#!/bin/bash set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" LOG_FILE="/tmp/tinsnip-setup-$(date +%Y%m%d-%H%M%S).log" # Namespace configuration NAMESPACE_FILE="/etc/tinsnip-namespace" log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE" } error() { log "ERROR: $*" >&2 exit 1 } setup_namespace() { # Check if TIN_NAMESPACE is already set in environment if [[ -z "${TIN_NAMESPACE:-}" ]]; then # Check if namespace file exists if [[ -f "$NAMESPACE_FILE" ]]; then TIN_NAMESPACE=$(cat "$NAMESPACE_FILE") log "Found existing namespace: $TIN_NAMESPACE" else # Prompt user for namespace echo read -p "Enter namespace [dynamicalsystem]: " namespace_input TIN_NAMESPACE="${namespace_input:-dynamicalsystem}" # Save namespace system-wide log "Setting namespace to: $TIN_NAMESPACE" echo "$TIN_NAMESPACE" | sudo tee "$NAMESPACE_FILE" > /dev/null sudo chmod 644 "$NAMESPACE_FILE" fi else log "Using TIN_NAMESPACE from environment: $TIN_NAMESPACE" # Ensure it's saved system-wide if [[ ! -f "$NAMESPACE_FILE" ]] || [[ "$(cat "$NAMESPACE_FILE")" != "$TIN_NAMESPACE" ]]; then echo "$TIN_NAMESPACE" | sudo tee "$NAMESPACE_FILE" > /dev/null sudo chmod 644 "$NAMESPACE_FILE" fi fi # Export for use by other scripts export TIN_NAMESPACE # Create profile script to load namespace for all users local profile_script="/etc/profile.d/tinsnip-namespace.sh" if [[ ! -f "$profile_script" ]]; then log "Creating system-wide namespace profile script..." sudo tee "$profile_script" > /dev/null << EOF #!/bin/bash # tinsnip namespace configuration if [[ -f "$NAMESPACE_FILE" ]]; then export TIN_NAMESPACE=\$(cat "$NAMESPACE_FILE") fi EOF sudo chmod 644 "$profile_script" fi } check_ubuntu() { if [[ ! -f /etc/os-release ]] || ! grep -q "Ubuntu" /etc/os-release; then error "This script requires Ubuntu" fi } check_current_user() { if [[ "$USER" == "tinsnip" ]]; then error "Do not run this script as the tinsnip user. Run as a regular admin user." fi if [[ $EUID -eq 0 ]]; then error "Do not run this script as root. Run as a regular user with sudo access." fi if ! groups | grep -q sudo; then error "Current user must have sudo access" fi } main() { log "tinsnip Infrastructure Setup" log "============================" log "Log file: $LOG_FILE" check_ubuntu check_current_user # Setup namespace first setup_namespace log "Using namespace: $TIN_NAMESPACE" log "This will set up tinsnip infrastructure services on this host." log "A dedicated 'tinsnip' user will be created to run all services." echo read -p "Continue? (y/N): " response if [[ ! "$response" =~ ^[Yy]$ ]]; then log "Setup cancelled by user" exit 0 fi # Step 1: Create tinsnip user log "Step 1: Creating tinsnip user..." if ! "$SCRIPT_DIR/scripts/create_tinsnip_user.sh"; then error "Failed to create tinsnip user" fi # Step 2: Setup rootless Docker for tinsnip log "Step 2: Setting up rootless Docker..." if ! "$SCRIPT_DIR/scripts/setup_rootless_docker.sh"; then error "Failed to setup rootless Docker" fi # Step 3: Deploy services log "Step 3: Deploying services..." # Deploy LLDAP log "Deploying LLDAP identity service..." if ! "$SCRIPT_DIR/scripts/deploy_service.sh" lldap; then error "Failed to deploy LLDAP" fi log "" log "Setup completed successfully!" log "" log "Services deployed:" log " - LLDAP: http://$(hostname):17170 (Web UI)" log " - LLDAP: ldap://$(hostname):3890 (LDAP endpoint)" log "" log "Default credentials:" log " - Username: admin" log " - Password: (set during LLDAP setup)" log "" log "To manage services:" log " sudo -u tinsnip -i" log " cd ~/service/lldap && docker compose ps" } main "$@"