proxmox/scripts/deployment/provision-sankofa-public-web-lxc-7806.sh

#!/usr/bin/env bash
# Create LXC 7806 (sankofa-public-web) for corporate Next.js at repo root → sankofa.nexus via IP_SANKOFA_PUBLIC_WEB.
# Installs Node 20 + pnpm and systemd unit; then run sync-sankofa-public-web-to-ct.sh and NPM fleet update.
#
# Usage (from repo root, SSH to r630-01):
#   bash scripts/deployment/provision-sankofa-public-web-lxc-7806.sh [--dry-run]
#
# Env: PROXMOX_HOST, SANKOFA_PUBLIC_WEB_VMID (7806), IP_SANKOFA_PUBLIC_WEB_CT (default 192.168.11.63)
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# shellcheck source=/dev/null
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
VMID="${SANKOFA_PUBLIC_WEB_VMID:-7806}"
IP_CT="${IP_SANKOFA_PUBLIC_WEB_CT:-192.168.11.63}"
HOSTNAME_CT="${SANKOFA_PUBLIC_WEB_HOSTNAME:-sankofa-public-web}"
TEMPLATE="${TEMPLATE:-local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst}"
STORAGE="${STORAGE:-local-lvm}"
NETWORK="${NETWORK:-vmbr0}"
GATEWAY="${NETWORK_GATEWAY:-192.168.11.1}"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
SERVICE_FILE="${PROJECT_ROOT}/config/systemd/sankofa-public-web.service"

DRY_RUN=false
[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true

echo "=== Provision Sankofa public web LXC ${VMID} (${IP_CT}) ==="
echo "Proxmox: ${PROXMOX_HOST}"

if [[ ! -f "$SERVICE_FILE" ]]; then
  echo "ERROR: Missing $SERVICE_FILE"
  exit 1
fi

if $DRY_RUN; then
  echo "[DRY-RUN] Would create CT ${VMID} if missing, install Node/pnpm, install systemd unit"
  exit 0
fi

if ssh $SSH_OPTS "root@${PROXMOX_HOST}" "pct list 2>/dev/null | grep -q '^${VMID} '"; then
  echo "CT ${VMID} already exists — skipping pct create"
else
  echo "Creating CT ${VMID} (${HOSTNAME_CT}) @ ${IP_CT}/24..."
  ssh $SSH_OPTS "root@${PROXMOX_HOST}" bash -s <<EOF
set -euo pipefail
pct create ${VMID} ${TEMPLATE} \
  --hostname ${HOSTNAME_CT} \
  --memory 6144 \
  --cores 2 \
  --rootfs ${STORAGE}:32 \
  --net0 name=eth0,bridge=${NETWORK},ip=${IP_CT}/24,gw=${GATEWAY} \
  --nameserver ${DNS_PRIMARY:-1.1.1.1} \
  --description 'Sankofa corporate public web (Next.js root) — sankofa.nexus via NPM IP_SANKOFA_PUBLIC_WEB' \
  --start 1 \
  --onboot 1 \
  --unprivileged 0
EOF
  echo "Waiting for CT to boot..."
  sleep 20
fi

ssh $SSH_OPTS "root@${PROXMOX_HOST}" "pct status ${VMID}" | grep -q running || { echo "ERROR: CT ${VMID} not running"; exit 1; }

echo "Installing Node 20 + pnpm inside CT ${VMID}..."
ssh $SSH_OPTS "root@${PROXMOX_HOST}" "pct exec ${VMID} -- bash -lc '
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y -qq ca-certificates curl gnupg
if ! command -v node >/dev/null 2>&1 || ! node -v | grep -q \"^v20\"; then
  curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
  apt-get install -y -qq nodejs
fi
command -v pnpm >/dev/null 2>&1 || npm install -g pnpm
mkdir -p /opt/sankofa-public-web
'"

echo "Installing systemd unit..."
scp $SSH_OPTS "$SERVICE_FILE" "root@${PROXMOX_HOST}:/tmp/sankofa-public-web.service"
ssh $SSH_OPTS "root@${PROXMOX_HOST}" "pct push ${VMID} /tmp/sankofa-public-web.service /etc/systemd/system/sankofa-public-web.service && rm -f /tmp/sankofa-public-web.service"
ssh $SSH_OPTS "root@${PROXMOX_HOST}" "pct exec ${VMID} -- systemctl daemon-reload"
ssh $SSH_OPTS "root@${PROXMOX_HOST}" "pct exec ${VMID} -- systemctl enable sankofa-public-web"

echo "✅ CT ${VMID} ready. Next:"
echo "   SANKOFA_PUBLIC_WEB_VMID=${VMID} bash scripts/deployment/sync-sankofa-public-web-to-ct.sh"
echo "   Then set IP_SANKOFA_PUBLIC_WEB=${IP_CT} and run scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh"