#!/usr/bin/env bash set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" cd "$SCRIPT_DIR" # ── Load .env from repo root ─────────────────────────────────────────────────── if [ -f "$REPO_ROOT/.env" ]; then set -a; source "$REPO_ROOT/.env"; set +a fi DOMAIN_SUFFIX="${DOMAIN_SUFFIX:-}" ACME_EMAIL="${ACME_EMAIL:-}" # ── Validate ─────────────────────────────────────────────────────────────────── if [ -z "$DOMAIN_SUFFIX" ] || [ "$DOMAIN_SUFFIX" = "localhost" ]; then echo "ERROR: Set DOMAIN_SUFFIX to your real domain in infra/.env" exit 1 fi if [ -z "$ACME_EMAIL" ]; then echo "ERROR: Set ACME_EMAIL in infra/.env (required for Let's Encrypt)" exit 1 fi # ── Generate production caddy.json ───────────────────────────────────────────── # Writes TLS-enabled config using Let's Encrypt (no Cloudflare required). # Caddy will use the HTTP-01 challenge (port 80) or TLS-ALPN-01 (port 443). cat > "$SCRIPT_DIR/../proxy/caddy.json" < is created by PAM/logind and doesn't exist in non-login # shells. Podman uses XDG_RUNTIME_DIR for RunRoot, events dirs, and the # default socket path, so we must set it to something writable before any # podman invocation. if [ ! -d "${XDG_RUNTIME_DIR:-}" ] || [ ! -w "${XDG_RUNTIME_DIR:-}" ]; then export XDG_RUNTIME_DIR="/tmp/podman-$(id -u)" mkdir -p "$XDG_RUNTIME_DIR" fi PODMAN_SOCK="${XDG_RUNTIME_DIR}/podman.sock" export PODMAN_SOCK export DOCKER_HOST="unix://${PODMAN_SOCK}" if [ ! -S "$PODMAN_SOCK" ]; then echo "[hiy] Starting Podman socket via podman system service…" podman system service --time=0 "unix://${PODMAN_SOCK}" & # Wait up to 5 s for the socket to appear for i in 1 2 3 4 5; do [ -S "$PODMAN_SOCK" ] && break sleep 1 done [ -S "$PODMAN_SOCK" ] || { echo "ERROR: Podman socket did not appear"; exit 1; } fi # ── Build images ─────────────────────────────────────────────────────────────── make build # ── Start services (detached) ────────────────────────────────────────────────── podman compose --env-file "$REPO_ROOT/.env" up -d