#!/usr/bin/env bash # Sync Sankofa Next.js portal source to LXC 7801, install deps, production build, restart systemd. # Prerequisites: SSH root@PROXMOX_HOST; portal tree at SANKOFA_PORTAL_SRC (default: sibling ../Sankofa/portal). # # Usage: # ./scripts/deployment/sync-sankofa-portal-7801.sh [--dry-run] # Env: # PROXMOX_HOST (default 192.168.11.11), SANKOFA_PORTAL_VMID (7801), SANKOFA_PORTAL_SRC, IP_SANKOFA_PORTAL (for post-check only) # SANKOFA_PORTAL_NEXTAUTH_URL (default https://portal.sankofa.nexus) — applied on CT after build # # See: docs/03-deployment/PUBLIC_SECTOR_LIVE_DEPLOYMENT_CHECKLIST.md (Phoenix CT 7801) set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" # shellcheck source=/dev/null source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" VMID="${SANKOFA_PORTAL_VMID:-7801}" CT_APP_DIR="${SANKOFA_PORTAL_CT_DIR:-/opt/sankofa-portal}" SERVICE_NAME="${SANKOFA_PORTAL_SERVICE:-sankofa-portal}" SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new" DEFAULT_SRC="${PROJECT_ROOT}/../Sankofa/portal" if [[ -d "$DEFAULT_SRC" ]]; then SANKOFA_PORTAL_SRC="${SANKOFA_PORTAL_SRC:-$DEFAULT_SRC}" else SANKOFA_PORTAL_SRC="${SANKOFA_PORTAL_SRC:-}" fi DRY_RUN=false [[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true echo "=== Sync Sankofa portal → CT ${VMID} (${CT_APP_DIR}) ===" echo "Proxmox: ${PROXMOX_HOST}" echo "Source: ${SANKOFA_PORTAL_SRC:-}" echo "" if [[ -z "$SANKOFA_PORTAL_SRC" || ! -d "$SANKOFA_PORTAL_SRC" ]]; then echo "ERROR: Set SANKOFA_PORTAL_SRC to the portal directory (clone of Sankofa/portal)." echo "Example: SANKOFA_PORTAL_SRC=/path/to/Sankofa/portal $0" exit 1 fi if ! command -v tar >/dev/null; then echo "ERROR: tar required" exit 1 fi TMP_TGZ="${TMPDIR:-/tmp}/sankofa-portal-sync-$$.tgz" REMOTE_TGZ="/tmp/sankofa-portal-sync-$$.tgz" CT_TGZ="/tmp/sankofa-portal-sync.tgz" cleanup() { rm -f "$TMP_TGZ"; } trap cleanup EXIT if $DRY_RUN; then echo "[DRY-RUN] tar (exclude node_modules,.next,.git) → $TMP_TGZ" echo "[DRY-RUN] scp → root@${PROXMOX_HOST}:${REMOTE_TGZ}" echo "[DRY-RUN] ssh pct push ${VMID} … && pct exec ${VMID} systemctl stop ${SERVICE_NAME}" echo "[DRY-RUN] pct exec: tar xf into ${CT_APP_DIR}; pnpm install; pnpm build; systemctl start ${SERVICE_NAME}" exit 0 fi echo "📦 Archiving portal (excluding node_modules, .next, .git, .env / .env.local)…" tar czf "$TMP_TGZ" \ --exclude=node_modules \ --exclude=.next \ --exclude=.git \ --exclude=.env.local \ --exclude=.env \ -C "$SANKOFA_PORTAL_SRC" . echo "📤 Copy to Proxmox host…" scp $SSH_OPTS "$TMP_TGZ" "root@${PROXMOX_HOST}:${REMOTE_TGZ}" echo "📥 Push into CT ${VMID} and build…" ssh $SSH_OPTS "root@${PROXMOX_HOST}" bash -s </dev/null || { echo "ERROR: pnpm missing in CT"; exit 1; } pnpm install pnpm build ' pct exec ${VMID} -- systemctl start ${SERVICE_NAME} pct exec ${VMID} -- systemctl is-active ${SERVICE_NAME} REMOTE_EOF echo "" echo "🔐 Ensuring NextAuth URL/secret on CT (see sankofa-portal-ensure-nextauth-on-ct.sh)…" SANKOFA_PORTAL_NEXTAUTH_URL="${SANKOFA_PORTAL_NEXTAUTH_URL:-https://portal.sankofa.nexus}" export SANKOFA_PORTAL_VMID SANKOFA_PORTAL_CT_DIR SANKOFA_PORTAL_SERVICE SANKOFA_PORTAL_NEXTAUTH_URL PROXMOX_HOST bash "${SCRIPT_DIR}/sankofa-portal-ensure-nextauth-on-ct.sh" echo "" echo "✅ Done. Verify:" echo " curl -sS http://${IP_SANKOFA_PORTAL:-192.168.11.51}:3000/ | head -c 120" echo " curl -sSI https://portal.sankofa.nexus/api/auth/signin | head -n 15" echo " https://portal.sankofa.nexus/ (via NPM; corporate apex is sankofa.nexus → IP_SANKOFA_PUBLIC_WEB)" echo " IT /it console: set IT_READ_API_URL (+ optional IT_READ_API_KEY) via repo .env → bash scripts/deployment/sankofa-portal-merge-it-read-api-env-from-repo.sh — or edit ${CT_APP_DIR}/.env (portal/.env.example)" echo "" echo "Legacy apex auth URL only if needed: SANKOFA_PORTAL_NEXTAUTH_URL=https://sankofa.nexus $0"