AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/server/setup.sh
Petr 485ac0a742 Security fixes: sanitize dev_docs, harden sudoers and config validation 
H1 - Sanitize dev_docs/ for public release:
  - Replace all real employee names with generic placeholders
    (padak->admin1, matejkys->admin2, dasa->admin3, petr->john, etc.)
  - Replace GCP project ID (kids-ai-data-analysis -> your-gcp-project)
  - Replace server hostname (data-broker-for-claude -> your-server)
  - Replace real IP address (34.88.8.46 -> YOUR_SERVER_IP)
  - Replace internal FQDN with placeholder
  - Covers: security.md, server.md, disaster-recovery.md, desktop-app.md,
    session_explore.md, plan-rsync-fix.md, draft/*.md

H3 - webapp-setup.sh: validate sudoers syntax BEFORE copying to /etc/sudoers.d
  - Prevents broken sudo if syntax is invalid
  - Uses install -m 440 for atomic copy with correct permissions

M1 - setup.sh: deploy user created with /usr/sbin/nologin instead of /bin/bash
  - CI/CD service account does not need interactive shell

M2 - config/loader.py: warn on missing env vars, validate webapp_secret_key
  - _resolve_env_refs now logs warnings for unset ${ENV_VAR} references
  - _validate_config checks auth.webapp_secret_key is non-empty
  - Prevents Flask signing sessions with empty secret key

All 118 tests pass.
2026-03-09 08:06:45 +01:00

102 lines
2.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Initial setup script for Data Analyst server
# Run this ONCE on the server to set up the environment
# Must be run as root or with sudo
set -euo pipefail
APP_DIR="/opt/data-analyst"
REPO_URL="${REPO_URL:-https://github.com/your-org/ai-data-analyst.git}"
echo "=== Data Analyst Server Setup ==="
echo ""
# Check if running as root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root (use sudo)"
exit 1
fi
# Install required system packages
echo "Installing required system packages..."
apt-get update -qq
apt-get install -y rsync
echo " rsync installed"
# Create groups
for group in data-ops dataread data-private; do
if ! getent group "$group" > /dev/null 2>&1; then
groupadd "$group"
echo "Created group: $group"
fi
done
# Create deploy user (for CI/CD automated deployment)
if ! id deploy > /dev/null 2>&1; then
useradd -r -m -s /usr/sbin/nologin -G data-ops deploy
echo "Created deploy user"
fi
# Create directory structure
echo "Creating directory structure..."
mkdir -p "${APP_DIR}"/{repo,.venv,logs}
# Check repository
if [[ ! -d "${APP_DIR}/repo/.git" ]]; then
echo "ERROR: Repository not found at ${APP_DIR}/repo"
echo "Please clone it first as deploy user:"
echo " sudo -u deploy git clone \${REPO_URL} ${APP_DIR}/repo"
exit 1
else
echo "Repository found at ${APP_DIR}/repo"
fi
# Create Python virtual environment
echo "Setting up Python virtual environment..."
python3 -m venv "${APP_DIR}/.venv"
source "${APP_DIR}/.venv/bin/activate"
pip install --upgrade pip
pip install -r "${APP_DIR}/repo/requirements.txt"
deactivate
# Install server management scripts
echo "Installing management scripts..."
for script in "${APP_DIR}/repo/server/bin"/*; do
if [[ -f "$script" ]]; then
script_name=$(basename "$script")
cp "$script" "/usr/local/bin/${script_name}"
chmod 755 "/usr/local/bin/${script_name}"
echo " Installed /usr/local/bin/${script_name}"
fi
done
# Set permissions
echo "Setting permissions..."
chown -R root:data-ops "$APP_DIR"
chmod -R 775 "$APP_DIR"
chmod -R g+s "$APP_DIR" # setgid so new files inherit group
# Create deploy log
touch "${APP_DIR}/logs/deploy.log"
chmod 664 "${APP_DIR}/logs/deploy.log"
echo ""
echo "=== Setup Complete ==="
echo ""
echo "Directory structure:"
echo " ${APP_DIR}/repo/ - Git repository"
echo " ${APP_DIR}/.venv/ - Python virtual environment"
echo " ${APP_DIR}/logs/ - Application logs"
echo ""
echo "Management commands installed:"
echo " add-admin - Add server administrator"
echo " add-analyst - Add data analyst"
echo " remove-analyst - Remove user"
echo " list-analysts - List all analysts"
echo ""
echo "Next steps:"
echo " 1. Add admin users to data-ops group:"
echo " usermod -aG data-ops <admin_username>"
echo ""
echo " 2. Set up GitHub Actions deploy key (see .github/workflows/deploy.yml)"
echo ""
Reference in a new issue View git blame Copy permalink