scripts/install-systemd

#!/bin/sh
set -eu

APP_DIR=${POBSYNC_APP_DIR:-$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)}
VENV_DIR=${POBSYNC_VENV_DIR:-/opt/pobsync/venv}
ENV_FILE=${POBSYNC_ENV_FILE:-/etc/pobsync/pobsync.env}
SERVICE_USER=${POBSYNC_SERVICE_USER:-pobsync}
SERVICE_GROUP=${POBSYNC_SERVICE_GROUP:-pobsync}
INSTALL_EXTRAS=${POBSYNC_INSTALL_EXTRAS:-}
SERVER_NAME=${POBSYNC_SERVER_NAME:-_}
WITH_NGINX=0

while [ "$#" -gt 0 ]; do
    case "$1" in
        --with-nginx)
            WITH_NGINX=1
            shift
            ;;
        --server-name)
            SERVER_NAME=$2
            shift 2
            ;;
        *)
            echo "Unknown argument: $1" >&2
            exit 2
            ;;
    esac
done

if [ "$(id -u)" -ne 0 ]; then
    echo "Run this installer as root." >&2
    exit 1
fi

if ! command -v python3 >/dev/null 2>&1; then
    echo "python3 is required." >&2
    exit 1
fi

if ! command -v rsync >/dev/null 2>&1; then
    echo "rsync is required." >&2
    exit 1
fi

if ! command -v ssh >/dev/null 2>&1; then
    echo "openssh-client is required." >&2
    exit 1
fi

if ! getent group "$SERVICE_GROUP" >/dev/null 2>&1; then
    groupadd --system "$SERVICE_GROUP"
fi

if ! id "$SERVICE_USER" >/dev/null 2>&1; then
    useradd --system --home /var/lib/pobsync --shell /usr/sbin/nologin --gid "$SERVICE_GROUP" "$SERVICE_USER"
fi

mkdir -p /etc/pobsync /var/lib/pobsync /var/log/pobsync "$(dirname "$VENV_DIR")"
chown "$SERVICE_USER:$SERVICE_GROUP" /var/lib/pobsync /var/log/pobsync
chmod 0750 /var/lib/pobsync /var/log/pobsync

python3 -m venv "$VENV_DIR"
"$VENV_DIR/bin/python" -m pip install --upgrade pip
"$VENV_DIR/bin/python" -m pip install -e "$APP_DIR$INSTALL_EXTRAS"

if [ ! -f "$ENV_FILE" ]; then
    secret=$("$VENV_DIR/bin/python" -c "import secrets; print(secrets.token_urlsafe(48))")
    cat > "$ENV_FILE" <<EOF
POBSYNC_DJANGO_DEBUG=0
POBSYNC_DJANGO_SECRET_KEY=$secret
POBSYNC_DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1
POBSYNC_DJANGO_CSRF_TRUSTED_ORIGINS=

POBSYNC_HOME=/var/lib/pobsync
POBSYNC_BACKUP_ROOT=/backups
POBSYNC_SQLITE_PATH=/var/lib/pobsync/pobsync.sqlite3
POBSYNC_STATIC_ROOT=/var/lib/pobsync/static

POBSYNC_WEB_BIND=127.0.0.1:8010
POBSYNC_GUNICORN_WORKERS=2
POBSYNC_GUNICORN_TIMEOUT=120
POBSYNC_WORKER_INTERVAL=15
POBSYNC_SCHEDULER_INTERVAL=60
EOF
    chmod 0640 "$ENV_FILE"
    chown "root:$SERVICE_GROUP" "$ENV_FILE"
    echo "Created $ENV_FILE. Edit allowed hosts and backup root before exposing the service."
fi

install_unit() {
    src=$1
    dest=$2
    sed \
        -e "s|@POBSYNC_APP_DIR@|$APP_DIR|g" \
        -e "s|@POBSYNC_VENV_DIR@|$VENV_DIR|g" \
        -e "s|@POBSYNC_ENV_FILE@|$ENV_FILE|g" \
        -e "s|@POBSYNC_USER@|$SERVICE_USER|g" \
        -e "s|@POBSYNC_GROUP@|$SERVICE_GROUP|g" \
        "$src" > "$dest"
    chmod 0644 "$dest"
}

install_unit "$APP_DIR/deploy/systemd/pobsync-web.service" /etc/systemd/system/pobsync-web.service
install_unit "$APP_DIR/deploy/systemd/pobsync-worker.service" /etc/systemd/system/pobsync-worker.service
install_unit "$APP_DIR/deploy/systemd/pobsync-scheduler.service" /etc/systemd/system/pobsync-scheduler.service

systemctl daemon-reload
"$VENV_DIR/bin/python" "$APP_DIR/manage.py" migrate --noinput
"$VENV_DIR/bin/python" "$APP_DIR/manage.py" collectstatic --noinput --clear
systemctl enable --now pobsync-web.service pobsync-worker.service pobsync-scheduler.service

if [ "$WITH_NGINX" -eq 1 ]; then
    if ! command -v nginx >/dev/null 2>&1; then
        echo "nginx is not installed; skipping nginx config." >&2
    else
        sed "s|@POBSYNC_SERVER_NAME@|$SERVER_NAME|g" "$APP_DIR/deploy/nginx/pobsync.conf" > /etc/nginx/sites-available/pobsync.conf
        ln -sf /etc/nginx/sites-available/pobsync.conf /etc/nginx/sites-enabled/pobsync.conf
        nginx -t
        systemctl reload nginx
    fi
fi

systemctl --no-pager --full status pobsync-web.service pobsync-worker.service pobsync-scheduler.service || true
(refactor) Add native systemd production deployment Make native systemd services the recommended production path for pobsync while keeping Docker Compose available for development and optional test installs. Add web, worker, and scheduler systemd unit templates, a native environment example, an optional nginx reverse proxy template, and an installer that creates the venv, service user, env file, units, and runs migrations/static collection. Allow native deployments to configure POBSYNC_BACKUP_ROOT directly and document the new production layout and update flow. 2026-05-19 15:59:07 +02:00			`#!/bin/sh`
			`set -eu`

			`APP_DIR=${POBSYNC_APP_DIR:-$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)}`
			`VENV_DIR=${POBSYNC_VENV_DIR:-/opt/pobsync/venv}`
			`ENV_FILE=${POBSYNC_ENV_FILE:-/etc/pobsync/pobsync.env}`
			`SERVICE_USER=${POBSYNC_SERVICE_USER:-pobsync}`
			`SERVICE_GROUP=${POBSYNC_SERVICE_GROUP:-pobsync}`
			`INSTALL_EXTRAS=${POBSYNC_INSTALL_EXTRAS:-}`
			`SERVER_NAME=${POBSYNC_SERVER_NAME:-_}`
			`WITH_NGINX=0`

			`while [ "$#" -gt 0 ]; do`
			`case "$1" in`
			`--with-nginx)`
			`WITH_NGINX=1`
			`shift`
			`;;`
			`--server-name)`
			`SERVER_NAME=$2`
			`shift 2`
			`;;`
			`*)`
			`echo "Unknown argument: $1" >&2`
			`exit 2`
			`;;`
			`esac`
			`done`

			`if [ "$(id -u)" -ne 0 ]; then`
			`echo "Run this installer as root." >&2`
			`exit 1`
			`fi`

			`if ! command -v python3 >/dev/null 2>&1; then`
			`echo "python3 is required." >&2`
			`exit 1`
			`fi`

			`if ! command -v rsync >/dev/null 2>&1; then`
			`echo "rsync is required." >&2`
			`exit 1`
			`fi`

			`if ! command -v ssh >/dev/null 2>&1; then`
			`echo "openssh-client is required." >&2`
			`exit 1`
			`fi`

			`if ! getent group "$SERVICE_GROUP" >/dev/null 2>&1; then`
			`groupadd --system "$SERVICE_GROUP"`
			`fi`

			`if ! id "$SERVICE_USER" >/dev/null 2>&1; then`
			`useradd --system --home /var/lib/pobsync --shell /usr/sbin/nologin --gid "$SERVICE_GROUP" "$SERVICE_USER"`
			`fi`

			`mkdir -p /etc/pobsync /var/lib/pobsync /var/log/pobsync "$(dirname "$VENV_DIR")"`
			`chown "$SERVICE_USER:$SERVICE_GROUP" /var/lib/pobsync /var/log/pobsync`
			`chmod 0750 /var/lib/pobsync /var/log/pobsync`

			`python3 -m venv "$VENV_DIR"`
			`"$VENV_DIR/bin/python" -m pip install --upgrade pip`
			`"$VENV_DIR/bin/python" -m pip install -e "$APP_DIR$INSTALL_EXTRAS"`

			`if [ ! -f "$ENV_FILE" ]; then`
			`secret=$("$VENV_DIR/bin/python" -c "import secrets; print(secrets.token_urlsafe(48))")`
			`cat > "$ENV_FILE" <<EOF`
			`POBSYNC_DJANGO_DEBUG=0`
			`POBSYNC_DJANGO_SECRET_KEY=$secret`
			`POBSYNC_DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1`
			`POBSYNC_DJANGO_CSRF_TRUSTED_ORIGINS=`

			`POBSYNC_HOME=/var/lib/pobsync`
			`POBSYNC_BACKUP_ROOT=/backups`
			`POBSYNC_SQLITE_PATH=/var/lib/pobsync/pobsync.sqlite3`
			`POBSYNC_STATIC_ROOT=/var/lib/pobsync/static`

			`POBSYNC_WEB_BIND=127.0.0.1:8010`
			`POBSYNC_GUNICORN_WORKERS=2`
			`POBSYNC_GUNICORN_TIMEOUT=120`
			`POBSYNC_WORKER_INTERVAL=15`
			`POBSYNC_SCHEDULER_INTERVAL=60`
			`EOF`
			`chmod 0640 "$ENV_FILE"`
			`chown "root:$SERVICE_GROUP" "$ENV_FILE"`
			`echo "Created $ENV_FILE. Edit allowed hosts and backup root before exposing the service."`
			`fi`

			`install_unit() {`
			`src=$1`
			`dest=$2`
			`sed \`
			`-e "s\|@POBSYNC_APP_DIR@\|$APP_DIR\|g" \`
			`-e "s\|@POBSYNC_VENV_DIR@\|$VENV_DIR\|g" \`
			`-e "s\|@POBSYNC_ENV_FILE@\|$ENV_FILE\|g" \`
			`-e "s\|@POBSYNC_USER@\|$SERVICE_USER\|g" \`
			`-e "s\|@POBSYNC_GROUP@\|$SERVICE_GROUP\|g" \`
			`"$src" > "$dest"`
			`chmod 0644 "$dest"`
			`}`

			`install_unit "$APP_DIR/deploy/systemd/pobsync-web.service" /etc/systemd/system/pobsync-web.service`
			`install_unit "$APP_DIR/deploy/systemd/pobsync-worker.service" /etc/systemd/system/pobsync-worker.service`
			`install_unit "$APP_DIR/deploy/systemd/pobsync-scheduler.service" /etc/systemd/system/pobsync-scheduler.service`

			`systemctl daemon-reload`
			`"$VENV_DIR/bin/python" "$APP_DIR/manage.py" migrate --noinput`
			`"$VENV_DIR/bin/python" "$APP_DIR/manage.py" collectstatic --noinput --clear`
			`systemctl enable --now pobsync-web.service pobsync-worker.service pobsync-scheduler.service`

			`if [ "$WITH_NGINX" -eq 1 ]; then`
			`if ! command -v nginx >/dev/null 2>&1; then`
			`echo "nginx is not installed; skipping nginx config." >&2`
			`else`
			`sed "s\|@POBSYNC_SERVER_NAME@\|$SERVER_NAME\|g" "$APP_DIR/deploy/nginx/pobsync.conf" > /etc/nginx/sites-available/pobsync.conf`
			`ln -sf /etc/nginx/sites-available/pobsync.conf /etc/nginx/sites-enabled/pobsync.conf`
			`nginx -t`
			`systemctl reload nginx`
			`fi`
			`fi`

			`systemctl --no-pager --full status pobsync-web.service pobsync-worker.service pobsync-scheduler.service \|\| true`