#!/usr/bin/env bash # boot.sh — bring up the HIY stack without rebuilding images. # Called on system boot by the hiy.service systemd user unit. set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" # ── Load .env ────────────────────────────────────────────────────────────────── if [ -f "$REPO_ROOT/.env" ]; then set -a; source "$REPO_ROOT/.env"; set +a fi # ── Ensure subuid/subgid entries exist ──────────────────────────────────────── _HIY_USER="$(id -un)" if ! grep -q "^${_HIY_USER}:" /etc/subuid 2>/dev/null; then echo "${_HIY_USER}:100000:65536" | sudo tee -a /etc/subuid > /dev/null fi if ! grep -q "^${_HIY_USER}:" /etc/subgid 2>/dev/null; then echo "${_HIY_USER}:100000:65536" | sudo tee -a /etc/subgid > /dev/null fi # ── Allow rootless processes to bind ports 80/443 ───────────────────────────── # /etc/sysctl.conf should persist this across reboots, but apply it immediately # in case the kernel hasn't picked it up yet. if [ "$(sysctl -n net.ipv4.ip_unprivileged_port_start)" -gt 80 ]; then sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80 fi # ── Ensure XDG_RUNTIME_DIR exists and is writable ───────────────────────────── _HIY_XDG="/run/user/$(id -u)" if [ ! -d "$_HIY_XDG" ]; then sudo mkdir -p "$_HIY_XDG" fi if [ ! -w "$_HIY_XDG" ]; then sudo chown "$(id -u):$(id -g)" "$_HIY_XDG" sudo chmod 0700 "$_HIY_XDG" fi export XDG_RUNTIME_DIR="$_HIY_XDG" PODMAN_SOCK="${_HIY_XDG}/podman.sock" export PODMAN_SOCK export DOCKER_HOST="unix://${PODMAN_SOCK}" # ── Start Podman socket if not already running ───────────────────────────────── if ! [ -S "$PODMAN_SOCK" ]; then echo "[hiy] Starting Podman socket…" podman system service --time=0 "unix://${PODMAN_SOCK}" & for i in 1 2 3 4 5; do [ -S "$PODMAN_SOCK" ] && break sleep 1 done fi [ -S "$PODMAN_SOCK" ] || { echo "ERROR: Podman socket did not appear"; exit 1; } # ── Bring up the stack ───────────────────────────────────────────────────────── podman system migrate podman compose --env-file "$REPO_ROOT/.env" -f "$SCRIPT_DIR/docker-compose.yml" up -d echo "[hiy] Stack is up."