115 lines
4.5 KiB
Bash
115 lines
4.5 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
DB_PASSWORD=$(openssl rand -base64 24 | tr -dc A-Za-z0-9 | head -c 24)
|
|
JWT_SECRET=$(openssl rand -hex 32)
|
|
|
|
sudo mkdir -p /opt/dlami/nvme/pgdata/14/velocity /opt/dlami/nvme/velocity/shared/logs /opt/dlami/nvme/velocity/tls
|
|
sudo chown -R postgres:postgres /opt/dlami/nvme/pgdata
|
|
|
|
if ! pg_lsclusters | awk 'NR>1 {print $1, $2}' | grep -q '^14 velocity$'; then
|
|
sudo pg_createcluster 14 velocity --datadir=/opt/dlami/nvme/pgdata/14/velocity -- --auth-local=peer --auth-host=scram-sha-256
|
|
fi
|
|
|
|
sudo sed -i "s/^#\?listen_addresses.*/listen_addresses = '127.0.0.1'/" /etc/postgresql/14/velocity/postgresql.conf
|
|
sudo pg_ctlcluster 14 velocity start
|
|
|
|
if ! sudo -u postgres psql -p 5432 -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'velocity_app'" | grep -q 1; then
|
|
sudo -u postgres psql -p 5432 -c "CREATE ROLE velocity_app LOGIN PASSWORD '$DB_PASSWORD';"
|
|
else
|
|
sudo -u postgres psql -p 5432 -c "ALTER ROLE velocity_app WITH PASSWORD '$DB_PASSWORD';"
|
|
fi
|
|
|
|
if ! sudo -u postgres psql -p 5432 -tAc "SELECT 1 FROM pg_database WHERE datname = 'velocity'" | grep -q 1; then
|
|
sudo -u postgres psql -p 5432 -c "CREATE DATABASE velocity OWNER velocity_app;"
|
|
fi
|
|
|
|
psql "postgresql://velocity_app:${DB_PASSWORD}@127.0.0.1:5432/velocity" -f /opt/dlami/nvme/velocity/current/backend/db/schema.sql
|
|
psql "postgresql://velocity_app:${DB_PASSWORD}@127.0.0.1:5432/velocity" -f /opt/dlami/nvme/velocity/current/backend/db/schema_addendum.sql
|
|
|
|
cat > /tmp/velocity.env <<EOF
|
|
VELOCITY_DB_HOST=127.0.0.1
|
|
VELOCITY_DB_PORT=5432
|
|
VELOCITY_DB_NAME=velocity
|
|
VELOCITY_DB_USER=velocity_app
|
|
VELOCITY_DB_PASSWORD=${DB_PASSWORD}
|
|
VELOCITY_JWT_SECRET=${JWT_SECRET}
|
|
CORS_ORIGINS=http://localhost:5173,https://18.212.122.77
|
|
VELOCITY_ASSET_DIR=/opt/dlami/nvme/assets
|
|
OLLAMA_BASE_URL=http://127.0.0.1:11434
|
|
NEMOCLAW_BASE_URL=http://127.0.0.1:8080
|
|
NEMOCLAW_MODEL=qwen3.5:27b
|
|
NEMOCLAW_TIMEOUT_S=45.0
|
|
NEMOCLAW_TEMPERATURE=0.2
|
|
NEMOCLAW_PROMPT_DIR=/opt/dlami/nvme/nemoclaw/prompts
|
|
ALLOW_NVIDIA_FALLBACK=false
|
|
EOF
|
|
sudo mv /tmp/velocity.env /opt/dlami/nvme/velocity/env
|
|
sudo chown root:ubuntu /opt/dlami/nvme/velocity/env
|
|
sudo chmod 640 /opt/dlami/nvme/velocity/env
|
|
|
|
cat > /tmp/velocity-backend.service <<'EOF'
|
|
[Unit]
|
|
Description=Project Velocity NVMe FastAPI Backend
|
|
After=network.target postgresql@14-velocity.service ollama.service docker.service
|
|
Wants=postgresql@14-velocity.service ollama.service docker.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=ubuntu
|
|
Group=ubuntu
|
|
WorkingDirectory=/opt/dlami/nvme/velocity/current
|
|
Environment=PYTHONPATH=/opt/dlami/nvme/velocity/current
|
|
EnvironmentFile=/opt/dlami/nvme/velocity/env
|
|
ExecStart=/opt/dlami/nvme/velocity/venv/bin/python -m uvicorn backend.main:app --host 127.0.0.1 --port 8001
|
|
Restart=always
|
|
RestartSec=5
|
|
StandardOutput=append:/opt/dlami/nvme/velocity/shared/logs/backend.log
|
|
StandardError=append:/opt/dlami/nvme/velocity/shared/logs/backend.log
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
sudo mv /tmp/velocity-backend.service /etc/systemd/system/velocity-backend.service
|
|
|
|
sudo openssl req -x509 -nodes -newkey rsa:2048 -days 365 -subj '/CN=18.212.122.77' -keyout /opt/dlami/nvme/velocity/tls/velocity.key -out /opt/dlami/nvme/velocity/tls/velocity.crt >/dev/null 2>&1
|
|
sudo chown root:root /opt/dlami/nvme/velocity/tls/velocity.key /opt/dlami/nvme/velocity/tls/velocity.crt
|
|
sudo chmod 600 /opt/dlami/nvme/velocity/tls/velocity.key
|
|
|
|
cat > /tmp/velocity-nginx.conf <<'EOF'
|
|
server {
|
|
listen 443 ssl;
|
|
server_name 18.212.122.77;
|
|
|
|
ssl_certificate /opt/dlami/nvme/velocity/tls/velocity.crt;
|
|
ssl_certificate_key /opt/dlami/nvme/velocity/tls/velocity.key;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8001;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://127.0.0.1:8001;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
}
|
|
}
|
|
EOF
|
|
sudo mv /tmp/velocity-nginx.conf /etc/nginx/sites-available/velocity
|
|
sudo rm -f /etc/nginx/sites-enabled/default
|
|
sudo ln -sfn /etc/nginx/sites-available/velocity /etc/nginx/sites-enabled/velocity
|
|
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable velocity-backend.service
|
|
sudo systemctl restart velocity-backend.service
|
|
sudo nginx -t
|
|
sudo systemctl restart nginx |