Add auto-deployment infrastructure for all 4 LXCs

- Per-LXC deploy scripts (lxc151-hookshot, lxc106-cinny, lxc139-landing, lxc110-draupnir) - Per-LXC webhook hook configs with unique HMAC-SHA256 secrets - Livekit graceful restart script + systemd timer (waits for zero active calls) - Fix hookshot/deploy.sh capitalization bug (Uptime-Kuma, Tinker-Tickets, etc.) Each LXC independently clones repo and runs its own deploy.sh via adnanh/webhook on port 9000. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-18 11:41:32 -04:00
parent 0e275d725e
commit 5e936b2ca1
12 changed files with 293 additions and 2 deletions
--- a/deploy/lxc110-draupnir.sh
+++ b/deploy/lxc110-draupnir.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# Auto-deploy script for LXC 110 (draupnir)
+# Handles: draupnir/production.yaml — restarts draupnir after deploy
+# NOTE: access token in production.yaml is redacted in git.
+#       The real token lives only at /opt/draupnir/config/production.yaml on this LXC.
+#       This script merges the git version (structure/settings) with the live token.
+# Triggered by: Gitea webhook on push to main
+set -euo pipefail
+
+REPO_DIR="/opt/matrix-config"
+LIVE_CONFIG="/opt/draupnir/config/production.yaml"
+LOG="/var/log/matrix-deploy.log"
+CLONE_URL="https://code.lotusguild.org/LotusGuild/matrix.git"
+
+exec >> "$LOG" 2>&1
+echo "=== $(date) === LXC110 deploy triggered ==="
+
+# Clone or pull
+if [ ! -d "$REPO_DIR/.git" ]; then
+    git clone "$CLONE_URL" "$REPO_DIR"
+    CHANGED="draupnir/production.yaml"
+else
+    cd "$REPO_DIR"
+    git fetch --all
+    PREV=$(git rev-parse HEAD)
+    git reset --hard origin/main
+    NEW=$(git rev-parse HEAD)
+    CHANGED=$(git diff --name-only "$PREV" "$NEW")
+    echo "Changed files: $CHANGED"
+fi
+
+if echo "$CHANGED" | grep -q '^draupnir/production.yaml'; then
+    echo "Deploying draupnir config..."
+
+    # Extract live access token (never stored in git)
+    LIVE_TOKEN=$(grep '^accessToken:' "$LIVE_CONFIG" | awk '{print $2}' | tr -d '"')
+    if [ -z "$LIVE_TOKEN" ]; then
+        echo "ERROR: Could not extract live accessToken from $LIVE_CONFIG — aborting." >&2
+        exit 1
+    fi
+
+    # Copy repo version and restore the live token
+    cp "$REPO_DIR/draupnir/production.yaml" "$LIVE_CONFIG"
+    sed -i "s|accessToken: \"REDACTED\"|accessToken: \"$LIVE_TOKEN\"|" "$LIVE_CONFIG"
+
+    echo "Restarting draupnir..."
+    systemctl restart draupnir
+    sleep 3
+    systemctl is-active draupnir && echo "✓ draupnir restarted successfully" || echo "✗ draupnir failed to start"
+fi
+
+echo "=== $(date) === LXC110 deploy complete ==="