bransonian
bransonian
/ phase-f-seed-content.sh
Created
April 24, 2026 04:22
ai-briefing deploy — phase F seed prod DB from dev
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================ | |
| # Phase F — Seed prod DB with dev content (one-time) | |
| # ============================================ | |
| # Swaps /srv/ai-briefing/data/prod.db with the dev local.db | |
| # uploaded to /tmp/dev.db via scp. Stops the service first to | |
| # avoid WAL conflicts, backs up the existing prod.db, installs | |
| # the new one with correct ownership, restarts. Verifies row counts. | |
| set -euo pipefail |
bransonian
/ phase-e-tls.sh
Created
April 24, 2026 04:18
ai-briefing deploy — phase E domain + TLS (certbot)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================ | |
| # Phase E — Domain + TLS (Let's Encrypt via certbot) | |
| # ============================================ | |
| # 1. Verifies DNS A record for sevenzero.ai points to this droplet | |
| # 2. Updates nginx server_name to include sevenzero.ai (+ www if propagated) | |
| # 3. Runs certbot --nginx to issue cert + rewrite nginx for HTTPS | |
| # 4. Updates .env.local: NEXT_PUBLIC_SITE_URL=https://sevenzero.ai | |
| # 5. Restarts briefing.service | |
| # 6. Smoke-tests https://sevenzero.ai |
bransonian
/ fix-db-push.sh
Created
April 24, 2026 03:12
ai-briefing deploy — fix db:push env loading
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================ | |
| # Fix: re-run db:push + db:seed against the real prod.db | |
| # ============================================ | |
| # drizzle-kit and the tsx seed script don't auto-load .env.local, | |
| # so the earlier Phase C run created schema in the wrong file. | |
| # This script explicitly passes DATABASE_URL and re-applies. | |
| set -euo pipefail | |
| REPO_DIR=/srv/ai-briefing/dailyreport |
bransonian
/ phase-d-nginx.sh
Created
April 24, 2026 03:07
ai-briefing deploy — phase D nginx reverse proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================ | |
| # Phase D — nginx reverse proxy (port 80 → 3000) | |
| # ============================================ | |
| # Writes a site config, disables the nginx default page, | |
| # enables the briefing site, tests nginx config, reloads. | |
| # Idempotent. Safe to re-run. | |
| set -euo pipefail | |
| SITE_FILE=/etc/nginx/sites-available/briefing |
bransonian
/ phase-c-service.sh
Created
April 24, 2026 02:59
ai-briefing deploy — phase C db + build + systemd
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================ | |
| # Phase C — DB init + build + systemd service | |
| # ============================================ | |
| # Runs db:push + db:seed + next build as the `briefing` user, then | |
| # installs a systemd unit that runs `npm run start` on port 3000 | |
| # with TZ=UTC and proper filesystem isolation. Idempotent. | |
| set -euo pipefail | |
| REPO_DIR=/srv/ai-briefing/dailyreport |
bransonian
/ phase-b-clone.sh
Last active
April 24, 2026 02:47
ai-briefing deploy — phase B clone + deps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================ | |
| # Phase B — clone repo + install deps (run as root) | |
| # ============================================ | |
| # Reads GitHub PAT from /tmp/pat.txt (if present) or prompts visibly. | |
| # Clones repo as `briefing` user into /srv/ai-briefing/dailyreport, | |
| # strips token from remote URL, persists it in credential store, | |
| # runs `npm ci`. Idempotent. Cleans up /tmp/pat.txt at the end. | |
| set -euo pipefail |
bransonian
/ phase-a-system-setup.sh
Created
April 24, 2026 02:36
ai-briefing deploy — phase A system setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ============================================ | |
| # Phase A — system setup (run as root on fresh Ubuntu droplet) | |
| # ============================================ | |
| # Idempotent: safe to re-run. Halts on first error. | |
| # Installs: Node 20, git, nginx, build tools, certbot, ufw. | |
| # Creates: briefing system user, /srv/ai-briefing/data, 2GB swap. | |
| # Configures: UTC timezone, ufw firewall (22/80/443). | |
| set -euo pipefail |