Initial infra attempt

infra/startup.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# Runs once on first VM boot. Installs Docker, Docker Compose, and Caddy.
+set -euxo pipefail
+
+# ── Docker ────────────────────────────────────────────────────────────────────
+apt-get update -y
+apt-get install -y ca-certificates curl gnupg lsb-release
+
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
+  https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
+  > /etc/apt/sources.list.d/docker.list
+
+apt-get update -y
+apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+systemctl enable docker
+systemctl start docker
+
+# Allow drb user to run docker
+usermod -aG docker drb 2>/dev/null || true
+
+# ── Caddy (reverse proxy + auto TLS) ─────────────────────────────────────────
+apt-get install -y debian-keyring debian-archive-keyring apt-transport-https
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
+  | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
+  > /etc/apt/sources.list.d/caddy-stable.list
+apt-get update -y
+apt-get install -y caddy
+
+# ── App directory — clone repo so CI can git pull + docker compose up ─────────
+apt-get install -y git
+mkdir -p /opt/drb
+# Repo is cloned here by initial setup; CI just git pulls and rebuilds.
+# Set safe directory for the drb user
+git config --global --add safe.directory /opt/drb
+chown -R drb:drb /opt/drb 2>/dev/null || true
+
+# ── Caddyfile placeholder (CI will write the real one on first deploy) ────────
+cat > /etc/caddy/Caddyfile <<'CADDY'
+# This file is managed by CI. Do not edit manually.
+# It will be replaced on the first deployment.
+:80 {
+  respond "DRB server — waiting for deployment" 200
+}
+CADDY
+
+systemctl enable caddy
+systemctl reload caddy
+
+echo "Startup complete."