avoid creating unnecessary conf files

2026-06-07 07:55:16 +02:00 · 2026-05-14 13:48:32 +05:30 · 2026-05-14 13:48:32 +05:30 · 0800eb639e
commit 0800eb639e
parent 46abee5294
11 changed files with 179 additions and 124 deletions
--- a/scripts/lib/remote_common.sh
+++ b/scripts/lib/remote_common.sh
@ -56,6 +56,25 @@ dograh_template_path() {
    dograh_fail "Template '$template_name' not found"
 }

+dograh_init_script_path() {
+    local candidate=""
+    local project_dir
+
+    project_dir="$(dograh_project_dir)"
+
+    for candidate in \
+        "$project_dir/scripts/run_dograh_init.sh" \
+        "$DOGRAH_REMOTE_REPO_ROOT/scripts/run_dograh_init.sh"
+    do
+        if [[ -f "$candidate" ]]; then
+            printf '%s\n' "$candidate"
+            return 0
+        fi
+    done
+
+    dograh_fail "run_dograh_init.sh not found"
+}
+
 dograh_load_env_file() {
    local env_file=${1:-.env}

@ -233,6 +252,24 @@ dograh_validate_remote_runtime_env() {
    [[ "${TURN_HOST}" == "${PUBLIC_HOST}" ]] || dograh_fail "TURN_HOST must match PUBLIC_HOST"
 }

+dograh_uses_init_compose_layout() {
+    local project_dir=${1:-$(dograh_project_dir)}
+    local compose_file="$project_dir/docker-compose.yaml"
+
+    [[ -f "$compose_file" ]] || return 1
+    grep -q "dograh-init:" "$compose_file" \
+        && grep -q "nginx-generated:/etc/nginx/conf.d:ro" "$compose_file" \
+        && grep -q "coturn-generated:/etc/coturn:ro" "$compose_file"
+}
+
+dograh_require_init_compose_layout() {
+    local project_dir=${1:-$(dograh_project_dir)}
+
+    if ! dograh_uses_init_compose_layout "$project_dir"; then
+        dograh_fail "This install uses the legacy remote compose layout. Run ./update_remote.sh first so Docker uses dograh-init generated config."
+    fi
+}
+
 dograh_render_remote_nginx_conf() {
    local project_dir=${1:-$(dograh_project_dir)}
    local destination=${2:-"$project_dir/nginx.conf"}
@ -295,41 +332,40 @@ dograh_render_remote_turn_conf() {
    ' "$template" > "$destination"
 }

-dograh_render_remote_configs() {
-    local project_dir=${1:-$(dograh_project_dir)}
-
-    dograh_render_remote_nginx_conf "$project_dir"
-    dograh_render_remote_turn_conf "$project_dir"
-}
-
-dograh_validate_remote_install() {
+dograh_preflight_remote_init_render() {
    local project_dir=${1:-$(dograh_project_dir)}
    local env_file="$project_dir/.env"
-    local nginx_conf="$project_dir/nginx.conf"
-    local turn_conf="$project_dir/turnserver.conf"
    local cert_dir="$project_dir/certs"
+    local init_script=""
+    local tmp_root=""
+    local nginx_conf=""
+    local turn_conf=""
    local nginx_workers=0
    local rendered_secret=""
    local rendered_ip=""
    local rendered_server_name=""

    dograh_load_env_file "$env_file"
-
-    [[ -n "${TURN_SECRET:-}" ]] || dograh_fail "TURN_SECRET is missing from .env"
-    [[ "${FASTAPI_WORKERS:-}" =~ ^[1-9][0-9]*$ ]] || dograh_fail "FASTAPI_WORKERS must be a positive integer"
-    [[ -n "${PUBLIC_HOST:-}" ]] || dograh_fail "PUBLIC_HOST is missing from .env"
-    [[ -n "${PUBLIC_BASE_URL:-}" ]] || dograh_fail "PUBLIC_BASE_URL is missing from .env"
-    dograh_is_ipv4 "${SERVER_IP:-}" || dograh_fail "SERVER_IP must be a valid IPv4 address"
-
-    [[ "${BACKEND_API_ENDPOINT:-}" == "$PUBLIC_BASE_URL" ]] || dograh_fail "BACKEND_API_ENDPOINT must match PUBLIC_BASE_URL"
-    [[ "${MINIO_PUBLIC_ENDPOINT:-}" == "$PUBLIC_BASE_URL" ]] || dograh_fail "MINIO_PUBLIC_ENDPOINT must match PUBLIC_BASE_URL"
-    [[ "${TURN_HOST:-}" == "$PUBLIC_HOST" ]] || dograh_fail "TURN_HOST must match PUBLIC_HOST"
-
-    [[ -f "$nginx_conf" ]] || dograh_fail "nginx.conf not found"
-    [[ -f "$turn_conf" ]] || dograh_fail "turnserver.conf not found"
+    dograh_validate_remote_runtime_env
    [[ -f "$cert_dir/local.crt" ]] || dograh_fail "certs/local.crt not found"
    [[ -f "$cert_dir/local.key" ]] || dograh_fail "certs/local.key not found"

+    init_script="$(dograh_init_script_path)"
+    tmp_root="$(mktemp -d)"
+    nginx_conf="$tmp_root/nginx/default.conf"
+    turn_conf="$tmp_root/coturn/turnserver.conf"
+
+    (
+        export ENVIRONMENT SERVER_IP PUBLIC_HOST PUBLIC_BASE_URL BACKEND_API_ENDPOINT MINIO_PUBLIC_ENDPOINT TURN_HOST TURN_SECRET FASTAPI_WORKERS
+        export DOGRAH_INIT_WORKSPACE_DIR="$project_dir"
+        export DOGRAH_INIT_OUTPUT_ROOT="$tmp_root"
+        export DOGRAH_INIT_CERTS_DIR="$cert_dir"
+        bash "$init_script" >/dev/null
+    )
+
+    [[ -f "$nginx_conf" ]] || dograh_fail "dograh-init did not render nginx config"
+    [[ -f "$turn_conf" ]] || dograh_fail "dograh-init did not render coturn config"
+
    nginx_workers=$(awk '/^[[:space:]]*server api:[0-9]+/ { count += 1 } END { print count + 0 }' "$nginx_conf")
    [[ "$nginx_workers" -eq "$FASTAPI_WORKERS" ]] || dograh_fail "FASTAPI_WORKERS=$FASTAPI_WORKERS but nginx.conf has $nginx_workers upstream servers"

@ -341,6 +377,8 @@ dograh_validate_remote_install() {

    rendered_ip="$(sed -n 's/^external-ip=//p' "$turn_conf" | head -1)"
    [[ "$rendered_ip" == "$SERVER_IP" ]] || dograh_fail "SERVER_IP in .env does not match turnserver.conf"
+
+    rm -rf "$tmp_root"
 }

 dograh_prepare_remote_install() {
@ -348,36 +386,42 @@ dograh_prepare_remote_install() {
    local env_file="$project_dir/.env"

    dograh_sync_remote_env_file "$env_file"
-    dograh_load_env_file "$env_file"
-    dograh_render_remote_configs "$project_dir"
-    dograh_validate_remote_install "$project_dir"
+    dograh_require_init_compose_layout "$project_dir"
+    dograh_preflight_remote_init_render "$project_dir"
+}
+
+dograh_download_bundle_file_for_ref() {
+    local destination=$1
+    local remote_path=$2
+    local ref=${3:-main}
+    local raw_base="https://raw.githubusercontent.com/dograh-hq/dograh/$ref"
+    local fallback_base="https://raw.githubusercontent.com/dograh-hq/dograh/main"
+
+    if ! curl -fsSL -o "$destination" "$raw_base/$remote_path"; then
+        dograh_warn "Warning: '$remote_path' not found at '$ref' - falling back to main"
+        curl -fsSL -o "$destination" "$fallback_base/$remote_path"
+    fi
+}
+
+dograh_download_init_support_bundle() {
+    local project_dir=$1
+    local ref=${2:-main}
+
+    mkdir -p "$project_dir/scripts/lib" "$project_dir/deploy/templates"
+
+    mkdir -p "$project_dir/scripts"
+    dograh_download_bundle_file_for_ref "$project_dir/scripts/lib/remote_common.sh" "scripts/lib/remote_common.sh" "$ref"
+    dograh_download_bundle_file_for_ref "$project_dir/scripts/run_dograh_init.sh" "scripts/run_dograh_init.sh" "$ref"
+    chmod +x "$project_dir/scripts/run_dograh_init.sh"
+    dograh_download_bundle_file_for_ref "$project_dir/deploy/templates/nginx.remote.conf.template" "deploy/templates/nginx.remote.conf.template" "$ref"
+    dograh_download_bundle_file_for_ref "$project_dir/deploy/templates/turnserver.remote.conf.template" "deploy/templates/turnserver.remote.conf.template" "$ref"
 }

 dograh_download_remote_support_bundle() {
    local project_dir=$1
    local ref=${2:-main}
-    local raw_base="https://raw.githubusercontent.com/dograh-hq/dograh/$ref"
-    local fallback_base="https://raw.githubusercontent.com/dograh-hq/dograh/main"

-    dograh_download_bundle_file() {
-        local destination=$1
-        local remote_path=$2
-
-        if ! curl -fsSL -o "$destination" "$raw_base/$remote_path"; then
-            dograh_warn "Warning: '$remote_path' not found at '$ref' - falling back to main"
-            curl -fsSL -o "$destination" "$fallback_base/$remote_path"
-        fi
-    }
-
-    mkdir -p "$project_dir/scripts/lib" "$project_dir/deploy/templates"
-
-    dograh_download_bundle_file "$project_dir/remote_up.sh" "remote_up.sh"
+    dograh_download_bundle_file_for_ref "$project_dir/remote_up.sh" "remote_up.sh" "$ref"
    chmod +x "$project_dir/remote_up.sh"
-
-    mkdir -p "$project_dir/scripts"
-    dograh_download_bundle_file "$project_dir/scripts/lib/remote_common.sh" "scripts/lib/remote_common.sh"
-    dograh_download_bundle_file "$project_dir/scripts/run_dograh_init.sh" "scripts/run_dograh_init.sh"
-    chmod +x "$project_dir/scripts/run_dograh_init.sh"
-    dograh_download_bundle_file "$project_dir/deploy/templates/nginx.remote.conf.template" "deploy/templates/nginx.remote.conf.template"
-    dograh_download_bundle_file "$project_dir/deploy/templates/turnserver.remote.conf.template" "deploy/templates/turnserver.remote.conf.template"
+    dograh_download_init_support_bundle "$project_dir" "$ref"
 }
--- a/scripts/setup_custom_domain.sh
+++ b/scripts/setup_custom_domain.sh
@ -105,6 +105,8 @@ if [[ ! -f remote_up.sh || ! -f scripts/lib/remote_common.sh ]]; then
    dograh_download_remote_support_bundle "$(pwd)" "main"
 fi

+dograh_require_init_compose_layout "$(pwd)"
+
 if docker compose --profile remote ps --quiet 2>/dev/null | grep -q .; then
    docker compose --profile remote down
    echo -e "${GREEN}✓ Dograh services stopped${NC}"
@ -172,7 +174,7 @@ chmod 644 certs/local.crt certs/local.key
 echo -e "${GREEN}✓${NC} Certificates copied to certs/ directory"
 echo ""

-echo -e "${BLUE}[5/7] Updating canonical remote settings and regenerating config...${NC}"
+echo -e "${BLUE}[5/7] Updating canonical remote settings and validating init-based config...${NC}"
 dograh_load_env_file .env

 if [[ -z "${SERVER_IP:-}" ]]; then
@ -186,7 +188,7 @@ dograh_set_env_key .env PUBLIC_HOST "$DOMAIN_NAME"
 dograh_set_env_key .env PUBLIC_BASE_URL "https://$DOMAIN_NAME"
 dograh_delete_env_key .env BACKEND_URL
 dograh_prepare_remote_install "$(pwd)"
-echo -e "${GREEN}✓ .env synchronized and remote config regenerated${NC}"
+echo -e "${GREEN}✓ .env synchronized and init-based config validated${NC}"

 echo -e "${BLUE}[6/7] Setting up automatic certificate renewal...${NC}"
 DOGRAH_PATH="$(pwd)"
@ -228,8 +230,6 @@ echo -e "  Auto-renewal: Enabled (certificates renew automatically)"
 echo ""
 echo -e "${YELLOW}Files modified:${NC}"
 echo "  - dograh/.env (canonical public host/base URL updated)"
-echo "  - dograh/nginx.conf (re-rendered from shared template)"
-echo "  - dograh/turnserver.conf (re-rendered from shared template)"
 echo "  - dograh/certs/local.crt (SSL certificate)"
 echo "  - dograh/certs/local.key (SSL private key)"
 echo "  - /etc/letsencrypt/renewal-hooks/deploy/dograh-reload.sh (renewal hook)"
--- a/scripts/setup_local.sh
+++ b/scripts/setup_local.sh
@ -8,6 +8,26 @@ YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color

+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+LIB_PATH="$SCRIPT_DIR/lib/remote_common.sh"
+BOOTSTRAP_LIB=""
+
+if [[ ! -f "$LIB_PATH" ]]; then
+    BOOTSTRAP_LIB="$(mktemp)"
+    curl -fsSL -o "$BOOTSTRAP_LIB" "https://raw.githubusercontent.com/dograh-hq/dograh/main/scripts/lib/remote_common.sh"
+    LIB_PATH="$BOOTSTRAP_LIB"
+fi
+
+cleanup() {
+    if [[ -n "$BOOTSTRAP_LIB" ]]; then
+        rm -f "$BOOTSTRAP_LIB"
+    fi
+}
+trap cleanup EXIT
+
+# shellcheck disable=SC1090
+. "$LIB_PATH"
+
 echo -e "${BLUE}"
 echo "╔══════════════════════════════════════════════════════════════╗"
 echo "║                    Dograh Local Setup                        ║"
@ -99,52 +119,26 @@ echo ""

 # Download compose file (skip when DOGRAH_SKIP_DOWNLOAD=1 — e.g. local repo testing).
 TOTAL_STEPS=2
-if [[ "$ENABLE_COTURN" == "true" ]]; then
-    TOTAL_STEPS=3
-fi

 if [[ "$DOGRAH_SKIP_DOWNLOAD" != "1" ]]; then
-    echo -e "${BLUE}[1/$TOTAL_STEPS] Downloading docker-compose.yaml...${NC}"
+    if [[ "$ENABLE_COTURN" == "true" ]]; then
+        echo -e "${BLUE}[1/$TOTAL_STEPS] Downloading docker-compose.yaml and TURN helper bundle...${NC}"
+    else
+        echo -e "${BLUE}[1/$TOTAL_STEPS] Downloading docker-compose.yaml...${NC}"
+    fi
    curl -sS -o docker-compose.yaml https://raw.githubusercontent.com/dograh-hq/dograh/main/docker-compose.yaml
-    echo -e "${GREEN}✓ docker-compose.yaml downloaded${NC}"
+    if [[ "$ENABLE_COTURN" == "true" ]]; then
+        dograh_download_init_support_bundle "$(pwd)" "main"
+    fi
+    echo -e "${GREEN}✓ Deployment files downloaded${NC}"
 else
    echo -e "${BLUE}[1/$TOTAL_STEPS] Using docker-compose.yaml in current directory${NC}"
 fi

-# Generate turnserver.conf if coturn is enabled
 if [[ "$ENABLE_COTURN" == "true" ]]; then
-    echo -e "${BLUE}[2/$TOTAL_STEPS] Creating TURN server configuration...${NC}"
-    cat > turnserver.conf << TURN_EOF
-# Coturn TURN Server - Docker Configuration (local)
-# Auto-generated by setup_local.sh
-
-# Listener ports
-listening-port=3478
-tls-listening-port=5349
-
-# Relay port range
-min-port=49152
-max-port=49200
-
-# Network - external IP for NAT traversal
-external-ip=$TURN_HOST
-
-# Realm
-realm=dograh.com
-
-# Authentication (TURN REST API with time-limited credentials)
-use-auth-secret
-static-auth-secret=$TURN_SECRET
-
-# Security
-fingerprint
-no-cli
-no-multicast-peers
-
-# Logging
-log-file=stdout
-TURN_EOF
-    echo -e "${GREEN}✓ turnserver.conf created${NC}"
+    [[ -f scripts/run_dograh_init.sh ]] || dograh_fail "scripts/run_dograh_init.sh not found. Re-run setup_local.sh without DOGRAH_SKIP_DOWNLOAD=1, or use a full repo checkout."
+    [[ -f scripts/lib/remote_common.sh ]] || dograh_fail "scripts/lib/remote_common.sh not found. Re-run setup_local.sh without DOGRAH_SKIP_DOWNLOAD=1, or use a full repo checkout."
+    [[ -f deploy/templates/turnserver.remote.conf.template ]] || dograh_fail "deploy/templates/turnserver.remote.conf.template not found. Re-run setup_local.sh without DOGRAH_SKIP_DOWNLOAD=1, or use a full repo checkout."
 fi

 # Generate .env
@ -182,7 +176,9 @@ echo -e "Files created in ${BLUE}$(pwd)${NC}:"
 echo "  - docker-compose.yaml"
 echo "  - .env"
 if [[ "$ENABLE_COTURN" == "true" ]]; then
-    echo "  - turnserver.conf"
+    echo "  - scripts/run_dograh_init.sh"
+    echo "  - scripts/lib/remote_common.sh"
+    echo "  - deploy/templates/"
 fi
 echo ""
 if [[ "$ENABLE_COTURN" == "true" ]]; then
--- a/scripts/setup_remote.sh
+++ b/scripts/setup_remote.sh
@ -162,7 +162,7 @@ if [[ "${DOGRAH_FORCE_OVERWRITE:-}" != "1" && "${DOGRAH_SKIP_DOWNLOAD:-}" != "1"
        echo -e "${RED}Refusing to continue - re-running setup would:${NC}"
        echo -e "${RED}  - overwrite .env (invalidates sessions, breaks TURN auth)${NC}"
        echo -e "${RED}  - regenerate SSL certificates${NC}"
-        echo -e "${RED}  - replace generated nginx.conf and turnserver.conf${NC}"
+        echo -e "${RED}  - replace the validated remote deployment bundle${NC}"
        echo ""
        echo -e "${BLUE}To upgrade an existing install, follow:${NC}"
        echo -e "  ${BLUE}https://docs.dograh.com/deployment/update${NC}"
@ -279,9 +279,9 @@ FASTAPI_WORKERS=$FASTAPI_WORKERS
 ENV_EOF
 echo -e "${GREEN}✓ .env file created${NC}"

-echo -e "${BLUE}[5/$TOTAL] Rendering and validating remote config...${NC}"
+echo -e "${BLUE}[5/$TOTAL] Validating remote init configuration...${NC}"
 dograh_prepare_remote_install "$(pwd)"
-echo -e "${GREEN}✓ Remote config rendered and validated${NC}"
+echo -e "${GREEN}✓ Remote init configuration validated${NC}"

 if [[ "$DEPLOY_MODE" == "build" ]]; then
    echo -e "${BLUE}[6/$TOTAL] Creating docker-compose.override.yaml...${NC}"
@ -319,8 +319,8 @@ if [[ "$DEPLOY_MODE" == "build" ]]; then
    echo "  - docker-compose.override.yaml  (build directives)"
 fi
 echo "  - remote_up.sh"
-echo "  - nginx.conf"
-echo "  - turnserver.conf"
+echo "  - scripts/run_dograh_init.sh"
+echo "  - deploy/templates/"
 echo "  - generate_certificate.sh"
 echo "  - certs/local.crt"
 echo "  - certs/local.key"
--- a/scripts/update_remote.sh
+++ b/scripts/update_remote.sh
@ -34,7 +34,7 @@ TIMESTAMP=$(date +%Y%m%d-%H%M%S)
 echo -e "${BLUE}"
 echo "╔══════════════════════════════════════════════════════════════╗"
 echo "║                  Dograh Remote Update                        ║"
-echo "║    Refresh deployment files and re-render remote config      ║"
+echo "║  Refresh deployment files and validate runtime config        ║"
 echo "╚══════════════════════════════════════════════════════════════╝"
 echo -e "${NC}"

@ -169,9 +169,11 @@ echo ""
 echo -e "${YELLOW}Files that will be replaced (backups saved with suffix .bak.$TIMESTAMP):${NC}"
 echo "  - docker-compose.yaml   (pulled from GitHub at $TARGET_VERSION)"
 echo "  - remote_up.sh          (startup wrapper / preflight)"
-echo "  - nginx.conf            (re-rendered from shared templates)"
-echo "  - turnserver.conf       (re-rendered from shared templates)"
+echo "  - scripts/run_dograh_init.sh"
+echo "  - scripts/lib/remote_common.sh"
+echo "  - deploy/templates/*.template"
 echo "  - .env                  (canonical remote keys synchronized)"
+echo "  - legacy nginx.conf / turnserver.conf backups will be kept if those files still exist"
 echo ""

 if [[ -t 0 && "${DOGRAH_UPDATE_YES:-}" != "1" ]]; then
@ -184,8 +186,19 @@ fi

 echo ""
 echo -e "${BLUE}[1/3] Backing up existing files...${NC}"
-for f in docker-compose.yaml nginx.conf turnserver.conf .env remote_up.sh; do
+for f in \
+    docker-compose.yaml \
+    nginx.conf \
+    turnserver.conf \
+    .env \
+    remote_up.sh \
+    scripts/run_dograh_init.sh \
+    scripts/lib/remote_common.sh \
+    deploy/templates/nginx.remote.conf.template \
+    deploy/templates/turnserver.remote.conf.template
+do
    if [[ -f "$f" ]]; then
+        mkdir -p "$(dirname "$f")"
        cp -p "$f" "$f.bak.$TIMESTAMP"
        echo -e "  ${GREEN}✓ $f → $f.bak.$TIMESTAMP${NC}"
    fi
@ -194,6 +207,7 @@ done
 echo -e "${BLUE}[2/3] Downloading deployment bundle at $TARGET_VERSION...${NC}"
 curl -fsSL -o docker-compose.yaml "$RAW_BASE/docker-compose.yaml"
 dograh_download_remote_support_bundle "$(pwd)" "$TARGET_VERSION"
+rm -f nginx.conf turnserver.conf

 if [[ -n "$IMAGE_TAG" ]]; then
    sed -i.tmp -E "s#(dograh-(api|ui)):latest#\1:$IMAGE_TAG#g" docker-compose.yaml
@ -203,11 +217,11 @@ else
    dograh_success "✓ docker-compose.yaml updated (image tags left at :latest)"
 fi

-echo -e "${BLUE}[3/3] Synchronizing environment and regenerating remote config...${NC}"
+echo -e "${BLUE}[3/3] Synchronizing environment and validating init-based remote config...${NC}"
 dograh_set_env_key .env FASTAPI_WORKERS "$FASTAPI_WORKERS"
 dograh_prepare_remote_install "$(pwd)"
 docker compose config -q
-dograh_success "✓ Remote config rendered and validated"
+dograh_success "✓ Remote init configuration validated"

 echo ""
 echo -e "${GREEN}╔══════════════════════════════════════════════════════════════╗${NC}"
@ -222,7 +236,7 @@ echo -e "  ${BLUE}./remote_up.sh${NC}"
 echo ""
 echo -e "${YELLOW}To roll back, restore the backups and re-run the wrapper:${NC}"
 echo ""
-echo -e "  ${BLUE}for f in docker-compose.yaml nginx.conf turnserver.conf .env remote_up.sh; do${NC}"
+echo -e "  ${BLUE}for f in docker-compose.yaml nginx.conf turnserver.conf .env remote_up.sh scripts/run_dograh_init.sh scripts/lib/remote_common.sh deploy/templates/nginx.remote.conf.template deploy/templates/turnserver.remote.conf.template; do${NC}"
 echo -e "  ${BLUE}  [[ -f \"\$f.bak.$TIMESTAMP\" ]] && cp \"\$f.bak.$TIMESTAMP\" \"\$f\"${NC}"
 echo -e "  ${BLUE}done${NC}"
 echo -e "  ${BLUE}./remote_up.sh${NC}"