#!/bin/bash # Production VM Setup Script for DevMatrix Infrastructure # Run as root on the new production VM # Source: https://git.lemonlink.eu/devmatrix/devmatrix-scripts set -e RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' log() { echo -e "${BLUE}[SETUP]${NC} $1"; } success() { echo -e "${GREEN}[✓]${NC} $1"; } warning() { echo -e "${YELLOW}[!]${NC} $1"; } error() { echo -e "${RED}[✗]${NC} $1"; exit 1; } # Check if running as root if [ "$EUID" -ne 0 ]; then error "Please run as root or with sudo" fi log "🚀 Setting up DevMatrix Production Environment" log "==============================================" # 1. System Updates log "Updating system packages..." apt-get update && apt-get upgrade -y success "System updated" # 2. Install required packages log "Installing required packages..." apt-get install -y \ curl \ wget \ git \ sqlite3 \ nginx \ certbot \ python3-certbot-nginx \ fail2ban \ ufw \ logrotate \ htop \ ncdu \ jq \ nfs-common \ cifs-utils success "Packages installed" # 3. Install Node.js 22 if ! command -v node &> /dev/null; then log "Installing Node.js 22..." curl -fsSL https://deb.nodesource.com/setup_22.x | bash - apt-get install -y nodejs success "Node.js $(node -v) installed" else NODE_VERSION=$(node -v | cut -d'v' -f2) success "Node.js $NODE_VERSION already installed" fi # 4. Install PM2 globally if ! command -v pm2 &> /dev/null; then log "Installing PM2..." npm install -g pm2 success "PM2 installed" fi # 5. Create log directories log "Creating log directories..." mkdir -p /var/log/mission-control mkdir -p /var/log/traefik chown -R devmatrix:devmatrix /var/log/mission-control success "Log directories created" # 6. Setup logrotate log "Setting up log rotation..." cat > /etc/logrotate.d/mission-control << 'EOF' /var/log/mission-control/*.log { daily missingok rotate 30 compress delaycompress notifempty create 0644 devmatrix devmatrix sharedscripts postrotate pm2 reloadLogs endscript } EOF success "Log rotation configured" # 7. Setup firewall log "Configuring firewall..." ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw allow http ufw allow https ufw allow 3000/tcp comment 'Mission Control' ufw --force enable success "Firewall configured" # 8. Setup fail2ban log "Setting up fail2ban..." cat >> /etc/fail2ban/jail.local << 'EOF' [DEFAULT] bantime = 3600 findtime = 600 maxretry = 5 [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 EOF systemctl enable fail2ban systemctl start fail2ban success "Fail2ban configured" # 9. Mount NAS storage log "Setting up NAS mounts..." mkdir -p /mnt/truenas/backups /mnt/truenas/shared cat >> /etc/fstab << 'EOF' # NAS Mounts 192.168.5.195:/mnt/NAS2/devmatrix/backups /mnt/truenas/backups nfs defaults,_netdev,noatime 0 0 192.168.5.195:/mnt/NAS2/devmatrix/shared /mnt/truenas/shared nfs defaults,_netdev,noatime 0 0 EOF mount -a success "NAS mounts configured" # 10. Create devmatrix user if ! id "devmatrix" &> /dev/null; then log "Creating devmatrix user..." useradd -m -s /bin/bash -G sudo devmatrix fi # 11. Install helper scripts log "Installing helper scripts..." HELPER_DIR="/usr/local/bin" # mc-status cat > $HELPER_DIR/mc-status << 'EOF' #!/bin/bash echo "🚀 Mission Control Status" echo "=========================" echo "" echo "Service Status:" systemctl is-active mission-control &>/dev/null && echo " ✅ Systemd: Running" || echo " ❌ Systemd: Stopped" pm2 describe mission-control > /dev/null 2>&1 && echo " ✅ PM2: Running" || echo " ❌ PM2: Stopped" curl -sf http://localhost:3000/api/health > /dev/null 2>&1 && echo " ✅ Health: OK" || echo " ❌ Health: FAILED" echo "" echo "URLs:" echo " Local: http://localhost:3000" echo " Remote: http://192.168.5.211:3000" echo "" echo "Commands:" echo " mc-start - Start Mission Control" echo " mc-stop - Stop Mission Control" echo " mc-restart - Restart Mission Control" echo " mc-logs - View logs" echo " mc-deploy - Deploy new version" EOF chmod +x $HELPER_DIR/mc-status # mc-start cat > $HELPER_DIR/mc-start << 'EOF' #!/bin/bash systemctl start mission-control echo "✅ Mission Control started" EOF chmod +x $HELPER_DIR/mc-start # mc-stop cat > $HELPER_DIR/mc-stop << 'EOF' #!/bin/bash systemctl stop mission-control echo "🛑 Mission Control stopped" EOF chmod +x $HELPER_DIR/mc-stop # mc-restart cat > $HELPER_DIR/mc-restart << 'EOF' #!/bin/bash systemctl restart mission-control echo "🔄 Mission Control restarted" EOF chmod +x $HELPER_DIR/mc-restart # mc-logs cat > $HELPER_DIR/mc-logs << 'EOF' #!/bin/bash journalctl -u mission-control -f EOF chmod +x $HELPER_DIR/mc-logs # mc-deploy cat > $HELPER_DIR/mc-deploy << 'EOF' #!/bin/bash cd /home/devmatrix/mission-control ./deploy-production.sh EOF chmod +x $HELPER_DIR/mc-deploy success "Helper scripts installed" # 12. Create systemd service log "Installing systemd service..." cat > /etc/systemd/system/mission-control.service << 'EOF' [Unit] Description=Mission Control - DevMatrix Operations Dashboard After=network.target Wants=network.target [Service] Type=forking User=devmatrix Group=devmatrix WorkingDirectory=/home/devmatrix/mission-control Environment=PM2_HOME=/home/devmatrix/.pm2 Environment=NODE_ENV=production Environment=PORT=3000 Environment=MISSION_CONTROL_DB=/home/devmatrix/mission-control/data/mission-control.db Environment=GITEA_URL=https://git.lemonlink.eu Environment=BACKUP_DIR=/mnt/truenas/backups/mission-control ExecStart=/usr/bin/pm2 start /home/devmatrix/mission-control/ecosystem.config.js --env production ExecReload=/usr/bin/pm2 reload mission-control ExecStop=/usr/bin/pm2 stop mission-control Restart=always RestartSec=10 LimitAS=2G LimitRSS=2G LimitNOFILE=65535 LimitNPROC=4096 StandardOutput=journal StandardError=journal SyslogIdentifier=mission-control TimeoutStartSec=60 TimeoutStopSec=30 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable mission-control success "Systemd service installed" # 13. Create health endpoint log "Creating health endpoint..." mkdir -p /home/devmatrix/mission-control/src/app/api/health cat > /home/devmatrix/mission-control/src/app/api/health/route.ts << 'EOF' import { NextResponse } from "next/server"; export async function GET() { return NextResponse.json({ status: "healthy", timestamp: new Date().toISOString(), uptime: process.uptime(), version: process.env.npm_package_version || "1.0.0" }); } EOF chown -R devmatrix:devmatrix /home/devmatrix/mission-control/src/app/api/health success "Health endpoint created" # 14. Set permissions log "Setting permissions..." chown -R devmatrix:devmatrix /home/devmatrix success "Permissions set" # Summary log "==============================================" success "🎉 Production environment setup complete!" log "" log "Next steps:" log "1. Clone Mission Control repo:" log " git clone https://git.lemonlink.eu/devmatrix/mission-control.git /home/devmatrix/mission-control" log "2. Deploy Mission Control:" log " mc-deploy" log "3. Check status:" log " mc-status" log "" log "Your Mission Control will start automatically on boot."