lynaghk/deploy.sh

## deploy.sh
#!/bin/bash

set -e

lein uberjar
rsync target/weathertron.jar weathertron@weathertron:.
ssh root@weathertron svc -t /etc/service/weathertron

## project.clj
(defproject com.keminglabs/weathertron-backend "0.1.0-SNAPSHOT"
  :dependencies [[org.clojure/clojure "1.6.0"]
                 [org.clojure/tools.cli "0.3.1"]
                 [org.clojure/core.memoize "0.5.6"]

                 [ring/ring-jetty-adapter "1.3.1"]
                 [compojure "1.1.9"
                  :exclusions [ring.core]]

                 [cheshire "5.3.1"]
                 [com.cognitect/transit-clj "0.8.259"]

                 [clj-http "0.9.2"]
                 [clj-time "0.8.0" :exclusions [joda-time]]
                 [joda-time "2.5"]
                 [lonocloud/synthread "1.0.4"]]

  :min-lein-version "2.0.0"
  :global-vars {*warn-on-reflection* true}
  :profiles {:dev {:dependencies [;;Testing deps
                                  [midje "1.6.3"]
                                  [ring-mock "0.1.3"]]
                   :source-paths ["dev" "test"]
                   :repl-options {:init-ns user}}

             :production {:jvm-opts ["-javaagent:newrelic/newrelic.jar"
                                     "-Xmx1g" "-server"]}

             :uberjar {:omit-source true
                       :uberjar-name "weathertron.jar"
                       :aot :all}}

  :source-paths ["src/clj"]
  :main com.keminglabs.weathertron.main
  :aot [com.keminglabs.weathertron.main])

## setup_server.sh
#!/bin/bash
# Run as root on an Ubuntu 14.04 LTS Digital Ocean machine
set -e


SSH_PUBKEY="ssh-dss AAAAB3NzaC1kc3MAAACBALWqLjkY1vJCyv3/ELqZXmTyPO1DvOs70Q0pv3bPyfRxiHV4fSMejEcZQS1z548apSsN2QT9gmHKJMK3M/l2GHPf9W+g//zZzMALxWf73sz5w6jdOMevy81xeSmlR+SrkwFL4pMszlxckv/KfiWcU0dYZ7jVx3hlGbwEZQ1LrYinAAAAFQDJcMSc8jcqqHuBJpy2enqxuo0lUwAAAIEAinQKpEBvecpawWLM/W1vA6UJaJOYHF7tcWe4ZK6/qaSqZ9eTctvgY6G5XkBEq8i9iE5b2eaFuihERQm/P0nSHLcYqy9JMJpC+ELIdQ4aD0jEMiA6uJQn0OSBcxSRHDYExJZBOOPo62L1SINSqJWuR8e4MLZIOm8Z9GgHJberOJEAAACAT1kAiMWHPg33e4JAroK/56xxON5Q/W6+V5VdGdeVPt3iVULivBdxHaTrE3llH8aBeTjd7i8tlMdvWgQhoex7VWz0DC4pKPnWZlnuZOMHFUbNeDRhOIaALSbWiubBF6BGjWzWWX6vI18QjR8dCQdDnKa46EFpjEGL9zpif4C8txA= weathertron@keminglabs.com"

mkdir -p .ssh/
echo "$SSH_PUBKEY" > .ssh/authorized_keys

apt-get update
apt-get upgrade -y

echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections

apt-get install -y --no-install-recommends openjdk-7-jdk htop screen fail2ban daemontools-run zile iptables-persistent


# Allow SSH, HTTP, and HTTPS traffic only
iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -P OUTPUT ACCEPT
/etc/init.d/iptables-persistent save


###################
# Weathertron server

mkdir -p /etc/service/weathertron/log
cat <<- "EOF" > /etc/service/weathertron/run
#!/bin/bash
set -e
exec 2>&1
cd /home/weathertron/

swapoff -a
export LANG=en_US.UTF-8

# Go fast JVM settings from Tom Crayford
exec setuidgid weathertron java -jar -server -d64                                                    \
                            -XX:MaxPermSize=96m -XX:+UseParNewGC                                     \
                            -XX:+UseConcMarkSweepGC -XX:+AggressiveOpts -XX:+UseFastAccessorMethods  \
                            weathertron.jar
EOF
chmod +x /etc/service/weathertron/run

cat <<- "EOF" > /etc/service/weathertron/log/run
#!/bin/bash
set -e
PATH=/usr/local/bin:/usr/bin:/bin
mkdir -p /var/log/weathertron
chown -R weathertron:weathertron /var/log/weathertron
exec 2>&1
exec setuidgid weathertron multilog t s10485760 n5 '!tai64nlocal' /var/log/weathertron
EOF
chmod +x /etc/service/weathertron/log/run


#####################
# Weathertron user

id -u weathertron &>/dev/null || adduser --disabled-password --gecos "" weathertron

mkdir -p /home/weathertron/.ssh/
echo "$SSH_PUBKEY" > /home/weathertron/.ssh/authorized_keys
chown weathertron /home/weathertron/.ssh/authorized_keys
	#!/bin/bash

	set -e

	lein uberjar
	rsync target/weathertron.jar weathertron@weathertron:.
	ssh root@weathertron svc -t /etc/service/weathertron
	(defproject com.keminglabs/weathertron-backend "0.1.0-SNAPSHOT"
	:dependencies [[org.clojure/clojure "1.6.0"]
	[org.clojure/tools.cli "0.3.1"]
	[org.clojure/core.memoize "0.5.6"]

	[ring/ring-jetty-adapter "1.3.1"]
	[compojure "1.1.9"
	:exclusions [ring.core]]

	[cheshire "5.3.1"]
	[com.cognitect/transit-clj "0.8.259"]

	[clj-http "0.9.2"]
	[clj-time "0.8.0" :exclusions [joda-time]]
	[joda-time "2.5"]
	[lonocloud/synthread "1.0.4"]]

	:min-lein-version "2.0.0"
	:global-vars {warn-on-reflection true}
	:profiles {:dev {:dependencies [;;Testing deps
	[midje "1.6.3"]
	[ring-mock "0.1.3"]]
	:source-paths ["dev" "test"]
	:repl-options {:init-ns user}}

	:production {:jvm-opts ["-javaagent:newrelic/newrelic.jar"
	"-Xmx1g" "-server"]}

	:uberjar {:omit-source true
	:uberjar-name "weathertron.jar"
	:aot :all}}

	:source-paths ["src/clj"]
	:main com.keminglabs.weathertron.main
	:aot [com.keminglabs.weathertron.main])
	#!/bin/bash
	# Run as root on an Ubuntu 14.04 LTS Digital Ocean machine
	set -e


	SSH_PUBKEY="ssh-dss AAAAB3NzaC1kc3MAAACBALWqLjkY1vJCyv3/ELqZXmTyPO1DvOs70Q0pv3bPyfRxiHV4fSMejEcZQS1z548apSsN2QT9gmHKJMK3M/l2GHPf9W+g//zZzMALxWf73sz5w6jdOMevy81xeSmlR+SrkwFL4pMszlxckv/KfiWcU0dYZ7jVx3hlGbwEZQ1LrYinAAAAFQDJcMSc8jcqqHuBJpy2enqxuo0lUwAAAIEAinQKpEBvecpawWLM/W1vA6UJaJOYHF7tcWe4ZK6/qaSqZ9eTctvgY6G5XkBEq8i9iE5b2eaFuihERQm/P0nSHLcYqy9JMJpC+ELIdQ4aD0jEMiA6uJQn0OSBcxSRHDYExJZBOOPo62L1SINSqJWuR8e4MLZIOm8Z9GgHJberOJEAAACAT1kAiMWHPg33e4JAroK/56xxON5Q/W6+V5VdGdeVPt3iVULivBdxHaTrE3llH8aBeTjd7i8tlMdvWgQhoex7VWz0DC4pKPnWZlnuZOMHFUbNeDRhOIaALSbWiubBF6BGjWzWWX6vI18QjR8dCQdDnKa46EFpjEGL9zpif4C8txA= weathertron@keminglabs.com"

	mkdir -p .ssh/
	echo "$SSH_PUBKEY" > .ssh/authorized_keys

	apt-get update
	apt-get upgrade -y

	echo iptables-persistent iptables-persistent/autosave_v4 boolean true \| debconf-set-selections
	echo iptables-persistent iptables-persistent/autosave_v6 boolean true \| debconf-set-selections

	apt-get install -y --no-install-recommends openjdk-7-jdk htop screen fail2ban daemontools-run zile iptables-persistent


	# Allow SSH, HTTP, and HTTPS traffic only
	iptables -F
	iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
	iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
	iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
	iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
	iptables -P OUTPUT ACCEPT
	/etc/init.d/iptables-persistent save



	###################
	# Weathertron server

	mkdir -p /etc/service/weathertron/log
	cat <<- "EOF" > /etc/service/weathertron/run
	#!/bin/bash
	set -e
	exec 2>&1
	cd /home/weathertron/

	swapoff -a
	export LANG=en_US.UTF-8

	# Go fast JVM settings from Tom Crayford
	exec setuidgid weathertron java -jar -server -d64 \
	-XX:MaxPermSize=96m -XX:+UseParNewGC \
	-XX:+UseConcMarkSweepGC -XX:+AggressiveOpts -XX:+UseFastAccessorMethods \
	weathertron.jar
	EOF
	chmod +x /etc/service/weathertron/run

	cat <<- "EOF" > /etc/service/weathertron/log/run
	#!/bin/bash
	set -e
	PATH=/usr/local/bin:/usr/bin:/bin
	mkdir -p /var/log/weathertron
	chown -R weathertron:weathertron /var/log/weathertron
	exec 2>&1
	exec setuidgid weathertron multilog t s10485760 n5 '!tai64nlocal' /var/log/weathertron
	EOF
	chmod +x /etc/service/weathertron/log/run


	#####################
	# Weathertron user

	id -u weathertron &>/dev/null \|\| adduser --disabled-password --gecos "" weathertron

	mkdir -p /home/weathertron/.ssh/
	echo "$SSH_PUBKEY" > /home/weathertron/.ssh/authorized_keys
	chown weathertron /home/weathertron/.ssh/authorized_keys