#!/bin/bash # Methods library for lemmy — sourced by install-lemmy.sh and generated run-*.sh scripts. # SCRIPT_DIR must be set before sourcing. _kubectl() { if command -v kubectl >/dev/null 2>&1; then command kubectl "$@" elif command -v k0s >/dev/null 2>&1; then k0s kubectl "$@" else echo "ERROR: no kubectl or k0s binary found" >&2; exit 127 fi } _require_env() { local var="$1" if [ -z "${!var:-}" ]; then echo "ERROR: required variable $var is not set" >&2; exit 1 fi } _wait_for_pod() { local timeout="${1:-300}" # Wait for lemmy-proxy (nginx) — the external-facing deployment _kubectl wait pod \ --namespace "$LEMMY_NAMESPACE" \ --selector "app.kubernetes.io/name=lemmy-proxy" \ --for=condition=Ready \ --timeout="${timeout}s" } _pg_namespace() { echo "core-data"; } _pg_pod() { _kubectl get pod --namespace "$(_pg_namespace)" \ --selector "app.kubernetes.io/name=postgresql" \ -o jsonpath='{.items[0].metadata.name}' 2>/dev/null } # ── Manifest plan helpers ───────────────────────────────────────────────────── _plan_apply() { local file="$1" local path="$SCRIPT_DIR/manifests/${file}.yaml" [ -f "$path" ] || { echo " [skip] ${file}.yaml not in manifests/"; return 0; } _kubectl apply -f "$path" } _plan_apply_skip() { local file="$1" local path="$SCRIPT_DIR/manifests/${file}.yaml" [ -f "$path" ] || { echo " [skip] ${file}.yaml not in manifests/"; return 0; } if _kubectl get -f "$path" >/dev/null 2>&1; then echo " [skip] ${file} already exists in cluster" return 0 fi _kubectl apply -f "$path" } _plan_rollout_restart() { local file="$1" local path="$SCRIPT_DIR/manifests/${file}.yaml" [ -f "$path" ] || { echo " [skip] ${file}.yaml not in manifests/"; return 0; } _kubectl rollout restart -f "$path" } _plan_delete() { local file="$1" local path="$SCRIPT_DIR/manifests/${file}.yaml" [ -f "$path" ] || { echo " [skip] ${file}.yaml not in manifests/"; return 0; } _kubectl delete -f "$path" --ignore-not-found } # shellcheck source=lib/gateway-tls.sh source "${SCRIPT_DIR}/lib/gateway-tls.sh" _method_patch-gateway-https() { _lib_gateway_patch_https \ "${TLS_HOOK_GATEWAY_NAME:-libre-wuji}" \ "${TLS_HOOK_GATEWAY_NS:-kube-system}" \ "${TLS_HOOK_LISTENER_NAME}" \ "${TLS_HOOK_DOMAIN}" \ "${TLS_HOOK_TLS_SECRET}" \ "${TLS_HOOK_NAMESPACE}" } _method_remove-gateway-https() { _lib_gateway_remove_https \ "${TLS_HOOK_GATEWAY_NAME:-libre-wuji}" \ "${TLS_HOOK_GATEWAY_NS:-kube-system}" \ "${TLS_HOOK_LISTENER_NAME}" } # ── Component methods ───────────────────────────────────────────────────────── _method_create-credentials() { [ -f "${SCRIPT_DIR}/_credentials.env" ] && set -a && source "${SCRIPT_DIR}/_credentials.env" && set +a _require_env LEMMY_DB_PASSWORD _require_env LEMMY_ADMIN_PASSWORD _require_env PICTRS_API_KEY _kubectl create secret generic "${LEMMY_NAME}-credentials" \ --namespace "$LEMMY_NAMESPACE" \ --from-literal=LEMMY_DB_PASSWORD="$LEMMY_DB_PASSWORD" \ --from-literal=LEMMY_ADMIN_PASSWORD="$LEMMY_ADMIN_PASSWORD" \ --from-literal=PICTRS_API_KEY="$PICTRS_API_KEY" \ --dry-run=client -o yaml | _kubectl apply -f - echo " [ok] credentials secret '${LEMMY_NAME}-credentials' created in ${LEMMY_NAMESPACE}" } _method_init-db() { [ -f "${SCRIPT_DIR}/_credentials.env" ] && set -a && source "${SCRIPT_DIR}/_credentials.env" && set +a _require_env LEMMY_DB_PASSWORD local pg_ns pg_pod db_user safe_pw safe_usr safe_db pg_ns=$(_pg_namespace) pg_pod=$(_pg_pod) [ -z "$pg_pod" ] && { echo " [error] no postgresql pod found in namespace $pg_ns" >&2; exit 1; } db_user="${LEMMY_DB_USER:-lemmy}" safe_pw="${LEMMY_DB_PASSWORD//\'/\'\'}" safe_usr="${db_user//\'/\'\'}" safe_db="${LEMMY_DB_NAME:-lemmy}" safe_db="${safe_db//\'/\'\'}" _kubectl exec -i --namespace "$pg_ns" "$pg_pod" -- psql -U postgres </dev/null || true) if [ "${db_exists}" != "1" ]; then _kubectl exec --namespace "$pg_ns" "$pg_pod" -- \ psql -U postgres -c \ "CREATE DATABASE \"${safe_db}\" WITH OWNER \"${safe_usr}\" ENCODING 'UTF8' LC_COLLATE 'C' LC_CTYPE 'C' TEMPLATE template0" echo " [ok] database '${safe_db}' created" else echo " [skip] database '${safe_db}' already exists" fi _kubectl exec --namespace "$pg_ns" "$pg_pod" -- \ psql -U postgres -d "${safe_db}" -c \ "GRANT ALL ON SCHEMA public TO \"${safe_usr}\"" echo " [ok] postgresql role '${safe_usr}' and database '${safe_db}' ensured" } _method_create-configmaps() { [ -f "${SCRIPT_DIR}/_credentials.env" ] && set -a && source "${SCRIPT_DIR}/_credentials.env" && set +a _require_env LEMMY_DB_PASSWORD _require_env PICTRS_API_KEY local db_host="${LEMMY_DB_HOST:-}" local db_port="${LEMMY_DB_PORT:-5432}" local db_user="${LEMMY_DB_USER:-lemmy}" local db_name="${LEMMY_DB_NAME:-lemmy}" local ns="${LEMMY_NAMESPACE:-lemmy}" local domain="${LEMMY_DOMAIN:-}" local hjson hjson=$(cat </dev/null 2>&1; then hcloud volume enable-protection "$pv_name" delete 2>/dev/null \ && echo " [ok] volume '${pv_name}' protected" \ || echo " [warn] hcloud protect failed — run manually: hcloud volume enable-protection ${pv_name} delete" else echo " [warn] hcloud CLI not found — skip volume protection for '${pv_name}'" fi }