devmatrix-scripts/proxmox/setup-production-vm.sh

#!/bin/bash
# Production VM Setup Script for DevMatrix Infrastructure
# Run as root on the new production VM
# Source: https://git.lemonlink.eu/devmatrix/devmatrix-scripts

set -e

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log() { echo -e "${BLUE}[SETUP]${NC} $1"; }
success() { echo -e "${GREEN}[✓]${NC} $1"; }
warning() { echo -e "${YELLOW}[!]${NC} $1"; }
error() { echo -e "${RED}[✗]${NC} $1"; exit 1; }

# Check if running as root
if [ "$EUID" -ne 0 ]; then 
    error "Please run as root or with sudo"
fi

log "🚀 Setting up DevMatrix Production Environment"
log "=============================================="

# 1. System Updates
log "Updating system packages..."
apt-get update && apt-get upgrade -y
success "System updated"

# 2. Install required packages
log "Installing required packages..."
apt-get install -y \
    curl \
    wget \
    git \
    sqlite3 \
    nginx \
    certbot \
    python3-certbot-nginx \
    fail2ban \
    ufw \
    logrotate \
    htop \
    ncdu \
    jq \
    nfs-common \
    cifs-utils
success "Packages installed"

# 3. Install Node.js 22
if ! command -v node &> /dev/null; then
    log "Installing Node.js 22..."
    curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
    apt-get install -y nodejs
    success "Node.js $(node -v) installed"
else
    NODE_VERSION=$(node -v | cut -d'v' -f2)
    success "Node.js $NODE_VERSION already installed"
fi

# 4. Install PM2 globally
if ! command -v pm2 &> /dev/null; then
    log "Installing PM2..."
    npm install -g pm2
    success "PM2 installed"
fi

# 5. Create log directories
log "Creating log directories..."
mkdir -p /var/log/mission-control
mkdir -p /var/log/traefik
chown -R devmatrix:devmatrix /var/log/mission-control
success "Log directories created"

# 6. Setup logrotate
log "Setting up log rotation..."
cat > /etc/logrotate.d/mission-control << 'EOF'
/var/log/mission-control/*.log {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    create 0644 devmatrix devmatrix
    sharedscripts
    postrotate
        pm2 reloadLogs
    endscript
}
EOF
success "Log rotation configured"

# 7. Setup firewall
log "Configuring firewall..."
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
ufw allow 3000/tcp comment 'Mission Control'
ufw --force enable
success "Firewall configured"

# 8. Setup fail2ban
log "Setting up fail2ban..."
cat >> /etc/fail2ban/jail.local << 'EOF'
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
EOF

systemctl enable fail2ban
systemctl start fail2ban
success "Fail2ban configured"

# 9. Mount NAS storage
log "Setting up NAS mounts..."
mkdir -p /mnt/nas/backups /mnt/nas/shared

cat >> /etc/fstab << 'EOF'
# NAS Mounts
192.168.5.195:/mnt/NAS2/devmatrix/backups /mnt/nas/backups nfs defaults,_netdev,noatime 0 0
192.168.5.195:/mnt/NAS2/devmatrix/shared /mnt/nas/shared nfs defaults,_netdev,noatime 0 0
EOF

mount -a
success "NAS mounts configured"

# 10. Create devmatrix user
if ! id "devmatrix" &> /dev/null; then
    log "Creating devmatrix user..."
    useradd -m -s /bin/bash -G sudo devmatrix
fi

# 11. Install helper scripts
log "Installing helper scripts..."
HELPER_DIR="/usr/local/bin"

# mc-status
cat > $HELPER_DIR/mc-status << 'EOF'
#!/bin/bash
echo "🚀 Mission Control Status"
echo "========================="
echo ""
echo "Service Status:"
systemctl is-active mission-control &>/dev/null && echo "  ✅ Systemd: Running" || echo "  ❌ Systemd: Stopped"
pm2 describe mission-control > /dev/null 2>&1 && echo "  ✅ PM2: Running" || echo "  ❌ PM2: Stopped"
curl -sf http://localhost:3000/api/health > /dev/null 2>&1 && echo "  ✅ Health: OK" || echo "  ❌ Health: FAILED"
echo ""
echo "URLs:"
echo "  Local:  http://localhost:3000"
echo "  Remote: http://192.168.5.211:3000"
echo ""
echo "Commands:"
echo "  mc-start    - Start Mission Control"
echo "  mc-stop     - Stop Mission Control"
echo "  mc-restart  - Restart Mission Control"
echo "  mc-logs     - View logs"
echo "  mc-deploy   - Deploy new version"
EOF
chmod +x $HELPER_DIR/mc-status

# mc-start
cat > $HELPER_DIR/mc-start << 'EOF'
#!/bin/bash
systemctl start mission-control
echo "✅ Mission Control started"
EOF
chmod +x $HELPER_DIR/mc-start

# mc-stop
cat > $HELPER_DIR/mc-stop << 'EOF'
#!/bin/bash
systemctl stop mission-control
echo "🛑 Mission Control stopped"
EOF
chmod +x $HELPER_DIR/mc-stop

# mc-restart
cat > $HELPER_DIR/mc-restart << 'EOF'
#!/bin/bash
systemctl restart mission-control
echo "🔄 Mission Control restarted"
EOF
chmod +x $HELPER_DIR/mc-restart

# mc-logs
cat > $HELPER_DIR/mc-logs << 'EOF'
#!/bin/bash
journalctl -u mission-control -f
EOF
chmod +x $HELPER_DIR/mc-logs

# mc-deploy
cat > $HELPER_DIR/mc-deploy << 'EOF'
#!/bin/bash
cd /home/devmatrix/mission-control
./deploy-production.sh
EOF
chmod +x $HELPER_DIR/mc-deploy

success "Helper scripts installed"

# 12. Create systemd service
log "Installing systemd service..."
cat > /etc/systemd/system/mission-control.service << 'EOF'
[Unit]
Description=Mission Control - DevMatrix Operations Dashboard
After=network.target
Wants=network.target

[Service]
Type=forking
User=devmatrix
Group=devmatrix
WorkingDirectory=/home/devmatrix/mission-control
Environment=PM2_HOME=/home/devmatrix/.pm2
Environment=NODE_ENV=production
Environment=PORT=3000
Environment=MISSION_CONTROL_DB=/home/devmatrix/mission-control/data/mission-control.db
Environment=GITEA_URL=https://git.lemonlink.eu
Environment=BACKUP_DIR=/mnt/nas/backups/mission-control
ExecStart=/usr/bin/pm2 start /home/devmatrix/mission-control/ecosystem.config.js --env production
ExecReload=/usr/bin/pm2 reload mission-control
ExecStop=/usr/bin/pm2 stop mission-control
Restart=always
RestartSec=10
LimitAS=2G
LimitRSS=2G
LimitNOFILE=65535
LimitNPROC=4096
StandardOutput=journal
StandardError=journal
SyslogIdentifier=mission-control
TimeoutStartSec=60
TimeoutStopSec=30

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable mission-control
success "Systemd service installed"

# 13. Create health endpoint
log "Creating health endpoint..."
mkdir -p /home/devmatrix/mission-control/src/app/api/health
cat > /home/devmatrix/mission-control/src/app/api/health/route.ts << 'EOF'
import { NextResponse } from "next/server";

export async function GET() {
  return NextResponse.json({
    status: "healthy",
    timestamp: new Date().toISOString(),
    uptime: process.uptime(),
    version: process.env.npm_package_version || "1.0.0"
  });
}
EOF
chown -R devmatrix:devmatrix /home/devmatrix/mission-control/src/app/api/health
success "Health endpoint created"

# 14. Set permissions
log "Setting permissions..."
chown -R devmatrix:devmatrix /home/devmatrix
success "Permissions set"

# Summary
log "=============================================="
success "🎉 Production environment setup complete!"
log ""
log "Next steps:"
log "1. Clone Mission Control repo:"
log "   git clone https://git.lemonlink.eu/devmatrix/mission-control.git /home/devmatrix/mission-control"
log "2. Deploy Mission Control:"
log "   mc-deploy"
log "3. Check status:"
log "   mc-status"
log ""
log "Your Mission Control will start automatically on boot."