automated-setup/script/README.md

# LetsBe Infrastructure Deployment Scripts

Automated deployment scripts for LetsBe cloud infrastructure. Designed for use with the LetsBe Cloud Orchestrator and SysAdmin Agent.

## Quick Start

### Prerequisites
- SSH key `id_ed25519` in the same directory
- Target server with root access (initial deployment) or stefan user access (subsequent operations)
- DNS A records configured for all required subdomains

### Automated Deployment

**Using JSON config file:**
```bash
./start.sh --config config.json --action all
```

**Using CLI arguments:**
```bash
./start.sh \
  --host 192.168.1.100 \
  --port 22 \
  --password "root_password" \
  --customer acme \
  --domain acme.com \
  --company "Acme Corp" \
  --tools "portainer,n8n,baserow" \
  --action all
```

### Available Actions

| Action | Description |
|--------|-------------|
| `upload` | Upload scripts and configs to server |
| `env` | Run environment variable setup |
| `setup` | Run server setup (packages, Docker, nginx, SSL) |
| `all` | Run complete deployment (upload + env + setup) |

### Script Arguments

**start.sh:**
| Argument | Description |
|----------|-------------|
| `--host` | Server IP address |
| `--port` | SSH port (default: 22) |
| `--password` | SSH password (for root initial setup) |
| `--key` | Path to SSH private key (for stefan access) |
| `--customer` | Customer identifier (lowercase, no spaces) |
| `--domain` | Primary domain |
| `--company` | Company display name |
| `--tools` | Comma-separated tool list or "all" |
| `--skip-ssl` | Skip SSL certificate generation |
| `--config` | Path to JSON config file |
| `--json` | Inline JSON configuration |
| `--action` | Action to perform: upload, env, setup, all |

**setup.sh:**
| Argument | Description |
|----------|-------------|
| `--tools` | Comma-separated list of tools to deploy, or "all" |
| `--skip-ssl` | Skip SSL certificate generation |

## Directory Structure (Server)

```
/opt/letsbe/
    env/        # Centralized .env files: <tool>.env
    stacks/     # Docker compose files per tool
    nginx/      # Nginx config templates
    scripts/    # Maintenance scripts (backups.sh)
    config/     # rclone and other configs
```

## Config File Format

Create `config.json`:
```json
{
  "host": "192.168.1.100",
  "port": 22,
  "password": "initial_root_password",
  "customer": "acme",
  "domain": "acme.com",
  "company_name": "Acme Corp",
  "tools": ["portainer", "n8n", "baserow", "chatwoot"],
  "skip_ssl": false
}
```

See `config.sample.json` for a complete template with all available tools.

## Available Tools

- activepieces, baserow, calcom, chatwoot, diun-watchtower
- documenso, ghost, gitea, gitea-drone, glitchtip, html
- keycloak, librechat, listmonk, minio, n8n, nextcloud
- nocodb, odoo, penpot, portainer, poste, redash
- squidex, stirlingpdf, typebot, umami, uptime-kuma
- windmill, wordpress

## Required DNS Records

Before deployment, create A records pointing to your server IP:
- Root domain and www
- Tool-specific subdomains (see `MANUAL_SETUP.md` for complete list)

## Post-Installation

After automated deployment, some tools require initial admin account setup.
See `MANUAL_SETUP.md` for:
- Admin account creation per tool
- Email server (Poste) configuration
- MinIO S3 storage setup
- Getmail6 configuration for Chatwoot
- SSL certificate management
- Nginx configuration examples

## Security Notes

- Root SSH login is disabled after initial setup
- SSH access via `stefan` user with key-based authentication only
- SSH port: 22022
- Configure B2/rclone credentials separately for backups

## Manual Setup Guide

For detailed manual configuration instructions, tool-specific setup, and troubleshooting, see [MANUAL_SETUP.md](MANUAL_SETUP.md).
Initial commit: LetsBe automated server setup scripts 2025-12-04 01:00:41 +01:00			`# LetsBe Infrastructure Deployment Scripts`

			`Automated deployment scripts for LetsBe cloud infrastructure. Designed for use with the LetsBe Cloud Orchestrator and SysAdmin Agent.`

			`## Quick Start`

			`### Prerequisites`
			- SSH key `id_ed25519` in the same directory
			`- Target server with root access (initial deployment) or stefan user access (subsequent operations)`
			`- DNS A records configured for all required subdomains`

			`### Automated Deployment`

			`Using JSON config file:`
			```bash
			`./start.sh --config config.json --action all`
			```

			`Using CLI arguments:`
			```bash
			`./start.sh \`
			`--host 192.168.1.100 \`
			`--port 22 \`
			`--password "root_password" \`
			`--customer acme \`
			`--domain acme.com \`
			`--company "Acme Corp" \`
			`--tools "portainer,n8n,baserow" \`
			`--action all`
			```

			`### Available Actions`

			`\| Action \| Description \|`
			`\|--------\|-------------\|`
			\| `upload` \| Upload scripts and configs to server \|
			\| `env` \| Run environment variable setup \|
			\| `setup` \| Run server setup (packages, Docker, nginx, SSL) \|
			\| `all` \| Run complete deployment (upload + env + setup) \|

			`### Script Arguments`

			`start.sh:`
			`\| Argument \| Description \|`
			`\|----------\|-------------\|`
			\| `--host` \| Server IP address \|
			\| `--port` \| SSH port (default: 22) \|
			\| `--password` \| SSH password (for root initial setup) \|
			\| `--key` \| Path to SSH private key (for stefan access) \|
			\| `--customer` \| Customer identifier (lowercase, no spaces) \|
			\| `--domain` \| Primary domain \|
			\| `--company` \| Company display name \|
			\| `--tools` \| Comma-separated tool list or "all" \|
			\| `--skip-ssl` \| Skip SSL certificate generation \|
			\| `--config` \| Path to JSON config file \|
			\| `--json` \| Inline JSON configuration \|
			\| `--action` \| Action to perform: upload, env, setup, all \|

			`setup.sh:`
			`\| Argument \| Description \|`
			`\|----------\|-------------\|`
			\| `--tools` \| Comma-separated list of tools to deploy, or "all" \|
			\| `--skip-ssl` \| Skip SSL certificate generation \|

			`## Directory Structure (Server)`

			```
			`/opt/letsbe/`
			`env/ # Centralized .env files: <tool>.env`
			`stacks/ # Docker compose files per tool`
			`nginx/ # Nginx config templates`
			`scripts/ # Maintenance scripts (backups.sh)`
			`config/ # rclone and other configs`
			```

			`## Config File Format`

			Create `config.json`:
			```json
			`{`
			`"host": "192.168.1.100",`
			`"port": 22,`
			`"password": "initial_root_password",`
			`"customer": "acme",`
			`"domain": "acme.com",`
			`"company_name": "Acme Corp",`
			`"tools": ["portainer", "n8n", "baserow", "chatwoot"],`
			`"skip_ssl": false`
			`}`
			```

			See `config.sample.json` for a complete template with all available tools.

			`## Available Tools`

			`- activepieces, baserow, calcom, chatwoot, diun-watchtower`
			`- documenso, ghost, gitea, gitea-drone, glitchtip, html`
			`- keycloak, librechat, listmonk, minio, n8n, nextcloud`
			`- nocodb, odoo, penpot, portainer, poste, redash`
			`- squidex, stirlingpdf, typebot, umami, uptime-kuma`
			`- windmill, wordpress`

			`## Required DNS Records`

			`Before deployment, create A records pointing to your server IP:`
			`- Root domain and www`
			- Tool-specific subdomains (see `MANUAL_SETUP.md` for complete list)

			`## Post-Installation`

			`After automated deployment, some tools require initial admin account setup.`
			See `MANUAL_SETUP.md` for:
			`- Admin account creation per tool`
			`- Email server (Poste) configuration`
			`- MinIO S3 storage setup`
			`- Getmail6 configuration for Chatwoot`
			`- SSL certificate management`
			`- Nginx configuration examples`

			`## Security Notes`

			`- Root SSH login is disabled after initial setup`
			- SSH access via `stefan` user with key-based authentication only
			`- SSH port: 22022`
			`- Configure B2/rclone credentials separately for backups`

			`## Manual Setup Guide`

			`For detailed manual configuration instructions, tool-specific setup, and troubleshooting, see [MANUAL_SETUP.md](MANUAL_SETUP.md).`