#!/usr/bin/env bash set -euo pipefail DB_PASSWORD=$(openssl rand -base64 24 | tr -dc A-Za-z0-9 | head -c 24) JWT_SECRET=$(openssl rand -hex 32) sudo mkdir -p /opt/dlami/nvme/pgdata/14/velocity /opt/dlami/nvme/velocity/shared/logs /opt/dlami/nvme/velocity/tls sudo chown -R postgres:postgres /opt/dlami/nvme/pgdata if ! pg_lsclusters | awk 'NR>1 {print $1, $2}' | grep -q '^14 velocity$'; then sudo pg_createcluster 14 velocity --datadir=/opt/dlami/nvme/pgdata/14/velocity -- --auth-local=peer --auth-host=scram-sha-256 fi sudo sed -i "s/^#\?listen_addresses.*/listen_addresses = '127.0.0.1'/" /etc/postgresql/14/velocity/postgresql.conf sudo pg_ctlcluster 14 velocity start if ! sudo -u postgres psql -p 5432 -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'velocity_app'" | grep -q 1; then sudo -u postgres psql -p 5432 -c "CREATE ROLE velocity_app LOGIN PASSWORD '$DB_PASSWORD';" else sudo -u postgres psql -p 5432 -c "ALTER ROLE velocity_app WITH PASSWORD '$DB_PASSWORD';" fi if ! sudo -u postgres psql -p 5432 -tAc "SELECT 1 FROM pg_database WHERE datname = 'velocity'" | grep -q 1; then sudo -u postgres psql -p 5432 -c "CREATE DATABASE velocity OWNER velocity_app;" fi psql "postgresql://velocity_app:${DB_PASSWORD}@127.0.0.1:5432/velocity" -f /opt/dlami/nvme/velocity/current/backend/db/schema.sql psql "postgresql://velocity_app:${DB_PASSWORD}@127.0.0.1:5432/velocity" -f /opt/dlami/nvme/velocity/current/backend/db/schema_addendum.sql cat > /tmp/velocity.env < /tmp/velocity-backend.service <<'EOF' [Unit] Description=Project Velocity NVMe FastAPI Backend After=network.target postgresql@14-velocity.service ollama.service docker.service Wants=postgresql@14-velocity.service ollama.service docker.service [Service] Type=simple User=ubuntu Group=ubuntu WorkingDirectory=/opt/dlami/nvme/velocity/current Environment=PYTHONPATH=/opt/dlami/nvme/velocity/current EnvironmentFile=/opt/dlami/nvme/velocity/env ExecStart=/opt/dlami/nvme/velocity/venv/bin/python -m uvicorn backend.main:app --host 127.0.0.1 --port 8001 Restart=always RestartSec=5 StandardOutput=append:/opt/dlami/nvme/velocity/shared/logs/backend.log StandardError=append:/opt/dlami/nvme/velocity/shared/logs/backend.log [Install] WantedBy=multi-user.target EOF sudo mv /tmp/velocity-backend.service /etc/systemd/system/velocity-backend.service sudo openssl req -x509 -nodes -newkey rsa:2048 -days 365 -subj '/CN=18.212.122.77' -keyout /opt/dlami/nvme/velocity/tls/velocity.key -out /opt/dlami/nvme/velocity/tls/velocity.crt >/dev/null 2>&1 sudo chown root:root /opt/dlami/nvme/velocity/tls/velocity.key /opt/dlami/nvme/velocity/tls/velocity.crt sudo chmod 600 /opt/dlami/nvme/velocity/tls/velocity.key cat > /tmp/velocity-nginx.conf <<'EOF' server { listen 443 ssl; server_name 18.212.122.77; ssl_certificate /opt/dlami/nvme/velocity/tls/velocity.crt; ssl_certificate_key /opt/dlami/nvme/velocity/tls/velocity.key; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_pass http://127.0.0.1:8001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } location /ws/ { proxy_pass http://127.0.0.1:8001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } } EOF sudo mv /tmp/velocity-nginx.conf /etc/nginx/sites-available/velocity sudo rm -f /etc/nginx/sites-enabled/default sudo ln -sfn /etc/nginx/sites-available/velocity /etc/nginx/sites-enabled/velocity sudo systemctl daemon-reload sudo systemctl enable velocity-backend.service sudo systemctl restart velocity-backend.service sudo nginx -t sudo systemctl restart nginx