@patiom/daemon 0.0.1 → 0.0.2

package/dist/{server.js → index.js}

@@ -1,14 +1,29 @@
-import { C as PORT_MIN, S as PORT_MAX, _ as validateToken, c as daemonReload, d as start, f as stop, g as revokeToken, h as listTokens, i as addApp, l as enable, m as hasScope, o as removeApp, p as createToken, t as appServiceTemplate, u as listRunningInstances, x as PATIOM_ROOT, y as APPS_DIR } from "./systemd-C0OpX8Bk.js";
+import { consola } from "consola";
+import { program } from "commander";
+import { readFileSync } from "node:fs";
+import path from "node:path";
+import { execa } from "execa";
 import { Hono } from "hono";
 import { serve } from "@hono/node-server";
 import fs from "node:fs/promises";
-import path from "node:path";
 import { createMiddleware } from "hono/factory";
+import crypto from "node:crypto";
 import { ulid } from "ulid";
 import "adm-zip";
-import { execa } from "execa";
 import getPort, { portNumbers } from "get-port";
+import { parse, stringify } from "smol-toml";
 import dotenv from "dotenv";
+import { confirm, input } from "@inquirer/prompts";
+//#region package.json
+var version = "0.0.2";
+//#endregion
+//#region src/config.ts
+const PATIOM_ROOT = "/var/lib/patiom";
+const APPS_DIR = path.join(PATIOM_ROOT, "apps");
+path.join(PATIOM_ROOT, "ip");
+const PORT_MIN = 5e4;
+const PORT_MAX = 51e3;
+//#endregion
 //#region src/middleware/audit.ts
 const AUDIT_LOG = path.join(PATIOM_ROOT, "audit.log");
 const MAX_SIZE = 10 * 1024 * 1024;
@@ -35,6 +50,87 @@ const auditMiddleware = createMiddleware(async (c, next) => {
 	}
 });
 //#endregion
+//#region src/core/tokens.ts
+const TOKENS_FILE = path.join(PATIOM_ROOT, "tokens.json");
+let tokensWriteQueue = Promise.resolve();
+const writeTokensAtomic = async (config) => {
+	const tmpPath = `${TOKENS_FILE}.tmp`;
+	await fs.writeFile(tmpPath, JSON.stringify(config, null, 2), { mode: 384 });
+	await fs.rename(tmpPath, TOKENS_FILE);
+};
+const readTokens = async () => {
+	try {
+		const content = await fs.readFile(TOKENS_FILE, "utf-8");
+		return JSON.parse(content);
+	} catch {
+		return { tokens: [] };
+	}
+};
+const writeTokens = async (config) => {
+	await writeTokensAtomic(config);
+};
+const createToken = async (name, scope) => {
+	const token = {
+		id: ulid(),
+		name,
+		token: crypto.randomBytes(16).toString("hex"),
+		scope,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+	const next = tokensWriteQueue.then(async () => {
+		const config = await readTokens();
+		config.tokens.push(token);
+		await writeTokensAtomic(config);
+	});
+	tokensWriteQueue = next.catch(() => {});
+	await next;
+	return token;
+};
+const listTokens = async () => {
+	return (await readTokens()).tokens.map(({ token, ...rest }) => ({
+		...rest,
+		last8: token.slice(-8)
+	}));
+};
+const revokeToken = async (id) => {
+	let result = {
+		success: false,
+		error: "Token not found"
+	};
+	const next = tokensWriteQueue.then(async () => {
+		const config = await readTokens();
+		const token = config.tokens.find((t) => t.id === id);
+		if (!token) {
+			result = {
+				success: false,
+				error: "Token not found"
+			};
+			return;
+		}
+		if (token.scope === "master") {
+			result = {
+				success: false,
+				error: "Cannot revoke master token"
+			};
+			return;
+		}
+		config.tokens = config.tokens.filter((t) => t.id !== id);
+		await writeTokensAtomic(config);
+		result = { success: true };
+	});
+	tokensWriteQueue = next.catch(() => {});
+	await next;
+	return result;
+};
+const validateToken = async (token) => {
+	return (await readTokens()).tokens.find((t) => t.token === token) ?? null;
+};
+const hasScope = (tokenScope, requiredScope) => {
+	if (tokenScope === "master") return true;
+	if (tokenScope === "rw" && requiredScope === "ro") return true;
+	return tokenScope === requiredScope;
+};
+//#endregion
 //#region src/middleware/auth.ts
 const authMiddleware = createMiddleware(async (c, next) => {
 	const authHeader = c.req.header("Authorization");
@@ -120,6 +216,89 @@ const allocatePortBlock = async (instances, log) => {
 	return ports;
 };
 //#endregion
+//#region src/core/systemd.ts
+const daemonReload = () => execa("systemctl", ["daemon-reload"]);
+const enable = (name) => execa("systemctl", ["enable", name]);
+const start = (name) => execa("systemctl", ["start", name]);
+const stop = (name) => execa("systemctl", ["stop", name]);
+const restart = (name) => execa("systemctl", ["restart", name]);
+const listRunningInstances = async (appName) => {
+	try {
+		const { stdout } = await execa("systemctl", [
+			"list-units",
+			"--type=service",
+			"--state=running",
+			"--no-pager",
+			"--plain",
+			`${appName}@*`
+		]);
+		return stdout.split("\n").filter((line) => line.includes(`${appName}@`)).map((line) => {
+			const match = line.match(`${appName}@([0-9]+)\\.service`);
+			return match ? match[1] : null;
+		}).filter((port) => port !== null);
+	} catch {
+		return [];
+	}
+};
+//#endregion
+//#region src/core/proxy.ts
+const CONFIG_PATH = "/etc/rpxy/config.toml";
+let configWriteQueue = Promise.resolve();
+const writeConfigAtomic = async (config) => {
+	const toml = stringify(config);
+	const tmpPath = `${CONFIG_PATH}.tmp`;
+	await fs.writeFile(tmpPath, toml);
+	await fs.rename(tmpPath, CONFIG_PATH);
+};
+const readConfig = async () => {
+	return parse(await fs.readFile(CONFIG_PATH, "utf-8"));
+};
+const writeConfig = async (config) => {
+	await writeConfigAtomic(config);
+};
+const addApp = async (appName, serverName, ports) => {
+	const next = configWriteQueue.then(async () => {
+		const config = await readConfig();
+		const upstreams = ports.map((port) => ({ location: `127.0.0.1:${port}` }));
+		config.apps[appName] = {
+			server_name: serverName,
+			tls: {
+				https_redirection: true,
+				acme: true
+			},
+			reverse_proxy: [{
+				upstream: upstreams,
+				load_balance: "round_robin"
+			}]
+		};
+		await writeConfigAtomic(config);
+	});
+	configWriteQueue = next.catch(() => {});
+	await next;
+};
+const removeApp = async (appName) => {
+	const next = configWriteQueue.then(async () => {
+		const config = await readConfig();
+		const prefix = `${appName}-`;
+		config.apps = Object.fromEntries(Object.entries(config.apps).filter(([key]) => key !== appName && !key.startsWith(prefix)));
+		await writeConfigAtomic(config);
+	});
+	configWriteQueue = next.catch(() => {});
+	await next;
+};
+const createAcmeConfig = (email) => {
+	return {
+		listen_port: 80,
+		listen_port_tls: 443,
+		experimental: { acme: {
+			dir_url: "https://acme-v02.api.letsencrypt.org/directory",
+			email,
+			registry_path: "/var/lib/patiom/acme_registry"
+		} },
+		apps: {}
+	};
+};
+//#endregion
 //#region src/core/env.ts
 const envWriteQueues = /* @__PURE__ */ new Map();
 const getEnvWriteQueue = (appName) => {
@@ -187,6 +366,55 @@ const ensureStorageDir = async (appName, storageFolder, log) => {
 	log("Storage directory ready");
 };
 //#endregion
+//#region src/templates/systemd.ts
+const appServiceTemplate = ({ nodeBinPath, startScript }) => `[Unit]
+Description=Patiom App: %p (port %i)
+After=network.target
+
+[Service]
+Type=exec
+WorkingDirectory=${PATIOM_ROOT}/apps/%p/current
+ExecStart=${nodeBinPath}/pnpm run ${startScript}
+Restart=always
+EnvironmentFile=${PATIOM_ROOT}/apps/%p/shared/.env
+Environment=PORT=%i
+Environment=PATH=${nodeBinPath}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+DynamicUser=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=${PATIOM_ROOT}/apps/%p
+
+[Install]
+WantedBy=multi-user.target
+`;
+const rpxyServiceTemplate = ({ rpxyBinPath }) => `[Unit]
+Description=rpxy Reverse Proxy
+After=network.target
+
+[Service]
+ExecStart=${rpxyBinPath} --config /etc/rpxy/config.toml
+Restart=always
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+`;
+const daemonServiceTemplate = ({ nodeBinPath, port }) => `[Unit]
+Description=Patiom Daemon
+After=network.target
+
+[Service]
+Type=exec
+ExecStart=${nodeBinPath}/patiom-server serve
+Restart=always
+Environment=PORT=${port}
+Environment=PATH=${nodeBinPath}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+[Install]
+WantedBy=multi-user.target
+`;
+//#endregion
 //#region src/core/logs.ts
 const getLogPath = (appName, releaseId) => {
 	return path.join(getReleasesDir(appName), releaseId, "deploy.log");
@@ -643,9 +871,238 @@ app.route("/db", dbRoute);
 app.route("/apps", appsRoute);
 app.route("/logs", logsRoute);
 app.route("/tokens", tokensRoute);
-serve({
-	fetch: app.fetch,
-	port: Number(process.env.PORT) || 4e3
+const startServer = () => {
+	serve({
+		fetch: app.fetch,
+		port: Number(process.env.PORT) || 4e3
+	});
+};
+//#endregion
+//#region src/setup.ts
+const DAEMON_PORT = 4e3;
+const detectOS = async () => {
+	try {
+		return (await fs.readFile("/etc/os-release", "utf-8")).match(/^ID=(.+)$/mu)?.[1]?.trim().replaceAll(/^["']|["']$/gu, "") ?? "unknown";
+	} catch {
+		return "unknown";
+	}
+};
+const detectIP = async () => {
+	try {
+		const { stdout } = await execa("curl", ["-s", "https://api.ipify.org"]);
+		return stdout.trim();
+	} catch {
+		consola.warn("Could not detect public IP");
+		return "unknown";
+	}
+};
+const configureFirewall = async (os, port) => {
+	if (!await confirm({
+		message: "Configure firewall?",
+		default: true
+	})) {
+		consola.info("Skipping firewall configuration");
+		return;
+	}
+	if (os === "ubuntu" || os === "debian") {
+		consola.start("Configuring UFW...");
+		await execa("ufw", [
+			"default",
+			"deny",
+			"incoming"
+		]);
+		await execa("ufw", [
+			"default",
+			"allow",
+			"outgoing"
+		]);
+		await execa("ufw", ["allow", "22/tcp"]);
+		await execa("ufw", ["allow", "80/tcp"]);
+		await execa("ufw", ["allow", "443/tcp"]);
+		await execa("ufw", ["allow", `${port}/tcp`]);
+		await execa("ufw", ["--force", "enable"]);
+		consola.success("UFW configured");
+	} else if ([
+		"almalinux",
+		"rocky",
+		"centos",
+		"fedora",
+		"rhel"
+	].includes(os)) {
+		consola.start("Configuring Firewalld...");
+		await execa("systemctl", [
+			"enable",
+			"--now",
+			"firewalld"
+		]);
+		await execa("firewall-cmd", [
+			"--permanent",
+			"--zone=public",
+			"--add-port=22/tcp"
+		]);
+		await execa("firewall-cmd", [
+			"--permanent",
+			"--zone=public",
+			"--add-port=80/tcp"
+		]);
+		await execa("firewall-cmd", [
+			"--permanent",
+			"--zone=public",
+			"--add-port=443/tcp"
+		]);
+		await execa("firewall-cmd", [
+			"--permanent",
+			"--zone=public",
+			"--add-port",
+			`${port}/tcp`
+		]);
+		await execa("firewall-cmd", ["--reload"]);
+		await execa("setsebool", [
+			"-P",
+			"httpd_can_network_connect",
+			"1"
+		]);
+		consola.success("Firewalld configured");
+	} else consola.warn(`Unsupported OS for firewall: ${os}`);
+};
+const configureACME = async () => {
+	return { email: await input({
+		message: "Email for Let's Encrypt certificates:",
+		validate: (v) => v.includes("@") ? true : "Please enter a valid email"
+	}) };
+};
+const setupPatiomDirs = async () => {
+	await fs.mkdir(PATIOM_ROOT, { recursive: true });
+	await fs.mkdir(path.join(PATIOM_ROOT, "apps"), { recursive: true });
+	await fs.mkdir(path.join(PATIOM_ROOT, "acme_registry"), { recursive: true });
+};
+const generateMasterToken = async () => {
+	const token = {
+		id: ulid(),
+		name: "Master Token",
+		token: crypto.randomBytes(16).toString("hex"),
+		scope: "master",
+		createdAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+	await writeTokens({ tokens: [token] });
+	return token.token;
+};
+const writeIP = async (ip) => {
+	const ipPath = path.join(PATIOM_ROOT, "ip");
+	await fs.writeFile(ipPath, ip);
+};
+const writeSystemdUnit = async (name, content) => {
+	const unitPath = `/etc/systemd/system/${name}.service`;
+	await fs.writeFile(unitPath, content);
+};
+const installServices = async (nodeBinPath) => {
+	await writeSystemdUnit("rpxy", rpxyServiceTemplate({ rpxyBinPath: "/usr/local/bin/rpxy" }));
+	await writeSystemdUnit("patiom-daemon", daemonServiceTemplate({
+		nodeBinPath,
+		port: DAEMON_PORT
+	}));
+	await daemonReload();
+	await enable("rpxy");
+	await start("rpxy");
+	consola.success("rpxy started");
+	await enable("patiom-daemon");
+	await start("patiom-daemon");
+	consola.success("Patiom daemon started");
+};
+const setup = async () => {
+	console.log("");
+	consola.info("Patiom Server Setup");
+	console.log("");
+	const os = await detectOS();
+	consola.info(`Detected OS: ${os}`);
+	if (os === "unknown") {
+		consola.error("Unsupported OS. Please use Ubuntu, Debian, AlmaLinux, Rocky, CentOS, Fedora, or RHEL.");
+		process.exit(1);
+	}
+	await configureFirewall(os, DAEMON_PORT);
+	console.log("");
+	const { email } = await configureACME();
+	console.log("");
+	consola.start("Setting up Patiom...");
+	await setupPatiomDirs();
+	const token = await generateMasterToken();
+	consola.success("Auth token generated");
+	const ip = await detectIP();
+	await writeIP(ip);
+	consola.success(`Public IP: ${ip}`);
+	await writeConfig(createAcmeConfig(email));
+	consola.success("rpxy config written");
+	await installServices(path.dirname(process.execPath));
+	console.log("");
+	consola.success("Patiom server setup complete!");
+	console.log("");
+	console.log(`Auth token: ${token}`);
+	console.log("");
+	consola.info("Next steps:");
+	console.log(`  patiom login --url http://${ip}:${DAEMON_PORT} --token ${token}`);
+	console.log("");
+};
+const runSetup = async () => {
+	try {
+		await setup();
+	} catch (err) {
+		consola.error("Setup failed:", err);
+		process.exit(1);
+	}
+};
+//#endregion
+//#region src/index.ts
+consola.options.formatOptions = { date: false };
+const skipRootOpt = "--devSkipRootCheck";
+const checkRoot = (skip) => {
+	if (skip) return;
+	if (process.getuid?.() !== 0) {
+		consola.error("This command must be run as root. Try: sudo patiom-server <command>");
+		process.exit(1);
+	}
+};
+program.name("patiom-server").description("Patiom daemon — bare-metal deployment server");
+program.command("serve").description("Start the daemon HTTP server").option(skipRootOpt, "Skip root check for development").action((options) => {
+	checkRoot(options.devSkipRootCheck);
+	startServer();
+});
+program.command("setup").description("Interactive first-time server setup").option(skipRootOpt, "Skip root check for development").action((options) => {
+	checkRoot(options.devSkipRootCheck);
+	return runSetup();
+});
+program.command("upgrade").description("Update the daemon package and restart the service").option(skipRootOpt, "Skip root check for development").action(async (options) => {
+	checkRoot(options.devSkipRootCheck);
+	consola.info(`Current version: ${version}`);
+	let latest = null;
+	try {
+		const { stdout } = await execa("pnpm", [
+			"info",
+			"@patiom/daemon",
+			"version"
+		]);
+		latest = stdout.trim();
+	} catch {
+		consola.warn("Could not check npm registry, proceeding with update...");
+	}
+	if (latest && latest === version) {
+		consola.success("Already up to date");
+		return;
+	}
+	if (latest) consola.info(`Latest version: ${latest}`);
+	consola.start("Updating @patiom/daemon...");
+	await execa("pnpm", [
+		"update",
+		"-g",
+		"@patiom/daemon"
+	]);
+	const pkgPath = path.resolve(import.meta.dirname, "..", "package.json");
+	const newVersion = JSON.parse(readFileSync(pkgPath, "utf-8")).version;
+	consola.success(`Updated to ${newVersion}`);
+	consola.start("Restarting patiom-daemon service...");
+	await restart("patiom-daemon");
+	consola.success("Daemon restarted");
 });
+program.version(version);
+program.parse();
 //#endregion
 export {};

package/package.json

@@ -1,7 +1,10 @@
 {
   "name": "@patiom/daemon",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "type": "module",
+  "bin": {
+    "patiom-server": "./dist/index.js"
+  },
   "files": [
     "dist"
   ],
@@ -9,6 +12,7 @@
     "@hono/node-server": "^2.0.4",
     "@inquirer/prompts": "^7.8.2",
     "adm-zip": "^0.5.17",
+    "commander": "^15.0.0",
     "consola": "^3.4.2",
     "dotenv": "^16.4.7",
     "execa": "^9.6.1",
@@ -25,11 +29,11 @@
     "typescript": "^5.8.0"
   },
   "engines": {
-    "node": ">=20.0.0"
+    "node": ">=20.11.0"
   },
   "license": "ISC",
   "scripts": {
-    "dev": "tsx watch src/server.ts",
+    "dev": "tsx watch src/index.ts serve --devSkipRootCheck",
     "build": "tsdown"
   }
 }

package/dist/setup.js

@@ -1,189 +0,0 @@
-import { a as createAcmeConfig, c as daemonReload, d as start, l as enable, n as daemonServiceTemplate, r as rpxyServiceTemplate, s as writeConfig, v as writeTokens, x as PATIOM_ROOT } from "./systemd-C0OpX8Bk.js";
-import fs from "node:fs/promises";
-import path from "node:path";
-import crypto from "node:crypto";
-import { ulid } from "ulid";
-import { execa } from "execa";
-import { confirm, input } from "@inquirer/prompts";
-import { consola } from "consola";
-//#region src/setup.ts
-const DAEMON_PORT = 4e3;
-const DAEMON_BIN_PATH = "/opt/patiom/daemon/dist/server.js";
-const checkRoot = () => {
-	if (process.getuid?.() !== 0) {
-		consola.error("This script must be run as root. Try: sudo patiom-server setup");
-		process.exit(1);
-	}
-};
-const detectOS = async () => {
-	try {
-		return (await fs.readFile("/etc/os-release", "utf-8")).match(/^ID=(.+)$/mu)?.[1]?.trim().replaceAll(/^["']|["']$/gu, "") ?? "unknown";
-	} catch {
-		return "unknown";
-	}
-};
-const detectIP = async () => {
-	try {
-		const { stdout } = await execa("curl", ["-s", "https://api.ipify.org"]);
-		return stdout.trim();
-	} catch {
-		consola.warn("Could not detect public IP");
-		return "unknown";
-	}
-};
-const configureFirewall = async (os, port) => {
-	if (!await confirm({
-		message: "Configure firewall?",
-		default: true
-	})) {
-		consola.info("Skipping firewall configuration");
-		return;
-	}
-	if (os === "ubuntu" || os === "debian") {
-		consola.start("Configuring UFW...");
-		await execa("ufw", [
-			"default",
-			"deny",
-			"incoming"
-		]);
-		await execa("ufw", [
-			"default",
-			"allow",
-			"outgoing"
-		]);
-		await execa("ufw", ["allow", "22/tcp"]);
-		await execa("ufw", ["allow", "80/tcp"]);
-		await execa("ufw", ["allow", "443/tcp"]);
-		await execa("ufw", ["allow", `${port}/tcp`]);
-		await execa("ufw", ["--force", "enable"]);
-		consola.success("UFW configured");
-	} else if ([
-		"almalinux",
-		"rocky",
-		"centos",
-		"fedora",
-		"rhel"
-	].includes(os)) {
-		consola.start("Configuring Firewalld...");
-		await execa("systemctl", [
-			"enable",
-			"--now",
-			"firewalld"
-		]);
-		await execa("firewall-cmd", [
-			"--permanent",
-			"--zone=public",
-			"--add-port=22/tcp"
-		]);
-		await execa("firewall-cmd", [
-			"--permanent",
-			"--zone=public",
-			"--add-port=80/tcp"
-		]);
-		await execa("firewall-cmd", [
-			"--permanent",
-			"--zone=public",
-			"--add-port=443/tcp"
-		]);
-		await execa("firewall-cmd", [
-			"--permanent",
-			"--zone=public",
-			"--add-port",
-			`${port}/tcp`
-		]);
-		await execa("firewall-cmd", ["--reload"]);
-		await execa("setsebool", [
-			"-P",
-			"httpd_can_network_connect",
-			"1"
-		]);
-		consola.success("Firewalld configured");
-	} else consola.warn(`Unsupported OS for firewall: ${os}`);
-};
-const configureACME = async () => {
-	return { email: await input({
-		message: "Email for Let's Encrypt certificates:",
-		validate: (v) => v.includes("@") ? true : "Please enter a valid email"
-	}) };
-};
-const setupPatiomDirs = async () => {
-	await fs.mkdir(PATIOM_ROOT, { recursive: true });
-	await fs.mkdir(path.join(PATIOM_ROOT, "apps"), { recursive: true });
-	await fs.mkdir(path.join(PATIOM_ROOT, "acme_registry"), { recursive: true });
-};
-const generateMasterToken = async () => {
-	const token = {
-		id: ulid(),
-		name: "Master Token",
-		token: crypto.randomBytes(16).toString("hex"),
-		scope: "master",
-		createdAt: (/* @__PURE__ */ new Date()).toISOString()
-	};
-	await writeTokens({ tokens: [token] });
-	return token.token;
-};
-const writeIP = async (ip) => {
-	const ipPath = path.join(PATIOM_ROOT, "ip");
-	await fs.writeFile(ipPath, ip);
-};
-const writeSystemdUnit = async (name, content) => {
-	const unitPath = `/etc/systemd/system/${name}.service`;
-	await fs.writeFile(unitPath, content);
-};
-const installServices = async (nodeBinPath) => {
-	await writeSystemdUnit("rpxy", rpxyServiceTemplate({ rpxyBinPath: "/usr/local/bin/rpxy" }));
-	await writeSystemdUnit("patiom-daemon", daemonServiceTemplate({
-		nodeBinPath,
-		daemonBinPath: DAEMON_BIN_PATH,
-		port: DAEMON_PORT
-	}));
-	await daemonReload();
-	await enable("rpxy");
-	await start("rpxy");
-	consola.success("rpxy started");
-	await enable("patiom-daemon");
-	await start("patiom-daemon");
-	consola.success("Patiom daemon started");
-};
-const setup = async () => {
-	console.log("");
-	consola.info("Patiom Server Setup");
-	console.log("");
-	checkRoot();
-	const os = await detectOS();
-	consola.info(`Detected OS: ${os}`);
-	if (os === "unknown") {
-		consola.error("Unsupported OS. Please use Ubuntu, Debian, AlmaLinux, Rocky, CentOS, Fedora, or RHEL.");
-		process.exit(1);
-	}
-	await configureFirewall(os, DAEMON_PORT);
-	console.log("");
-	const { email } = await configureACME();
-	console.log("");
-	consola.start("Setting up Patiom...");
-	await setupPatiomDirs();
-	const token = await generateMasterToken();
-	consola.success("Auth token generated");
-	const ip = await detectIP();
-	await writeIP(ip);
-	consola.success(`Public IP: ${ip}`);
-	await writeConfig(createAcmeConfig(email));
-	consola.success("rpxy config written");
-	await installServices(path.dirname(process.execPath));
-	console.log("");
-	consola.success("Patiom server setup complete!");
-	console.log("");
-	console.log(`Auth token: ${token}`);
-	console.log("");
-	consola.info("Next steps:");
-	console.log(`  patiom login --url http://${ip}:${DAEMON_PORT} --token ${token}`);
-	console.log("");
-};
-try {
-	await setup();
-} catch (err) {
-	consola.error("Setup failed:", err);
-	process.exit(1);
-}
-//#endregion
-export {};

package/dist/systemd-C0OpX8Bk.js

@@ -1,227 +0,0 @@
-import fs from "node:fs/promises";
-import path from "node:path";
-import crypto from "node:crypto";
-import { ulid } from "ulid";
-import { execa } from "execa";
-import { parse, stringify } from "smol-toml";
-//#region src/config.ts
-const PATIOM_ROOT = "/var/lib/patiom";
-const APPS_DIR = path.join(PATIOM_ROOT, "apps");
-path.join(PATIOM_ROOT, "ip");
-const PORT_MIN = 5e4;
-const PORT_MAX = 51e3;
-const DEFAULT_STORAGE_FOLDER = "storage";
-//#endregion
-//#region src/core/tokens.ts
-const TOKENS_FILE = path.join(PATIOM_ROOT, "tokens.json");
-let tokensWriteQueue = Promise.resolve();
-const writeTokensAtomic = async (config) => {
-	const tmpPath = `${TOKENS_FILE}.tmp`;
-	await fs.writeFile(tmpPath, JSON.stringify(config, null, 2), { mode: 384 });
-	await fs.rename(tmpPath, TOKENS_FILE);
-};
-const readTokens = async () => {
-	try {
-		const content = await fs.readFile(TOKENS_FILE, "utf-8");
-		return JSON.parse(content);
-	} catch {
-		return { tokens: [] };
-	}
-};
-const writeTokens = async (config) => {
-	await writeTokensAtomic(config);
-};
-const createToken = async (name, scope) => {
-	const token = {
-		id: ulid(),
-		name,
-		token: crypto.randomBytes(16).toString("hex"),
-		scope,
-		createdAt: (/* @__PURE__ */ new Date()).toISOString()
-	};
-	const next = tokensWriteQueue.then(async () => {
-		const config = await readTokens();
-		config.tokens.push(token);
-		await writeTokensAtomic(config);
-	});
-	tokensWriteQueue = next.catch(() => {});
-	await next;
-	return token;
-};
-const listTokens = async () => {
-	return (await readTokens()).tokens.map(({ token, ...rest }) => ({
-		...rest,
-		last8: token.slice(-8)
-	}));
-};
-const revokeToken = async (id) => {
-	let result = {
-		success: false,
-		error: "Token not found"
-	};
-	const next = tokensWriteQueue.then(async () => {
-		const config = await readTokens();
-		const token = config.tokens.find((t) => t.id === id);
-		if (!token) {
-			result = {
-				success: false,
-				error: "Token not found"
-			};
-			return;
-		}
-		if (token.scope === "master") {
-			result = {
-				success: false,
-				error: "Cannot revoke master token"
-			};
-			return;
-		}
-		config.tokens = config.tokens.filter((t) => t.id !== id);
-		await writeTokensAtomic(config);
-		result = { success: true };
-	});
-	tokensWriteQueue = next.catch(() => {});
-	await next;
-	return result;
-};
-const validateToken = async (token) => {
-	return (await readTokens()).tokens.find((t) => t.token === token) ?? null;
-};
-const hasScope = (tokenScope, requiredScope) => {
-	if (tokenScope === "master") return true;
-	if (tokenScope === "rw" && requiredScope === "ro") return true;
-	return tokenScope === requiredScope;
-};
-//#endregion
-//#region src/core/systemd.ts
-const daemonReload = () => execa("systemctl", ["daemon-reload"]);
-const enable = (name) => execa("systemctl", ["enable", name]);
-const start = (name) => execa("systemctl", ["start", name]);
-const stop = (name) => execa("systemctl", ["stop", name]);
-const listRunningInstances = async (appName) => {
-	try {
-		const { stdout } = await execa("systemctl", [
-			"list-units",
-			"--type=service",
-			"--state=running",
-			"--no-pager",
-			"--plain",
-			`${appName}@*`
-		]);
-		return stdout.split("\n").filter((line) => line.includes(`${appName}@`)).map((line) => {
-			const match = line.match(`${appName}@([0-9]+)\\.service`);
-			return match ? match[1] : null;
-		}).filter((port) => port !== null);
-	} catch {
-		return [];
-	}
-};
-//#endregion
-//#region src/core/proxy.ts
-const CONFIG_PATH = "/etc/rpxy/config.toml";
-let configWriteQueue = Promise.resolve();
-const writeConfigAtomic = async (config) => {
-	const toml = stringify(config);
-	const tmpPath = `${CONFIG_PATH}.tmp`;
-	await fs.writeFile(tmpPath, toml);
-	await fs.rename(tmpPath, CONFIG_PATH);
-};
-const readConfig = async () => {
-	return parse(await fs.readFile(CONFIG_PATH, "utf-8"));
-};
-const writeConfig = async (config) => {
-	await writeConfigAtomic(config);
-};
-const addApp = async (appName, serverName, ports) => {
-	const next = configWriteQueue.then(async () => {
-		const config = await readConfig();
-		const upstreams = ports.map((port) => ({ location: `127.0.0.1:${port}` }));
-		config.apps[appName] = {
-			server_name: serverName,
-			tls: {
-				https_redirection: true,
-				acme: true
-			},
-			reverse_proxy: [{
-				upstream: upstreams,
-				load_balance: "round_robin"
-			}]
-		};
-		await writeConfigAtomic(config);
-	});
-	configWriteQueue = next.catch(() => {});
-	await next;
-};
-const removeApp = async (appName) => {
-	const next = configWriteQueue.then(async () => {
-		const config = await readConfig();
-		const prefix = `${appName}-`;
-		config.apps = Object.fromEntries(Object.entries(config.apps).filter(([key]) => key !== appName && !key.startsWith(prefix)));
-		await writeConfigAtomic(config);
-	});
-	configWriteQueue = next.catch(() => {});
-	await next;
-};
-const createAcmeConfig = (email) => {
-	return {
-		listen_port: 80,
-		listen_port_tls: 443,
-		experimental: { acme: {
-			dir_url: "https://acme-v02.api.letsencrypt.org/directory",
-			email,
-			registry_path: "/var/lib/patiom/acme_registry"
-		} },
-		apps: {}
-	};
-};
-//#endregion
-//#region src/templates/systemd.ts
-const appServiceTemplate = ({ nodeBinPath, startScript }) => `[Unit]
-Description=Patiom App: %p (port %i)
-After=network.target
-
-[Service]
-Type=exec
-WorkingDirectory=${PATIOM_ROOT}/apps/%p/current
-ExecStart=${nodeBinPath}/pnpm run ${startScript}
-Restart=always
-EnvironmentFile=${PATIOM_ROOT}/apps/%p/shared/.env
-Environment=PORT=%i
-Environment=PATH=${nodeBinPath}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-DynamicUser=yes
-ProtectSystem=strict
-ProtectHome=yes
-ReadWritePaths=${PATIOM_ROOT}/apps/%p
-
-[Install]
-WantedBy=multi-user.target
-`;
-const rpxyServiceTemplate = ({ rpxyBinPath }) => `[Unit]
-Description=rpxy Reverse Proxy
-After=network.target
-
-[Service]
-ExecStart=${rpxyBinPath} --config /etc/rpxy/config.toml
-Restart=always
-LimitNOFILE=65536
-
-[Install]
-WantedBy=multi-user.target
-`;
-const daemonServiceTemplate = ({ nodeBinPath, daemonBinPath, port }) => `[Unit]
-Description=Patiom Daemon
-After=network.target
-
-[Service]
-Type=exec
-ExecStart=${nodeBinPath}/node ${daemonBinPath}
-Restart=always
-Environment=PORT=${port}
-Environment=PATH=${nodeBinPath}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-[Install]
-WantedBy=multi-user.target
-`;
-//#endregion
-export { PORT_MIN as C, PORT_MAX as S, validateToken as _, createAcmeConfig as a, DEFAULT_STORAGE_FOLDER as b, daemonReload as c, start as d, stop as f, revokeToken as g, listTokens as h, addApp as i, enable as l, hasScope as m, daemonServiceTemplate as n, removeApp as o, createToken as p, rpxyServiceTemplate as r, writeConfig as s, appServiceTemplate as t, listRunningInstances as u, writeTokens as v, PATIOM_ROOT as x, APPS_DIR as y };