clawdie-ai/docs/internal/scripts/setup-cms-jail.sh

#!/bin/sh
# setup-cms-jail.sh — create the CMS/web jail (nginx + Node 24)
#
# Usage: sudo sh docs/internal/scripts/setup-cms-jail.sh
#
# What it does:
#   1. Create a thin bastille jail at CMS_JAIL_IP (.4)
#   2. Install nginx and Node 24
#   3. Strapi CMS setup is deferred — run separately once CMS is needed

set -e

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
cd "${PROJECT_ROOT}"

env_get() {
  local key="$1" default="$2"
  local val
  val=$(grep -m1 "^${key}=" .env 2>/dev/null | cut -d= -f2- | sed "s/^['\"]//;s/['\"]$//")
  printf '%s' "${val:-$default}"
}

TENANT_ID=$(env_get TENANT_ID "$(env_get AGENT_NAME clawdie)")
SUBNET_BASE=$(env_get AGENT_SUBNET_BASE "$(env_get JAIL_SUBNET_BASE 10.0.1)")
CMS_IP=$(env_get CMS_JAIL_IP "${SUBNET_BASE}.4")
JAIL="cms"
FREEBSD_REL=$(freebsd-version -u | cut -d- -f1,2)

echo "==> CMS jail setup"
echo "    Jail: ${JAIL} @ ${CMS_IP}"
echo ""

# ── 1. Create jail ────────────────────────────────────────────────────────────

if bastille list 2>/dev/null | grep -qw "${JAIL}"; then
  echo "==> Jail ${JAIL} already exists — skipping creation"
else
  echo "==> Creating jail ${JAIL}"
  bastille create "${JAIL}" "${FREEBSD_REL}" "${CMS_IP}"
fi

# ── 2. Install packages ───────────────────────────────────────────────────────

echo "==> Installing nginx and Node 24"
bastille pkg "${JAIL}" install -y nginx node24 npm-node24 ca_root_nss

bastille sysrc "${JAIL}" nginx_enable=YES

echo ""
echo "==> Base CMS jail ready."
echo "    Strapi setup: deferred — run docs/internal/scripts/setup-strapi.sh when needed"
echo "    nginx config: ${JAIL_ROOT}/usr/local/etc/nginx/nginx.conf"