1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
|
package host
import (
"fmt"
"strings"
"github.com/bdw/ship/internal/ssh"
"github.com/bdw/ship/internal/state"
"github.com/bdw/ship/internal/templates"
"github.com/spf13/cobra"
)
var initCmd = &cobra.Command{
Use: "init",
Short: "Initialize VPS (one-time setup)",
Long: "Set up a fresh VPS with Caddy for automatic HTTPS and required directories",
RunE: runInit,
}
func runInit(cmd *cobra.Command, args []string) error {
st, err := state.Load()
if err != nil {
return fmt.Errorf("error loading state: %w", err)
}
host, _ := cmd.Flags().GetString("host")
if host == "" {
host = st.GetDefaultHost()
}
baseDomain, _ := cmd.Flags().GetString("base-domain")
if host == "" {
return fmt.Errorf("--host is required")
}
fmt.Printf("Initializing VPS: %s\n", host)
client, err := ssh.Connect(host)
if err != nil {
return fmt.Errorf("error connecting to VPS: %w", err)
}
defer client.Close()
fmt.Println("-> Detecting OS...")
osRelease, err := client.Run("cat /etc/os-release")
if err != nil {
return fmt.Errorf("error detecting OS: %w", err)
}
if !strings.Contains(osRelease, "Ubuntu") && !strings.Contains(osRelease, "Debian") {
return fmt.Errorf("unsupported OS (only Ubuntu and Debian are supported)")
}
fmt.Println(" Detected Ubuntu/Debian")
fmt.Println("-> Checking for Caddy...")
_, err = client.Run("which caddy")
if err == nil {
fmt.Println(" Caddy already installed")
} else {
fmt.Println(" Installing Caddy...")
if err := installCaddy(client); err != nil {
return err
}
fmt.Println(" Caddy installed")
}
fmt.Println("-> Configuring Caddy...")
caddyfile := `{
}
import /etc/caddy/sites-enabled/*
`
if err := client.WriteSudoFile("/etc/caddy/Caddyfile", caddyfile); err != nil {
return fmt.Errorf("error creating Caddyfile: %w", err)
}
fmt.Println(" Caddyfile created")
fmt.Println("-> Creating directories...")
if _, err := client.RunSudo("mkdir -p /etc/ship/env"); err != nil {
return fmt.Errorf("error creating /etc/ship/env: %w", err)
}
if _, err := client.RunSudo("mkdir -p /etc/caddy/sites-enabled"); err != nil {
return fmt.Errorf("error creating /etc/caddy/sites-enabled: %w", err)
}
fmt.Println(" Directories created")
fmt.Println("-> Starting Caddy...")
if _, err := client.RunSudo("systemctl enable caddy"); err != nil {
return fmt.Errorf("error enabling Caddy: %w", err)
}
if _, err := client.RunSudo("systemctl restart caddy"); err != nil {
return fmt.Errorf("error starting Caddy: %w", err)
}
fmt.Println(" Caddy started")
fmt.Println("-> Verifying installation...")
output, err := client.RunSudo("systemctl is-active caddy")
if err != nil || strings.TrimSpace(output) != "active" {
fmt.Println(" Warning: Caddy may not be running properly")
} else {
fmt.Println(" Caddy is active")
}
hostState := st.GetHost(host)
if baseDomain != "" {
hostState.BaseDomain = baseDomain
fmt.Printf(" Base domain: %s\n", baseDomain)
}
// Git-centric deployment setup (gated on base domain)
if baseDomain != "" {
if err := setupGitDeploy(client, baseDomain, hostState); err != nil {
return err
}
}
if st.GetDefaultHost() == "" {
st.SetDefaultHost(host)
fmt.Printf(" Set %s as default host\n", host)
}
if err := st.Save(); err != nil {
return fmt.Errorf("error saving state: %w", err)
}
fmt.Println("\nVPS initialized successfully!")
fmt.Println("\nNext steps:")
fmt.Println(" 1. Deploy an app:")
fmt.Printf(" ship --binary ./myapp --domain api.example.com\n")
fmt.Println(" 2. Deploy a static site:")
fmt.Printf(" ship --static --dir ./dist --domain example.com\n")
if baseDomain != "" {
fmt.Println(" 3. Initialize a git-deployed app:")
fmt.Printf(" ship init myapp\n")
}
return nil
}
func setupGitDeploy(client *ssh.Client, baseDomain string, hostState *state.Host) error {
fmt.Println("-> Installing Docker...")
dockerCommands := []string{
"apt-get install -y ca-certificates curl gnupg",
"install -m 0755 -d /etc/apt/keyrings",
"curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc",
"chmod a+r /etc/apt/keyrings/docker.asc",
`echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo ${VERSION_CODENAME}) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null`,
"apt-get update",
"apt-get install -y docker-ce docker-ce-cli containerd.io",
}
for _, cmd := range dockerCommands {
if _, err := client.RunSudo(cmd); err != nil {
return fmt.Errorf("error installing Docker: %w", err)
}
}
fmt.Println(" Docker installed")
fmt.Println("-> Installing git and fcgiwrap...")
if _, err := client.RunSudo("apt-get install -y git fcgiwrap"); err != nil {
return fmt.Errorf("error installing git/fcgiwrap: %w", err)
}
fmt.Println(" git and fcgiwrap installed")
fmt.Println("-> Creating git user...")
// Create git user (ignore error if already exists)
client.RunSudo("useradd -r -m -d /home/git -s $(which git-shell) git")
if _, err := client.RunSudo("usermod -aG docker git"); err != nil {
return fmt.Errorf("error adding git user to docker group: %w", err)
}
fmt.Println(" git user created")
fmt.Println("-> Copying SSH keys to git user...")
copyKeysCommands := []string{
"mkdir -p /home/git/.ssh",
"cp ~/.ssh/authorized_keys /home/git/.ssh/authorized_keys",
"chown -R git:git /home/git/.ssh",
"chmod 700 /home/git/.ssh",
"chmod 600 /home/git/.ssh/authorized_keys",
}
for _, cmd := range copyKeysCommands {
if _, err := client.RunSudo(cmd); err != nil {
return fmt.Errorf("error copying SSH keys: %w", err)
}
}
fmt.Println(" SSH keys copied")
fmt.Println("-> Creating /srv/git...")
if _, err := client.RunSudo("mkdir -p /srv/git"); err != nil {
return fmt.Errorf("error creating /srv/git: %w", err)
}
if _, err := client.RunSudo("chown git:git /srv/git"); err != nil {
return fmt.Errorf("error setting /srv/git ownership: %w", err)
}
fmt.Println(" /srv/git created")
fmt.Println("-> Writing sudoers for git user...")
sudoersContent := `git ALL=(ALL) NOPASSWD: /bin/systemctl restart *, /bin/systemctl daemon-reload, /bin/systemctl reload caddy, /bin/systemctl enable *, /bin/cp * /etc/systemd/system/*, /bin/cp * /etc/caddy/sites-enabled/*, /bin/mkdir -p /var/lib/*, /bin/mkdir -p /var/www/*, /bin/chown *
`
if err := client.WriteSudoFile("/etc/sudoers.d/ship-git", sudoersContent); err != nil {
return fmt.Errorf("error writing sudoers: %w", err)
}
if _, err := client.RunSudo("chmod 440 /etc/sudoers.d/ship-git"); err != nil {
return fmt.Errorf("error setting sudoers permissions: %w", err)
}
fmt.Println(" sudoers configured")
fmt.Println("-> Writing vanity import template...")
vanityHTML := `<!DOCTYPE html>
<html><head>
{{$path := trimPrefix "/" .Req.URL.Path}}
{{$parts := splitList "/" $path}}
{{$module := first $parts}}
<meta name="go-import" content="{{.Host}}/{{$module}} git https://{{.Host}}/{{$module}}.git">
</head>
<body>go get {{.Host}}/{{$module}}</body>
</html>
`
if _, err := client.RunSudo("mkdir -p /opt/ship/vanity"); err != nil {
return fmt.Errorf("error creating vanity directory: %w", err)
}
if err := client.WriteSudoFile("/opt/ship/vanity/index.html", vanityHTML); err != nil {
return fmt.Errorf("error writing vanity template: %w", err)
}
fmt.Println(" vanity template written")
fmt.Println("-> Writing base domain Caddy config...")
codeCaddyContent, err := templates.CodeCaddy(map[string]string{
"BaseDomain": baseDomain,
})
if err != nil {
return fmt.Errorf("error generating code caddy config: %w", err)
}
if err := client.WriteSudoFile("/etc/caddy/sites-enabled/ship-code.caddy", codeCaddyContent); err != nil {
return fmt.Errorf("error writing code caddy config: %w", err)
}
fmt.Println(" base domain Caddy config written")
fmt.Println("-> Starting Docker and fcgiwrap...")
if _, err := client.RunSudo("systemctl enable docker fcgiwrap"); err != nil {
return fmt.Errorf("error enabling services: %w", err)
}
if _, err := client.RunSudo("systemctl start docker fcgiwrap"); err != nil {
return fmt.Errorf("error starting services: %w", err)
}
fmt.Println(" Docker and fcgiwrap started")
fmt.Println("-> Reloading Caddy...")
if _, err := client.RunSudo("systemctl reload caddy"); err != nil {
return fmt.Errorf("error reloading Caddy: %w", err)
}
fmt.Println(" Caddy reloaded")
hostState.GitSetup = true
fmt.Println(" Git deployment setup complete")
return nil
}
func installCaddy(client *ssh.Client) error {
commands := []string{
"apt-get update",
"apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl",
"curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg",
"curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list",
"apt-get update",
"apt-get install -y caddy",
}
for _, cmd := range commands {
if _, err := client.RunSudo(cmd); err != nil {
return fmt.Errorf("error running: %s: %w", cmd, err)
}
}
return nil
}
|
