feat: add install script

2026-02-07 22:39:46 -06:00 · 2025-09-10 20:03:24 +02:00
parent 62f8a56c7a
commit 6608bd7dc2
7 changed files with 174 additions and 12 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -46,6 +46,9 @@ Dockerfile*
 docker-compose*
 .dockerignore

+# Installation files (for downloads only)
+install/
+
 # Node.js (if any frontend assets)
 node_modules/
 npm-debug.log
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@ CLAUDE.md
 .env

 docker-compose.local.yml
+docker-compose.prod.yml

--- a/README.md
+++ b/README.md
@@ -30,13 +30,21 @@ Service sécurisé de validation de lecture avec traçabilité cryptographique e

 ### Avec Docker (recommandé)
 ```bash
-git clone https://github.com/btouchard/ackify.git
-cd ackify
+# Installation automatique
+curl -fsSL https://raw.githubusercontent.com/btouchard/ackify/main/install/install.sh | bash

-# Configuration minimale
+# Ou téléchargement manuel
+curl -O https://raw.githubusercontent.com/btouchard/ackify/main/install/docker-compose.yml
+curl -O https://raw.githubusercontent.com/btouchard/ackify/main/install/.env.example
+
+# Configuration
 cp .env.example .env
 # Éditez .env avec vos paramètres OAuth2

+# Génération des secrets
+export OAUTH_COOKIE_SECRET=$(openssl rand -base64 32)
+export ED25519_PRIVATE_KEY_B64=$(openssl genpkey -algorithm Ed25519 | base64 -w 0)
+
 # Démarrage
 docker compose up -d

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,14 +20,9 @@ services:
      ackify_db:
        condition: service_healthy
    networks:
-      - web
      - internal
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DNS}`)"
-      - "traefik.http.routers.${APP_NAME}.entrypoints=websecure"
-      - "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt"
-      - "traefik.http.services.${APP_NAME}.loadbalancer.server.port=8080"
+    ports:
+      - "8080:8080"

  ackify_db:
    image: postgres:16-alpine
@@ -49,8 +44,6 @@ services:

 networks:
  internal:
-  web:
-    external: true

 volumes:
  ackify_data:
--- a/install/.env.example
+++ b/install/.env.example
@@ -0,0 +1,47 @@
+# Application Configuration
+APP_NAME=ackify
+APP_DNS=your-domain.com
+APP_BASE_URL=https://your-domain.com
+APP_ORGANISATION="Your Organization Name"
+
+# Database Configuration
+POSTGRES_USER=ackifyr
+POSTGRES_PASSWORD=your_secure_password
+POSTGRES_DB=ackify
+
+# OAuth2 Configuration - Popular providers
+OAUTH_PROVIDER=google
+OAUTH_CLIENT_ID=your_oauth_client_id
+OAUTH_CLIENT_SECRET=your_oauth_client_secret
+OAUTH_ALLOWED_DOMAIN=@your-organization.com
+
+# Security Configuration (generate with commands below)
+OAUTH_COOKIE_SECRET=your_base64_encoded_secret_key
+ED25519_PRIVATE_KEY_B64=your_base64_encoded_ed25519_private_key
+
+# Server Configuration
+LISTEN_ADDR=:8080
+
+# ========================================
+# CONFIGURATION INSTRUCTIONS
+# ========================================
+
+# 1. Generate secure secrets:
+#    OAUTH_COOKIE_SECRET=$(openssl rand -base64 32)
+#    ED25519_PRIVATE_KEY_B64=$(openssl genpkey -algorithm Ed25519 | base64 -w 0)
+
+# 2. OAuth2 Provider Configuration:
+#    GOOGLE:    OAUTH_PROVIDER=google
+#    GITHUB:    OAUTH_PROVIDER=github  
+#    GITLAB:    OAUTH_PROVIDER=gitlab
+#    CUSTOM:    Leave OAUTH_PROVIDER empty and set:
+#               OAUTH_AUTH_URL=https://your-provider.com/oauth/authorize
+#               OAUTH_TOKEN_URL=https://your-provider.com/oauth/token
+#               OAUTH_USERINFO_URL=https://your-provider.com/api/user
+#               OAUTH_SCOPES=openid,email
+
+# 3. For GitLab self-hosted:
+#    OAUTH_GITLAB_URL=https://gitlab.your-company.com
+
+# 4. Domain restriction (optional):
+#    OAUTH_ALLOWED_DOMAIN=@company.com
--- a/install/docker-compose.yml
+++ b/install/docker-compose.yml
@@ -0,0 +1,49 @@
+name: ackify
+
+services:
+  ackify:
+    image: btouchard/ackify:latest
+    container_name: ackify
+    restart: unless-stopped
+    environment:
+      APP_BASE_URL: "https://${APP_DNS}"
+      APP_ORGANISATION: "${APP_ORGANISATION}"
+      OAUTH_PROVIDER: "${OAUTH_PROVIDER}"
+      OAUTH_CLIENT_ID: "${OAUTH_CLIENT_ID}"
+      OAUTH_CLIENT_SECRET: "${OAUTH_CLIENT_SECRET}"
+      OAUTH_ALLOWED_DOMAIN: "${OAUTH_ALLOWED_DOMAIN}"
+      OAUTH_COOKIE_SECRET: "${OAUTH_COOKIE_SECRET}"
+      DB_DSN: "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@ackify_db:5432/${POSTGRES_DB}?sslmode=disable"
+      ED25519_PRIVATE_KEY_B64: "${ED25519_PRIVATE_KEY_B64}"
+      LISTEN_ADDR: ":8080"
+    depends_on:
+      ackify_db:
+        condition: service_healthy
+    networks:
+      - internal
+    ports:
+      - "8080:8080"
+
+  ackify_db:
+    image: postgres:16-alpine
+    container_name: ackify_db
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    volumes:
+      - ackify_data:/var/lib/postgresql/data
+    networks:
+      - internal
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+networks:
+  internal:
+
+volumes:
+  ackify_data:
--- a/install/install.sh
+++ b/install/install.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# Ackify Installation Script
+# Quick setup for Docker deployment
+
+set -e
+
+echo "🔐 Ackify Installation"
+echo "========================="
+
+# Create installation directory
+INSTALL_DIR="ackify-install"
+if [ -d "$INSTALL_DIR" ]; then
+    echo "❌ Directory $INSTALL_DIR already exists. Please remove it first."
+    exit 1
+fi
+
+mkdir -p "$INSTALL_DIR"
+cd "$INSTALL_DIR"
+
+echo "📦 Downloading configuration files..."
+
+# Download docker-compose.yml
+curl -fsSL https://raw.githubusercontent.com/btouchard/ackify/main/install/docker-compose.yml -o docker-compose.yml
+
+# Download .env.example
+curl -fsSL https://raw.githubusercontent.com/btouchard/ackify/main/install/.env.example -o .env.example
+
+echo "🔧 Setting up environment..."
+
+# Copy .env.example to .env
+cp .env.example .env
+
+# Generate secure secrets
+echo "🔑 Generating secure secrets..."
+COOKIE_SECRET=$(openssl rand -base64 32)
+ED25519_KEY=$(openssl genpkey -algorithm Ed25519 | base64 -w 0)
+
+# Replace placeholders in .env
+sed -i "s/your_base64_encoded_secret_key/$COOKIE_SECRET/" .env
+sed -i "s/your_base64_encoded_ed25519_private_key/$ED25519_KEY/" .env
+
+# Generate random password for PostgreSQL
+DB_PASSWORD=$(openssl rand -base64 24)
+sed -i "s/your_secure_password/$DB_PASSWORD/" .env
+
+echo "✅ Installation completed!"
+echo ""
+echo "📋 Next steps:"
+echo "1. Edit .env file with your OAuth2 configuration:"
+echo "   - Set APP_DNS to your domain"
+echo "   - Configure OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET"
+echo "   - Optionally set OAUTH_ALLOWED_DOMAIN for user restriction"
+echo ""
+echo "2. Start Ackify:"
+echo "   docker compose up -d"
+echo ""
+echo "3. Check health:"
+echo "   curl http://localhost:8080/healthz"
+echo ""
+echo "📁 Installation directory: $(pwd)"