Hostityourself/infra/boot.sh

#!/usr/bin/env bash
# boot.sh — bring up the HIY stack without rebuilding images.
# Called on system boot by the hiy.service systemd user unit.
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"

# ── Load .env ──────────────────────────────────────────────────────────────────
if [ -f "$REPO_ROOT/.env" ]; then
    set -a; source "$REPO_ROOT/.env"; set +a
fi

# ── Ensure subuid/subgid entries exist ────────────────────────────────────────
_HIY_USER="$(id -un)"
if ! grep -q "^${_HIY_USER}:" /etc/subuid 2>/dev/null; then
    echo "${_HIY_USER}:100000:65536" | sudo tee -a /etc/subuid > /dev/null
fi
if ! grep -q "^${_HIY_USER}:" /etc/subgid 2>/dev/null; then
    echo "${_HIY_USER}:100000:65536" | sudo tee -a /etc/subgid > /dev/null
fi

# ── Allow rootless processes to bind ports 80/443 ─────────────────────────────
# /etc/sysctl.conf should persist this across reboots, but apply it immediately
# in case the kernel hasn't picked it up yet.
if [ "$(sysctl -n net.ipv4.ip_unprivileged_port_start)" -gt 80 ]; then
    sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80
fi

# ── Ensure XDG_RUNTIME_DIR exists and is writable ─────────────────────────────
_HIY_XDG="/run/user/$(id -u)"
if [ ! -d "$_HIY_XDG" ]; then
    sudo mkdir -p "$_HIY_XDG"
fi
if [ ! -w "$_HIY_XDG" ]; then
    sudo chown "$(id -u):$(id -g)" "$_HIY_XDG"
    sudo chmod 0700 "$_HIY_XDG"
fi
export XDG_RUNTIME_DIR="$_HIY_XDG"

PODMAN_SOCK="${_HIY_XDG}/podman.sock"
export PODMAN_SOCK
export DOCKER_HOST="unix://${PODMAN_SOCK}"

# ── Start Podman socket if not already running ─────────────────────────────────
if ! [ -S "$PODMAN_SOCK" ]; then
    echo "[hiy] Starting Podman socket…"
    podman system service --time=0 "unix://${PODMAN_SOCK}" &
    for i in 1 2 3 4 5; do
        [ -S "$PODMAN_SOCK" ] && break
        sleep 1
    done
fi
[ -S "$PODMAN_SOCK" ] || { echo "ERROR: Podman socket did not appear"; exit 1; }

# ── Bring up the stack ─────────────────────────────────────────────────────────
podman system migrate
podman compose --env-file "$REPO_ROOT/.env" -f "$SCRIPT_DIR/docker-compose.yml" up -d

# ── Restart deployed app containers ───────────────────────────────────────────
podman ps -a --filter "status=exited" --format "{{.Names}}" \
    | grep '^hiy-' \
    | while IFS= read -r name; do
        echo "[hiy] Restarting app: $name"
        podman start "$name" || true
      done

echo "[hiy] Stack is up."