@powerhousedao/ph-cli 0.41.3 → 2.5.0-dev.1

package/dist/scripts/setup-environment

@@ -0,0 +1,423 @@
+#!/usr/bin/env bash
+
+# =============================================================================
+# Configuration
+# =============================================================================
+TARGET_TAG=${1:-"latest"}
+PROJECT_NAME=${2:-"global"}
+
+# =============================================================================
+# OS Detection and Windows Handling
+# =============================================================================
+if [[ "$OSTYPE" == "msys" || "$OSTYPE" == "win32" ]]; then
+    if [ -f "$0.ps1" ]; then
+        powershell -ExecutionPolicy Bypass -File "$0.ps1" -TARGET_TAG "$TARGET_TAG"
+    else
+        echo "Error: Windows setup script (setup-environment.ps1) not found"
+        exit 1
+    fi
+else
+    # =============================================================================
+    # Package Installation
+    # =============================================================================
+    sudo apt install -y postgresql postgresql-contrib nginx nginx-module-brotli
+    sudo ln -sf /usr/share/nginx/modules-available/mod-brotli.conf /etc/nginx/modules-enabled/50-mod-brotli.conf
+
+    # =============================================================================
+    # Interactive Package Installation
+    # =============================================================================
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  Package Installation"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    while true; do
+        read -p "Enter package name to install (or press Enter to skip): " package_name
+        if [ -z "$package_name" ]; then
+            break
+        fi
+        ph install "$package_name"
+    done
+
+    # =============================================================================
+    # Connect Build
+    # =============================================================================
+    ph connect build
+    cp -r .ph/connect-build/dist /var/www/html/$PROJECT_NAME
+
+    # =============================================================================
+    # Database Configuration
+    # =============================================================================
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  Database Configuration"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "Choose database type:"
+    echo "1) Local PostgreSQL database"
+    echo "2) Remote PostgreSQL database"
+    read -p "Enter your choice (1 or 2): " db_choice
+
+    if [ "$db_choice" = "1" ]; then
+        echo "Setting up local PostgreSQL database..."
+        
+        # Generate database credentials
+        DB_PASSWORD="powerhouse"
+        DB_USER="powerhouse"
+        # Convert to lowercase, replace dots with underscores, replace special chars with underscore, ensure starts with letter
+        DB_NAME="powerhouse_$(echo "${PROJECT_NAME}" | tr '[:upper:]' '[:lower:]' | sed 's/\./_/g' | sed 's/[^a-z0-9]/_/g' | sed 's/^[^a-z]/p_/' | cut -c1-63)"
+        
+        # Check if database already exists
+        if sudo -u postgres psql -lqt | cut -d \| -f 1 | grep -qw $DB_NAME; then
+            echo "Database $DB_NAME already exists"
+            read -p "Do you want to recreate it? (y/n): " recreate_db
+            if [ "$recreate_db" = "y" ]; then
+                sudo -u postgres psql -c "DROP DATABASE $DB_NAME;"
+            else
+                echo "Using existing database"
+            fi
+        fi
+        
+        # Create database and user if they don't exist
+        sudo -u postgres psql << EOF
+DO
+\$do\$
+BEGIN
+   IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$DB_USER') THEN
+      CREATE USER $DB_USER WITH PASSWORD '$DB_PASSWORD';
+   END IF;
+END
+\$do\$;
+
+CREATE DATABASE $DB_NAME OWNER $DB_USER;
+GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;
+EOF
+        
+        # Configure PostgreSQL
+        sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = 'localhost'/" /etc/postgresql/*/main/postgresql.conf
+        
+        # Set DATABASE_URL for local database
+        DATABASE_URL="postgresql://$DB_USER:$DB_PASSWORD@localhost:5432/$DB_NAME"
+        
+        echo "Local database configured successfully!"
+        echo "Database URL: $DATABASE_URL"
+        echo "Please save these credentials securely!"
+    else
+        echo "Enter remote PostgreSQL URL (format: postgresql://user:password@host:port/db)"
+        echo "Example: postgresql://powerhouse:password@db.example.com:5432/powerhouse"
+        read -p "DATABASE_URL: " DATABASE_URL
+    fi
+
+    # Save DATABASE_URL to .env file
+    echo "DATABASE_URL=$DATABASE_URL" | sudo tee -a .env
+
+    # =============================================================================
+    # SSL Configuration
+    # =============================================================================
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  SSL Configuration"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "Choose SSL configuration:"
+    echo "1) Let's Encrypt certificates for domains"
+    echo "2) Self-signed certificate for machine hostname"
+    read -p "Enter your choice (1 or 2): " ssl_choice
+
+    if [ "$ssl_choice" = "1" ]; then
+        # Install certbot
+        sudo apt install -y certbot python3-certbot-nginx
+        
+        # =============================================================================
+        # Domain Setup
+        # =============================================================================
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "  Domain Setup"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        read -p "Enter Connect domain (e.g. connect.google.com): " connect_domain
+        read -p "Enter Switchboard domain (e.g. switchboard.google.com): " switchboard_domain
+
+        echo "Using domains:"
+        echo "Connect: $connect_domain"
+        echo "Switchboard: $switchboard_domain"
+
+        # Generate temporary SSL certificates
+        echo "Generating temporary SSL certificates..."
+        sudo mkdir -p /etc/nginx/ssl
+        sudo openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
+            -keyout /etc/nginx/ssl/temp.key \
+            -out /etc/nginx/ssl/temp.crt \
+            -subj "/CN=$connect_domain" \
+            -addext "subjectAltName = DNS:$connect_domain,DNS:$switchboard_domain"
+
+        # Check if Nginx configuration already exists
+        if [ -f "/etc/nginx/sites-available/$PROJECT_NAME" ]; then
+            echo "Nginx configuration for $PROJECT_NAME already exists"
+            read -p "Do you want to overwrite it? (y/n): " overwrite_nginx
+            if [ "$overwrite_nginx" != "y" ]; then
+                echo "Keeping existing Nginx configuration"
+            else
+                # Create Nginx configuration for domains
+                echo "Creating Nginx configuration..."
+                sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+# Compression settings
+brotli on;
+brotli_comp_level 6;
+brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+brotli_static on;
+
+gzip on;
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+gzip_min_length 1000;
+gzip_buffers 16 8k;
+
+server {
+    listen 80;
+    server_name $connect_domain $switchboard_domain;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $connect_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    if (\$http_x_forwarded_proto = "http") {
+        return 301 https://\$server_name\$request_uri;
+    }
+    
+    location / {
+        root $PWD/.ph/connect-build/dist;
+        try_files \$uri \$uri/ /index.html;
+        add_header Cache-Control "no-cache";
+        add_header X-Forwarded-Proto \$scheme;
+        add_header X-Forwarded-Host \$host;
+        add_header X-Forwarded-Port \$server_port;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $switchboard_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    location / {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+EOF
+            fi
+        else
+            # Create Nginx configuration for domains
+            echo "Creating Nginx configuration..."
+            sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+# Compression settings
+brotli on;
+brotli_comp_level 6;
+brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+brotli_static on;
+
+gzip on;
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+gzip_min_length 1000;
+gzip_buffers 16 8k;
+
+server {
+    listen 80;
+    server_name $connect_domain $switchboard_domain;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $connect_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    if (\$http_x_forwarded_proto = "http") {
+        return 301 https://\$server_name\$request_uri;
+    }
+    
+    location / {
+        root /var/www/html/$PROJECT_NAME;
+        try_files \$uri \$uri/ /index.html;
+        add_header Cache-Control "no-cache";
+        add_header X-Forwarded-Proto \$scheme;
+        add_header X-Forwarded-Host \$host;
+        add_header X-Forwarded-Port \$server_port;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $switchboard_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    location / {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+EOF
+        fi
+
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+
+        # Test Nginx configuration
+        sudo nginx -t
+
+        # Obtain SSL certificates
+        echo "Obtaining SSL certificates..."
+        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email admin@$connect_domain
+
+        # Remove temporary certificates
+        sudo rm -f /etc/nginx/ssl/temp.*
+
+    else
+        # Get machine hostname
+        hostname=$(hostname)
+        
+        # Generate self-signed certificate
+        echo "Generating self-signed certificate for $hostname..."
+        sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+            -keyout /etc/ssl/private/$hostname.key \
+            -out /etc/ssl/certs/$hostname.crt \
+            -subj "/CN=$hostname" \
+            -addext "subjectAltName = DNS:$hostname"
+
+        # Create Nginx configuration for self-signed
+        echo "Creating Nginx configuration..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+# Compression settings
+brotli on;
+brotli_comp_level 6;
+brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+brotli_static on;
+
+gzip on;
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+gzip_min_length 1000;
+gzip_buffers 16 8k;
+
+server {
+    listen 80;
+    server_name $hostname;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $hostname;
+    
+    ssl_certificate /etc/ssl/certs/$hostname.crt;
+    ssl_certificate_key /etc/ssl/private/$hostname.key;
+    
+    location /connect {
+        proxy_pass http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+
+    location /switchboard {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+EOF
+
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+
+        # Test Nginx configuration
+        sudo nginx -t
+    fi
+
+    # =============================================================================
+    # Database Schema Setup
+    # =============================================================================
+    pnpm prisma db push --schema node_modules/document-drive/dist/prisma/schema.prisma
+
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  Environment setup complete!"
+    echo "  Use 'ph service start' to start services"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+fi