Tetardtek-Cortex/brain-template
1
0
Fork 0
Code Pull Requests Activity

fix(scripts): dépersonnaliser les 3 scripts SUPERVISOR — VPS_WATCH_ROOT + VPS_SERVICE_USER

Browse Source 
- brain-watch-vps.sh : WATCH_ROOT hardcodé → ${VPS_WATCH_ROOT:-$HOME/brain-watch}
  + message d'erreur git clone lit BRAIN_GIT_URL depuis MYSECRETS
- install-brain-watch.sh : VPS_WATCH_ROOT + GITEA_BRAIN_URL → MYSECRETS/env
  + validation explicite si BRAIN_GIT_URL absent
- install-brain-bot.sh : WATCH_ROOT + User=tetardtek → VPS_WATCH_ROOT + VPS_SERVICE_USER
  + fallback whoami pour le service systemd

Aucun path ou URL owner hardcodé — tout passe par env ou MYSECRETS.
This commit is contained in:
Tetardtek
2026-03-18 22:15:01 +01:00
parent 60d9cf7332
commit 090fb24642
3 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/brain-watch-vps.sh
View File

@@ -13,7 +13,8 @@
set -euo pipefail set -euo pipefail
WATCH_ROOT="/home/tetardtek/brain-watch" # Configurable — override via env ou MYSECRETS (VPS_WATCH_ROOT=...)
WATCH_ROOT="${VPS_WATCH_ROOT:-$HOME/brain-watch}"
BRAIN_INDEX="$WATCH_ROOT/brain/BRAIN-INDEX.md" BRAIN_INDEX="$WATCH_ROOT/brain/BRAIN-INDEX.md"
NOTIFY="$WATCH_ROOT/brain-notify.sh" NOTIFY="$WATCH_ROOT/brain-notify.sh"
BRAIN_ROOT="$WATCH_ROOT" # pour brain-notify.sh — lit MYSECRETS ici BRAIN_ROOT="$WATCH_ROOT" # pour brain-notify.sh — lit MYSECRETS ici
@@ -23,7 +24,8 @@ LOG_PREFIX="[brain-watch-vps]"
export BRAIN_ROOT export BRAIN_ROOT
if [[ ! -d "$WATCH_ROOT/brain" ]]; then if [[ ! -d "$WATCH_ROOT/brain" ]]; then
echo "$LOG_PREFIX ERREUR : brain non cloné. Lancer : git clone git@git.tetardtek.com:Tetardtek/brain.git $WATCH_ROOT/brain" >&2 BRAIN_GIT_URL="${BRAIN_GIT_URL:-$(grep '^BRAIN_GIT_URL=' "$WATCH_ROOT/MYSECRETS" 2>/dev/null | cut -d= -f2-)}"
echo "$LOG_PREFIX ERREUR : brain non cloné. Lancer : git clone $BRAIN_GIT_URL $WATCH_ROOT/brain" >&2
exit 1 exit 1
fi fi

4
scripts/install-brain-bot.sh
View File

@@ -25,7 +25,7 @@ set -euo pipefail
# Configuration — à adapter si besoin # Configuration — à adapter si besoin
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
WATCH_ROOT="/home/tetardtek/brain-watch" WATCH_ROOT="${VPS_WATCH_ROOT:-$HOME/brain-watch}"
MYSECRETS="$WATCH_ROOT/MYSECRETS" MYSECRETS="$WATCH_ROOT/MYSECRETS"
BOT_PORT=5001 BOT_PORT=5001
BOT_SCRIPT="$WATCH_ROOT/brain-bot.py" BOT_SCRIPT="$WATCH_ROOT/brain-bot.py"
@@ -94,7 +94,7 @@ After=network.target
[Service] [Service]
Type=simple Type=simple
User=tetardtek User=${VPS_SERVICE_USER:-$(whoami)}
WorkingDirectory=${WATCH_ROOT} WorkingDirectory=${WATCH_ROOT}
Environment=BRAIN_WATCH_ROOT=${WATCH_ROOT} Environment=BRAIN_WATCH_ROOT=${WATCH_ROOT}
Environment=BRAIN_BOT_PORT=${BOT_PORT} Environment=BRAIN_BOT_PORT=${BOT_PORT}

9
scripts/install-brain-watch.sh
View File

@@ -13,8 +13,13 @@ TARGET="${1:-both}"
BRAIN_ROOT="${BRAIN_ROOT:-$HOME/Dev/Brain}" BRAIN_ROOT="${BRAIN_ROOT:-$HOME/Dev/Brain}"
VPS_USER="root" VPS_USER="root"
VPS_IP=$(grep '^VPS_IP=' "$BRAIN_ROOT/MYSECRETS" | cut -d= -f2-) VPS_IP=$(grep '^VPS_IP=' "$BRAIN_ROOT/MYSECRETS" | cut -d= -f2-)
VPS_WATCH_ROOT="/home/tetardtek/brain-watch" # Configurable — lues depuis MYSECRETS si non définies en env
GITEA_BRAIN_URL="git@git.tetardtek.com:Tetardtek/brain.git" VPS_WATCH_ROOT="${VPS_WATCH_ROOT:-$(grep '^VPS_WATCH_ROOT=' "$BRAIN_ROOT/MYSECRETS" 2>/dev/null | cut -d= -f2- || echo "/home/$VPS_USER/brain-watch")}"
GITEA_BRAIN_URL="${BRAIN_GIT_URL:-$(grep '^BRAIN_GIT_URL=' "$BRAIN_ROOT/MYSECRETS" 2>/dev/null | cut -d= -f2-)}"
if [[ -z "$GITEA_BRAIN_URL" ]]; then
echo "❌ BRAIN_GIT_URL manquant — ajouter dans MYSECRETS : BRAIN_GIT_URL=git@<host>:<user>/brain.git"
exit 1
fi
install_local() { install_local() {
echo "=== Installation SUPERVISOR local (systemd user) ===" echo "=== Installation SUPERVISOR local (systemd user) ==="