@powerhousedao/ph-cli 6.0.0-dev.28 → 6.0.0-dev.29

package/dist/scripts/setup-environment

@@ -1,423 +0,0 @@
-#!/usr/bin/env bash
-
-# =============================================================================
-# Configuration
-# =============================================================================
-TARGET_TAG=${1:-"latest"}
-PROJECT_NAME=${2:-"global"}
-
-# Nginx config file name - remove leading dot to avoid hidden file issues
-# (nginx's include directive with * glob doesn't match hidden files)
-NGINX_CONFIG_NAME="${PROJECT_NAME#.}"
-if [ "$NGINX_CONFIG_NAME" = "" ]; then
-    NGINX_CONFIG_NAME="default-ph"
-fi
-
-# Function to find an available port
-find_available_port() {
-    local port=4001
-    while netstat -tuln | grep -q ":$port "; do
-        port=$((port + 1))
-    done
-    echo $port
-}
-
-# =============================================================================
-# OS Detection and Windows Handling
-# =============================================================================
-if [[ "$OSTYPE" == "msys" || "$OSTYPE" == "win32" ]]; then
-    if [ -f "$0.ps1" ]; then
-        powershell -ExecutionPolicy Bypass -File "$0.ps1" -TARGET_TAG "$TARGET_TAG"
-    else
-        echo "Error: Windows setup script (setup-environment.ps1) not found"
-        exit 1
-    fi
-else
-    # =============================================================================
-    # Package Installation
-    # =============================================================================
-    sudo apt install -y postgresql postgresql-contrib nginx libnginx-mod-http-brotli-static libnginx-mod-http-brotli-filter
-    sudo sed -i 's/# gzip_vary/gzip_vary/; s/# gzip_proxied/gzip_proxied/; s/# gzip_comp_level/gzip_comp_level/; s/# gzip_buffers/gzip_buffers/; s/# gzip_http_version/gzip_http_version/; s/# gzip_types/gzip_types/' /etc/nginx/nginx.conf
-
-    # =============================================================================
-    # Interactive Package Installation
-    # =============================================================================
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-    echo "  Package Installation"
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-    while true; do
-        read -p "Enter package name to install (or press Enter to skip): " package_name
-        if [ -z "$package_name" ]; then
-            break
-        fi
-        ph install "$package_name"
-    done
-
-    # =============================================================================
-    # Connect Build
-    # =============================================================================
-    ph connect build
-    sudo mkdir -p /var/www/html/$PROJECT_NAME
-    sudo cp -r .ph/connect-build/dist/* /var/www/html/$PROJECT_NAME/
-
-    # =============================================================================
-    # Database Configuration
-    # =============================================================================
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-    echo "  Database Configuration"
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-    echo "Choose database type:"
-    echo "1) Local PostgreSQL database"
-    echo "2) Remote PostgreSQL database"
-    read -p "Enter your choice (1 or 2): " db_choice
-
-    if [ "$db_choice" = "1" ]; then
-        echo "Setting up local PostgreSQL database..."
-        
-        # Generate database credentials
-        DB_PASSWORD="powerhouse"
-        DB_USER="powerhouse"
-        # Convert to lowercase, replace dots with underscores, replace special chars with underscore, ensure starts with letter
-        DB_NAME="powerhouse_$(echo "${PROJECT_NAME}" | tr '[:upper:]' '[:lower:]' | sed 's/\./_/g' | sed 's/[^a-z0-9]/_/g' | sed 's/^[^a-z]/p_/' | cut -c1-63)"
-        
-        # Check if database already exists
-        SKIP_DB_CREATE=false
-        if sudo -u postgres psql -lqt | cut -d \| -f 1 | grep -qw $DB_NAME; then
-            echo "Database $DB_NAME already exists"
-            read -p "Do you want to recreate it? (y/n): " recreate_db
-            if [ "$recreate_db" = "y" ]; then
-                sudo -u postgres psql -c "DROP DATABASE $DB_NAME;"
-            else
-                echo "Using existing database"
-                SKIP_DB_CREATE=true
-            fi
-        fi
-
-        # Create user if it doesn't exist
-        sudo -u postgres psql << EOF
-DO
-\$do\$
-BEGIN
-   IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$DB_USER') THEN
-      CREATE USER $DB_USER WITH PASSWORD '$DB_PASSWORD';
-   END IF;
-END
-\$do\$;
-EOF
-
-        # Create database if needed
-        if [ "$SKIP_DB_CREATE" = "false" ]; then
-            sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
-        fi
-
-        # Grant privileges
-        sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
-        
-        # Configure PostgreSQL
-        sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = 'localhost'/" /etc/postgresql/*/main/postgresql.conf
-        
-        # Set DATABASE_URL for local database
-        DATABASE_URL="postgresql://$DB_USER:$DB_PASSWORD@localhost:5432/$DB_NAME"
-        
-        echo "Local database configured successfully!"
-        echo "Database URL: $DATABASE_URL"
-        echo "Please save these credentials securely!"
-    else
-        echo "Enter remote PostgreSQL URL (format: postgresql://user:password@host:port/db)"
-        echo "Example: postgresql://powerhouse:password@db.example.com:5432/powerhouse"
-        read -p "DATABASE_URL: " DATABASE_URL
-    fi
-
-    # Save DATABASE_URL to .env file (update if exists, append if not)
-    if grep -q "^DATABASE_URL=" .env 2>/dev/null; then
-        sudo sed -i "s|^DATABASE_URL=.*|DATABASE_URL=$DATABASE_URL|" .env
-    else
-        echo "DATABASE_URL=$DATABASE_URL" | sudo tee -a .env
-    fi
-
-    # =============================================================================
-    # SSL Configuration
-    # =============================================================================
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-    echo "  SSL Configuration"
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-
-    # Find an available port for Switchboard
-    SWITCHBOARD_PORT=$(find_available_port)
-    echo "Using port $SWITCHBOARD_PORT for Switchboard"
-
-    # Save Switchboard port to configuration (update if exists, append if not)
-    if grep -q "^SWITCHBOARD_PORT=" .env 2>/dev/null; then
-        sudo sed -i "s|^SWITCHBOARD_PORT=.*|SWITCHBOARD_PORT=$SWITCHBOARD_PORT|" .env
-    else
-        echo "SWITCHBOARD_PORT=$SWITCHBOARD_PORT" | sudo tee -a .env
-    fi
-
-    # Add compression settings to nginx.conf if not exists
-    if ! grep -q "brotli_comp_level" /etc/nginx/nginx.conf || ! grep -q "gzip_comp_level" /etc/nginx/nginx.conf; then
-        echo "Adding compression settings to nginx.conf..."
-        # Find the http block in nginx.conf
-        if ! grep -q "brotli_comp_level" /etc/nginx/nginx.conf; then
-            sudo sed -i '/http {/a \    # Brotli compression\n    brotli on;\n    brotli_comp_level 6;\n    brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;\n    brotli_static on;' /etc/nginx/nginx.conf
-        fi
-        if ! grep -q "gzip_comp_level" /etc/nginx/nginx.conf; then
-            sudo sed -i '/http {/a \    # Gzip compression\n    gzip on;\n    gzip_vary on;\n    gzip_proxied any;\n    gzip_comp_level 6;\n    gzip_buffers 16 8k;\n    gzip_http_version 1.1;\n    gzip_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;' /etc/nginx/nginx.conf
-        fi
-    else
-        echo "Compression settings already present in nginx.conf"
-    fi
-
-    
-
-    echo "Choose SSL configuration:"
-    echo "1) Let's Encrypt certificates for domains"
-    echo "2) Self-signed certificate for machine hostname"
-    read -p "Enter your choice (1 or 2): " ssl_choice
-
-    if [ "$ssl_choice" = "1" ]; then
-        # Install certbot
-        sudo apt install -y certbot python3-certbot-nginx
-        
-        # =============================================================================
-        # Domain Setup
-        # =============================================================================
-        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-        echo "  Domain Setup"
-        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-        read -p "Enter Connect domain (e.g. connect.google.com): " connect_domain
-        read -p "Enter Switchboard domain (e.g. switchboard.google.com): " switchboard_domain
-        read -p "Enter admin email for Let's Encrypt notifications: " admin_email
-
-        echo "Using domains:"
-        echo "Connect: $connect_domain"
-        echo "Switchboard: $switchboard_domain"
-
-        # Create initial Nginx configuration for certbot
-        echo "Creating initial Nginx configuration..."
-        sudo tee /etc/nginx/sites-available/$NGINX_CONFIG_NAME > /dev/null << EOF
-server {
-    listen 80;
-    server_name $connect_domain $switchboard_domain;
-    
-    location / {
-        root /var/www/html/$PROJECT_NAME;
-        try_files \$uri \$uri/ /index.html;
-    }
-
-    location /.well-known/acme-challenge/ {
-        root /var/www/html;
-    }
-}
-EOF
-
-        # Enable the site
-        sudo ln -sf /etc/nginx/sites-available/$NGINX_CONFIG_NAME /etc/nginx/sites-enabled/
-        sudo rm -f /etc/nginx/sites-enabled/default
-
-        # Test Nginx configuration
-        sudo nginx -t
-
-        # Restart Nginx to apply changes
-        sudo systemctl restart nginx
-
-        # Obtain SSL certificates
-        echo "Obtaining SSL certificates..."
-        sudo certbot --nginx -d $connect_domain --non-interactive --agree-tos --email $admin_email --redirect
-        sudo certbot --nginx -d $switchboard_domain --non-interactive --agree-tos --email $admin_email --redirect
-
-        # Wait for certbot to finish and certificates to be installed
-        sleep 5
-
-        # Check if certificates were installed
-        if [ ! -f "/etc/letsencrypt/live/$connect_domain/fullchain.pem" ] || [ ! -f "/etc/letsencrypt/live/$switchboard_domain/fullchain.pem" ]; then
-            echo "Error: SSL certificates were not installed properly"
-            echo "Please check the certbot logs at /var/log/letsencrypt/letsencrypt.log"
-            exit 1
-        fi
-
-        # Update Nginx configuration with proper SSL settings
-        echo "Updating Nginx configuration with SSL settings..."
-        sudo tee /etc/nginx/sites-available/$NGINX_CONFIG_NAME > /dev/null << EOF
-server {
-    listen 80;
-    server_name $connect_domain $switchboard_domain;
-    return 301 https://\$host\$request_uri;
-}
-
-server {
-    listen 443 ssl;
-    http2 on;
-    server_name $connect_domain;
-    
-    ssl_certificate /etc/letsencrypt/live/$connect_domain/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/$connect_domain/privkey.pem;
-    
-    # SSL configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    resolver 8.8.8.8 8.8.4.4 valid=300s;
-    resolver_timeout 5s;
-
-    # Security headers
-    add_header Strict-Transport-Security "max-age=63072000" always;
-    add_header X-Frame-Options DENY;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-
-    if (\$http_x_forwarded_proto = "http") {
-        return 301 https://\$server_name\$request_uri;
-    }
-    
-    location / {
-        root /var/www/html/$PROJECT_NAME;
-        try_files \$uri \$uri/ /index.html;
-        add_header Cache-Control "no-cache";
-        add_header X-Forwarded-Proto \$scheme;
-        add_header X-Forwarded-Host \$host;
-        add_header X-Forwarded-Port \$server_port;
-    }
-
-    location /.well-known/acme-challenge/ {
-        root /var/www/html;
-    }
-}
-
-server {
-    listen 443 ssl;
-    http2 on;
-    server_name $switchboard_domain;
-    
-    ssl_certificate /etc/letsencrypt/live/$switchboard_domain/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/$switchboard_domain/privkey.pem;
-    
-    # SSL configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    resolver 8.8.8.8 8.8.4.4 valid=300s;
-    resolver_timeout 5s;
-
-    # Security headers
-    add_header Strict-Transport-Security "max-age=63072000" always;
-    add_header X-Frame-Options DENY;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-    
-    location / {
-        proxy_pass http://localhost:$SWITCHBOARD_PORT;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host \$host;
-        proxy_cache_bypass \$http_upgrade;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto \$scheme;
-    }
-
-    location /.well-known/acme-challenge/ {
-        root /var/www/html;
-    }
-}
-EOF
-
-        # Test and reload Nginx configuration
-        sudo nginx -t && sudo systemctl reload nginx
-
-        # Set up automatic renewal
-        echo "Setting up automatic certificate renewal..."
-        sudo systemctl enable certbot.timer
-        sudo systemctl start certbot.timer
-
-    else
-        # Get machine hostname
-        hostname=$(hostname)
-        
-        # Generate self-signed certificate
-        echo "Generating self-signed certificate for $hostname..."
-        sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-            -keyout /etc/ssl/private/$hostname.key \
-            -out /etc/ssl/certs/$hostname.crt \
-            -subj "/CN=$hostname" \
-            -addext "subjectAltName = DNS:$hostname"
-
-        # Create Nginx configuration for self-signed
-        echo "Creating Nginx configuration..."
-        sudo tee /etc/nginx/sites-available/$NGINX_CONFIG_NAME > /dev/null << EOF
-server {
-    listen 80;
-    server_name $hostname;
-    return 301 https://\$host\$request_uri;
-}
-
-server {
-    listen 443 ssl;
-    http2 on;
-    server_name $hostname;
-
-    ssl_certificate /etc/ssl/certs/$hostname.crt;
-    ssl_certificate_key /etc/ssl/private/$hostname.key;
-
-    # SSL configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
-
-    # Security headers
-    add_header Strict-Transport-Security "max-age=63072000" always;
-    add_header X-Frame-Options DENY;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-
-    location / {
-        root /var/www/html/$PROJECT_NAME;
-        try_files \$uri \$uri/ /index.html;
-        add_header Cache-Control "no-cache";
-    }
-
-    location /switchboard/ {
-        proxy_pass http://localhost:$SWITCHBOARD_PORT/;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade \$http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host \$host;
-        proxy_cache_bypass \$http_upgrade;
-        proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto \$scheme;
-    }
-}
-EOF
-
-        # Enable the site
-        sudo ln -sf /etc/nginx/sites-available/$NGINX_CONFIG_NAME /etc/nginx/sites-enabled/
-        sudo rm -f /etc/nginx/sites-enabled/default
-
-        # Test and reload Nginx configuration
-        sudo nginx -t && sudo systemctl reload nginx
-    fi
-
-    # =============================================================================
-    # Database Schema Setup
-    # =============================================================================
-    pnpm prisma db push --schema node_modules/document-drive/dist/prisma/schema.prisma --skip-generate
-
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-    echo "  Environment setup complete!"
-    echo "  Use 'ph service start' to start services"
-    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-fi