# LetsBe Infrastructure Deployment Scripts

Automated deployment scripts for LetsBe cloud infrastructure. Designed for use with the LetsBe Cloud Orchestrator and SysAdmin Agent.

## Quick Start

### Prerequisites
- SSH key `id_ed25519` in the same directory
- Target server with root access (initial deployment) or stefan user access (subsequent operations)
- DNS A records configured for all required subdomains

### Automated Deployment

**Using JSON config file:**
```bash
./start.sh --config config.json --action all
```

**Using CLI arguments:**
```bash
./start.sh \
  --host 192.168.1.100 \
  --port 22 \
  --password "root_password" \
  --customer acme \
  --domain acme.com \
  --company "Acme Corp" \
  --tools "portainer,n8n,baserow" \
  --action all
```

### Available Actions

| Action | Description |
|--------|-------------|
| `upload` | Upload scripts and configs to server |
| `env` | Run environment variable setup |
| `setup` | Run server setup (packages, Docker, nginx, SSL) |
| `all` | Run complete deployment (upload + env + setup) |

### Script Arguments

**start.sh:**
| Argument | Description |
|----------|-------------|
| `--host` | Server IP address |
| `--port` | SSH port (default: 22) |
| `--password` | SSH password (for root initial setup) |
| `--key` | Path to SSH private key (for stefan access) |
| `--customer` | Customer identifier (lowercase, no spaces) |
| `--domain` | Primary domain |
| `--company` | Company display name |
| `--tools` | Comma-separated tool list or "all" |
| `--skip-ssl` | Skip SSL certificate generation |
| `--config` | Path to JSON config file |
| `--json` | Inline JSON configuration |
| `--action` | Action to perform: upload, env, setup, all |

**setup.sh:**
| Argument | Description |
|----------|-------------|
| `--tools` | Comma-separated list of tools to deploy, or "all" |
| `--skip-ssl` | Skip SSL certificate generation |

## Directory Structure (Server)

```
/opt/letsbe/
    env/        # Centralized .env files: <tool>.env
    stacks/     # Docker compose files per tool
    nginx/      # Nginx config templates
    scripts/    # Maintenance scripts (backups.sh)
    config/     # rclone and other configs
```

## Config File Format

Create `config.json`:
```json
{
  "host": "192.168.1.100",
  "port": 22,
  "password": "initial_root_password",
  "customer": "acme",
  "domain": "acme.com",
  "company_name": "Acme Corp",
  "tools": ["portainer", "n8n", "baserow", "chatwoot"],
  "skip_ssl": false
}
```

See `config.sample.json` for a complete template with all available tools.

## Available Tools

- activepieces, baserow, calcom, chatwoot, diun-watchtower
- documenso, ghost, gitea, gitea-drone, glitchtip, html
- keycloak, librechat, listmonk, minio, n8n, nextcloud
- nocodb, odoo, penpot, portainer, poste, redash
- squidex, stirlingpdf, typebot, umami, uptime-kuma
- windmill, wordpress

## Required DNS Records

Before deployment, create A records pointing to your server IP:
- Root domain and www
- Tool-specific subdomains (see `MANUAL_SETUP.md` for complete list)

## Post-Installation

After automated deployment, some tools require initial admin account setup.
See `MANUAL_SETUP.md` for:
- Admin account creation per tool
- Email server (Poste) configuration
- MinIO S3 storage setup
- Getmail6 configuration for Chatwoot
- SSL certificate management
- Nginx configuration examples

## Security Notes

- Root SSH login is disabled after initial setup
- SSH access via `stefan` user with key-based authentication only
- SSH port: 22022
- Configure B2/rclone credentials separately for backups

## Manual Setup Guide

For detailed manual configuration instructions, tool-specific setup, and troubleshooting, see [MANUAL_SETUP.md](MANUAL_SETUP.md).