coryd.dev/scripts/setup.sh

#!/bin/bash

COLOR_BLUE="\033[38;2;51;100;255m"
COLOR_RESET="\033[0m"
DEPLOY=false

# parse flags
for arg in "$@"; do
  case $arg in
    --deploy)
      DEPLOY=true
      shift
      ;;
  esac
done

echo "${COLOR_BLUE}"
echo "=========================================="
echo "        Setting up coryd.dev locally      "
echo "=========================================="
echo "${COLOR_RESET}"

# determine sed compatibility
if [[ "$OSTYPE" == "darwin"* ]]; then
  SED_INPLACE="sed -i ''"
else
  SED_INPLACE="sed -i"
fi

# get secrets from 1password
echo "${COLOR_BLUE}Signing in to 1Password...${COLOR_RESET}"
eval $(op signin)

echo "${COLOR_BLUE}Fetching secrets from 1Password...${COLOR_RESET}"
SECRETS_JSON='{
  "POSTGREST_URL": "{{ op://Private/coryd.dev secrets/POSTGREST_URL }}",
  "POSTGREST_API_KEY": "{{ op://Private/coryd.dev secrets/POSTGREST_API_KEY }}",
  "MASTODON_ACCESS_TOKEN": "{{ op://Private/coryd.dev secrets/MASTODON_ACCESS_TOKEN }}",
  "MASTODON_SYNDICATION_TOKEN": "{{ op://Private/coryd.dev secrets/MASTODON_SYNDICATION_TOKEN }}",
  "FORWARDEMAIL_API_KEY": "{{ op://Private/coryd.dev secrets/FORWARDEMAIL_API_KEY }}",
  "BOOK_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/BOOK_IMPORT_TOKEN }}",
  "WATCHING_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/WATCHING_IMPORT_TOKEN }}",
  "ARTIST_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/ARTIST_IMPORT_TOKEN }}",
  "TMDB_API_KEY": "{{ op://Private/coryd.dev secrets/TMDB_API_KEY }}",
  "SEASONS_IMPORT_TOKEN": "{{ op://Private/coryd.dev secrets/SEASONS_IMPORT_TOKEN }}",
  "NAVIDROME_SCROBBLE_TOKEN": "{{ op://Private/coryd.dev secrets/NAVIDROME_SCROBBLE_TOKEN }}",
  "NAVIDROME_API_URL": "{{ op://Private/coryd.dev secrets/NAVIDROME_API_URL }}",
  "NAVIDROME_API_TOKEN": "{{ op://Private/coryd.dev secrets/NAVIDROME_API_TOKEN }}",
  "COOLIFY_REBUILD_TOKEN": "{{ op://Private/coryd.dev secrets/COOLIFY_REBUILD_TOKEN }}",
  "COOLIFY_REBUILD_URL": "{{ op://Private/coryd.dev secrets/COOLIFY_REBUILD_URL }}",
  "GIT_REPO": "{{ op://Private/coryd.dev secrets/GIT_REPO }}",
  "SERVER_IP": "{{ op://Private/coryd.dev secrets/SERVER_IP }}"
}'

SECRETS=$(echo "$SECRETS_JSON" | op inject)

if [ -z "$SECRETS" ]; then
  echo "error: failed to retrieve secrets from 1Password."
  exit 1
fi

echo "${COLOR_BLUE}Writing .env file...${COLOR_RESET}"
echo "$SECRETS" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' > .env
export $(grep -v '^#' .env | xargs)

echo "${COLOR_BLUE}📦 Installing root project dependencies...${COLOR_RESET}"
npm install

echo "${COLOR_BLUE}📦 Installing PHP dependencies (composer)...${COLOR_RESET}"
composer install

echo "${COLOR_BLUE}📦 Installing CLI dependencies...${COLOR_RESET}"
(
  cd cli
  npm install
)

if ! command -v cd_cli >/dev/null 2>&1; then
  echo "${COLOR_BLUE}🔗 Linking CLI globally...${COLOR_RESET}"
  (
    cd cli
    npm link
  )
fi

echo "${COLOR_BLUE}⚙️ Initializing media storage config...${COLOR_RESET}"
cd_cli init

mkdir -p generated

# escape sed replacements
escape_special_chars() {
  printf '%s' "$1" | sed 's/[&/\|]/\\&/g'
}

# replace placeholders in template file
render_template() {
  local input="$1"
  local output="$2"
  cp "$input" "$output"

  for key in $(jq -r 'keys_unsorted[]' <<< "$SECRETS"); do
    value=$(jq -r --arg k "$key" '.[$k]' <<< "$SECRETS")
    $SED_INPLACE "s|{{${key}}}|$(escape_special_chars "$value")|g" "$output"
  done
}

# render templates
for file in scripts/templates/*.template; do
  [ -e "$file" ] || continue

  new_file="generated/$(basename "${file%.template}")"
  cp "$file" "$new_file"

  # replace placeholders
  sed -i '' -e "s|{{POSTGREST_URL}}|$(escape_special_chars "$POSTGREST_URL")|g" "$new_file"
  sed -i '' -e "s|{{POSTGREST_API_KEY}}|$(escape_special_chars "$POSTGREST_API_KEY")|g" "$new_file"
  sed -i '' -e "s|{{MASTODON_ACCESS_TOKEN}}|$(escape_special_chars "$MASTODON_ACCESS_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{MASTODON_SYNDICATION_TOKEN}}|$(escape_special_chars "$MASTODON_SYNDICATION_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{FORWARDEMAIL_API_KEY}}|$(escape_special_chars "$FORWARDEMAIL_API_KEY")|g" "$new_file"
  sed -i '' -e "s|{{BOOK_IMPORT_TOKEN}}|$(escape_special_chars "$BOOK_IMPORT_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{WATCHING_IMPORT_TOKEN}}|$(escape_special_chars "$WATCHING_IMPORT_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{ARTIST_IMPORT_TOKEN}}|$(escape_special_chars "$ARTIST_IMPORT_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{TMDB_API_KEY}}|$(escape_special_chars "$TMDB_API_KEY")|g" "$new_file"
  sed -i '' -e "s|{{SEASONS_IMPORT_TOKEN}}|$(escape_special_chars "$SEASONS_IMPORT_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{NAVIDROME_SCROBBLE_TOKEN}}|$(escape_special_chars "$NAVIDROME_SCROBBLE_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{NAVIDROME_API_URL}}|$(escape_special_chars "$NAVIDROME_API_URL")|g" "$new_file"
  sed -i '' -e "s|{{NAVIDROME_API_TOKEN}}|$(escape_special_chars "$NAVIDROME_API_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{COOLIFY_REBUILD_TOKEN}}|$(escape_special_chars "$COOLIFY_REBUILD_TOKEN")|g" "$new_file"
  sed -i '' -e "s|{{COOLIFY_REBUILD_URL}}|$(escape_special_chars "$COOLIFY_REBUILD_URL")|g" "$new_file"
  sed -i '' -e "s|{{GIT_REPO}}|$(escape_special_chars "$GIT_REPO")|g" "$new_file"
  sed -i '' -e "s|{{SERVER_IP}}|$(escape_special_chars "$SERVER_IP")|g" "$new_file"
done

echo "${COLOR_BLUE}all configurations generated in the 'generated' folder.${COLOR_RESET}"

echo "${COLOR_BLUE}"
echo "=========================================="
echo "         Setup complete!                  "
echo "  Your local environment is ready! 💻     "
echo "=========================================="
echo "${COLOR_RESET}"

if [ "$DEPLOY" = true ]; then
  echo "${COLOR_BLUE}Reading module lists...${COLOR_RESET}"

  # read lists
  MODULES_LIST="scripts/lists/apache_modules.list"
  PHP_EXTENSIONS_LIST="scripts/lists/php_extensions.list"
  REQUIRED_MODULES=$(tr '\n' ' ' < "$MODULES_LIST" | sed 's/ *$//')
  REQUIRED_PHP_EXTENSIONS=$(tr '\n' ' ' < "$PHP_EXTENSIONS_LIST" | sed 's/ *$//')

  echo "${COLOR_BLUE}Writing server setup script...${COLOR_RESET}"

# generate server setup script
cat > generated/setup-server.sh <<EOF
#!/bin/bash
set -e

echo "🔧 Enabling Apache modules..."
sudo a2enmod $REQUIRED_MODULES
sudo systemctl restart apache2

echo "🔧 Installing PHP extensions..."
sudo apt update
sudo apt install -y $REQUIRED_PHP_EXTENSIONS
sudo systemctl restart php8.3-fpm

echo "🔧 Enabling site..."
sudo cp generated/coryd.dev.conf /etc/apache2/sites-available/
sudo a2dissite 000-default.conf || true
sudo a2ensite coryd.dev.conf
sudo systemctl reload apache2

echo "🔐 Running Certbot to obtain TLS certificates..."
if ! [ -f /etc/letsencrypt/live/coryd.dev/fullchain.pem ]; then
  sudo certbot --apache -d coryd.dev -d www.coryd.dev
else
  echo "✅ Certificate already exists, skipping Certbot."
fi

echo "🕒 Installing crontabs..."
sudo crontab generated/root.cron
sudo crontab -u www-data generated/www-data.cron

echo "✅ All done!"
EOF

  chmod +x generated/setup-server.sh

  echo "${COLOR_BLUE}"
  echo "=========================================="
  echo "         Deploy script generated!         "
  echo "  Ready to configure your server! 🚀      "
  echo "=========================================="
  echo "${COLOR_RESET}"

  read -p "📡 Enter the remote SSH host (e.g., user@hostname): " SSH_HOST

  if [[ -n "$SSH_HOST" ]]; then
    echo "${COLOR_BLUE}📤 Copying files to $SSH_HOST...${COLOR_RESET}"
    scp -r generated "$SSH_HOST:~/"

    echo "${COLOR_BLUE}"
    echo "=========================================="
    echo "       ✅ Files copied to server!         "
    echo "=========================================="
    echo "${COLOR_RESET}"

    echo "${COLOR_BLUE}🧑‍💻 Next steps on the server:${COLOR_RESET}"
    echo "   ssh $SSH_HOST"
    echo "   sudo su"
    echo "   ./generated/setup-server.sh"
  else
    echo "${COLOR_BLUE}⚠️ Skipping SSH deploy. No host provided.${COLOR_RESET}"
  fi
fi
echo "${COLOR_RESET}"