQLite data with RDS
+After=network-online.target
+Wants=network-online.target
+[Service]
+Type=oneshot
+User=shortlinks
+Group=shortlinks
+WorkingDirectory=/var/lib/shortlinks
+Environment=HOME=/var/lib/shortlinks
+Environment=PATH=/var/lib/shortlinks/.bun/bin:/usr/local/bin:/usr/bin:/bin
+ExecStart=/usr/local/bin/shortlinks-env-exec shortlinks --json cloud sync --tables domains,links,clicks
+SERVICE
+cat > /etc/systemd/system/shortlinks-sync.timer <<'TIMER'
+[Unit]
+Description=Run shortlinks cloud sync every minute
+[Timer]
+OnBootSec=2min
+OnUnitActiveSec=1min
+Unit=shortlinks-sync.service
+[Install]
+WantedBy=timers.target
+TIMER
+cat > /etc/systemd/system/caddy.service <<'SERVICE'
+[Unit]
+Description=Caddy web server for shortlinks
+After=network-online.target shortlinks.service
+Wants=network-online.target
+[Service]
+Type=simple
+User=root
+Group=root
+ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --force
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+Restart=on-failure
+[Install]
+WantedBy=multi-user.target
+SERVICE
+install -d /etc/caddy
+cat > /etc/caddy/Caddyfile <<'CADDY'
+has.na {
+  encode zstd gzip
+  reverse_proxy 127.0.0.1:8787
+}
+CADDY
+systemctl daemon-reload
+systemctl enable shortlinks.service shortlinks-sync.timer caddy.service
+systemctl start shortlinks.service
+systemctl start shortlinks-sync.timer
+systemctl start caddy.service || true

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/shortlinks",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "CLI-only shortlink manager for custom domains, click tracking, Cloudflare setup, and @hasna cloud sync",
   "type": "module",
   "main": "dist/index.js",
@@ -25,6 +25,7 @@
   "files": [
     "dist",
     "cloudflare",
+    "infra",
     "LICENSE",
     "README.md",
     "SECURITY.md"