feat: ship native boss android console

deployment/Caddyfile

@@ -0,0 +1,9 @@
+boss.hyzq.net {
+  encode zstd gzip
+  reverse_proxy 127.0.0.1:3000
+}
+
+http://106.53.170.158 {
+  encode zstd gzip
+  reverse_proxy 127.0.0.1:3000
+}

deployment/launchd/com.hyzq.boss.local-agent.plist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>Label</key>
+    <string>com.hyzq.boss.local-agent</string>
+    <key>ProgramArguments</key>
+    <array>
+      <string>/bin/zsh</string>
+      <string>-lc</string>
+      <string>cd /Users/kris/code/boss && ./scripts/start-local-agent.sh __BOSS_AGENT_CONFIG__</string>
+    </array>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>KeepAlive</key>
+    <true/>
+    <key>StandardOutPath</key>
+    <string>/tmp/boss-local-agent.out</string>
+    <key>StandardErrorPath</key>
+    <string>/tmp/boss-local-agent.err</string>
+  </dict>
+</plist>

deployment/mail/install-postfix-dovecot.sh

@@ -0,0 +1,142 @@
+#!/bin/bash
+set -euo pipefail
+
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Please run with sudo."
+  exit 1
+fi
+
+export DEBIAN_FRONTEND=noninteractive
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+MAIL_DOMAIN="${BOSS_MAIL_DOMAIN:-boss.hyzq.net}"
+MAILBOX_USER="${BOSS_MAILBOX_USER:-bossmail}"
+MAILBOX_HOME="/home/${MAILBOX_USER}"
+STATE_DIR="/etc/boss-mail"
+TLS_DIR="${STATE_DIR}/tls"
+TLS_CERT_TARGET="${TLS_DIR}/fullchain.pem"
+TLS_KEY_TARGET="${TLS_DIR}/privkey.pem"
+MAILBOX_ENV_FILE="${STATE_DIR}/mailbox.env"
+
+echo "postfix postfix/mailname string ${MAIL_DOMAIN}" | debconf-set-selections
+echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
+
+apt-get update
+apt-get install -y postfix dovecot-core dovecot-imapd mailutils swaks
+
+install -d -m 700 "${STATE_DIR}"
+install -d -m 700 "${TLS_DIR}"
+
+if ! id "${MAILBOX_USER}" >/dev/null 2>&1; then
+  useradd -m -s /usr/sbin/nologin "${MAILBOX_USER}"
+fi
+
+MAILBOX_PASSWORD="${BOSS_MAILBOX_PASSWORD:-}"
+if [[ -z "${MAILBOX_PASSWORD}" && -f "${MAILBOX_ENV_FILE}" ]]; then
+  # shellcheck disable=SC1090
+  source "${MAILBOX_ENV_FILE}"
+  MAILBOX_PASSWORD="${BOSS_MAILBOX_PASSWORD:-${MAILBOX_PASSWORD:-}}"
+fi
+
+if [[ -z "${MAILBOX_PASSWORD}" ]]; then
+  MAILBOX_PASSWORD="$(openssl rand -base64 24 | tr -d '\n=' | cut -c1-20)"
+fi
+
+cat >"${MAILBOX_ENV_FILE}" <<EOF
+BOSS_MAIL_DOMAIN=${MAIL_DOMAIN}
+BOSS_MAILBOX_USER=${MAILBOX_USER}
+BOSS_MAILBOX_PASSWORD=${MAILBOX_PASSWORD}
+EOF
+chmod 600 "${MAILBOX_ENV_FILE}"
+
+echo "${MAILBOX_USER}:${MAILBOX_PASSWORD}" | chpasswd
+
+install -m 755 "${SCRIPT_DIR}/sync-caddy-mail-cert.sh" /usr/local/bin/boss-mail-cert-sync.sh
+cp "${SCRIPT_DIR}/systemd/boss-mail-cert-sync.service" /etc/systemd/system/boss-mail-cert-sync.service
+cp "${SCRIPT_DIR}/systemd/boss-mail-cert-sync.timer" /etc/systemd/system/boss-mail-cert-sync.timer
+
+cat > /etc/dovecot/conf.d/99-boss-mail.conf <<EOF
+protocols = imap
+mail_location = maildir:~/Maildir
+disable_plaintext_auth = yes
+auth_mechanisms = plain login
+ssl = required
+ssl_cert = <${TLS_CERT_TARGET}
+ssl_key = <${TLS_KEY_TARGET}
+
+service auth {
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix
+    group = postfix
+  }
+}
+EOF
+
+postconf -e "myhostname = ${MAIL_DOMAIN}"
+postconf -e "myorigin = /etc/mailname"
+postconf -e "mydestination = \$myhostname, localhost.\$mydomain, localhost, ${MAIL_DOMAIN}"
+postconf -e "inet_interfaces = all"
+postconf -e "inet_protocols = all"
+postconf -e "home_mailbox = Maildir/"
+postconf -e "mailbox_size_limit = 0"
+postconf -e "recipient_delimiter = +"
+postconf -e "alias_maps = hash:/etc/aliases"
+postconf -e "alias_database = hash:/etc/aliases"
+postconf -e "smtpd_tls_cert_file = ${TLS_CERT_TARGET}"
+postconf -e "smtpd_tls_key_file = ${TLS_KEY_TARGET}"
+postconf -e "smtpd_tls_security_level = may"
+postconf -e "smtp_tls_security_level = may"
+postconf -e "smtpd_sasl_auth_enable = yes"
+postconf -e "smtpd_sasl_type = dovecot"
+postconf -e "smtpd_sasl_path = private/auth"
+postconf -e "broken_sasl_auth_clients = yes"
+postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination"
+
+touch /etc/aliases
+ALIASES_TMP="$(mktemp)"
+grep -Ev '^(verify|no-reply|noreply|root|postmaster):|^# BOSS MAIL ALIASES (START|END)$' /etc/aliases > "${ALIASES_TMP}" || true
+echo "postmaster: root" >> "${ALIASES_TMP}"
+cat >> "${ALIASES_TMP}" <<EOF
+root: ${MAILBOX_USER}
+# BOSS MAIL ALIASES START
+verify: ${MAILBOX_USER}
+no-reply: ${MAILBOX_USER}
+noreply: ${MAILBOX_USER}
+# BOSS MAIL ALIASES END
+EOF
+install -m 644 "${ALIASES_TMP}" /etc/aliases
+rm -f "${ALIASES_TMP}"
+newaliases
+
+if ! grep -q "^submission inet" /etc/postfix/master.cf; then
+  cat >> /etc/postfix/master.cf <<'EOF'
+submission inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+smtps     inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/smtps
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+EOF
+fi
+
+touch "${MAILBOX_HOME}/.hushlogin"
+install -d -m 700 -o "${MAILBOX_USER}" -g "${MAILBOX_USER}" "${MAILBOX_HOME}/Maildir"
+install -d -m 700 -o "${MAILBOX_USER}" -g "${MAILBOX_USER}" "${MAILBOX_HOME}/Maildir/cur"
+install -d -m 700 -o "${MAILBOX_USER}" -g "${MAILBOX_USER}" "${MAILBOX_HOME}/Maildir/new"
+install -d -m 700 -o "${MAILBOX_USER}" -g "${MAILBOX_USER}" "${MAILBOX_HOME}/Maildir/tmp"
+
+/usr/local/bin/boss-mail-cert-sync.sh
+
+systemctl daemon-reload
+systemctl enable postfix dovecot boss-mail-cert-sync.timer
+systemctl restart postfix dovecot
+systemctl restart boss-mail-cert-sync.timer
+
+printf 'Boss mail stack installed for %s\n' "${MAIL_DOMAIN}"
+printf 'Mailbox user: %s\n' "${MAILBOX_USER}"
+printf 'Mailbox password file: %s\n' "${MAILBOX_ENV_FILE}"

deployment/mail/sync-caddy-mail-cert.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+set -euo pipefail
+
+MAIL_DOMAIN="${BOSS_MAIL_DOMAIN:-boss.hyzq.net}"
+SOURCE_DIR="${BOSS_MAIL_TLS_SOURCE_DIR:-/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${MAIL_DOMAIN}}"
+SOURCE_CERT="${BOSS_MAIL_TLS_CERT_SOURCE:-${SOURCE_DIR}/${MAIL_DOMAIN}.crt}"
+SOURCE_KEY="${BOSS_MAIL_TLS_KEY_SOURCE:-${SOURCE_DIR}/${MAIL_DOMAIN}.key}"
+TARGET_DIR="${BOSS_MAIL_TLS_TARGET_DIR:-/etc/boss-mail/tls}"
+TARGET_CERT="${TARGET_DIR}/fullchain.pem"
+TARGET_KEY="${TARGET_DIR}/privkey.pem"
+
+if [[ ! -f "${SOURCE_CERT}" || ! -f "${SOURCE_KEY}" ]]; then
+  echo "Missing Caddy TLS assets for ${MAIL_DOMAIN} under ${SOURCE_DIR}" >&2
+  exit 1
+fi
+
+install -d -m 700 "${TARGET_DIR}"
+
+changed=0
+if [[ ! -f "${TARGET_CERT}" ]] || ! cmp -s "${SOURCE_CERT}" "${TARGET_CERT}"; then
+  install -m 644 "${SOURCE_CERT}" "${TARGET_CERT}"
+  changed=1
+fi
+
+if [[ ! -f "${TARGET_KEY}" ]] || ! cmp -s "${SOURCE_KEY}" "${TARGET_KEY}"; then
+  install -m 600 "${SOURCE_KEY}" "${TARGET_KEY}"
+  changed=1
+fi
+
+if [[ "${changed}" -eq 1 ]]; then
+  systemctl restart postfix dovecot
+fi
+
+echo "boss-mail-cert-sync completed"

deployment/mail/systemd/boss-mail-cert-sync.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Sync Boss mail TLS certificate from Caddy
+After=network-online.target caddy.service
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/boss-mail-cert-sync.sh

deployment/mail/systemd/boss-mail-cert-sync.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Periodic Boss mail TLS certificate sync
+
+[Timer]
+OnBootSec=2m
+OnUnitActiveSec=1h
+Unit=boss-mail-cert-sync.service
+
+[Install]
+WantedBy=timers.target

deployment/systemd/boss-web.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Boss Web
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/boss
+Environment=PORT=3000
+Environment=BOSS_AUTH_VERIFICATION_MODE=fixed
+Environment=BOSS_AUTH_FIXED_CODE=000000
+Environment=BOSS_RUNTIME_ROOT=/opt/boss
+Environment=BOSS_STATE_FILE=/opt/boss/data/boss-state.json
+EnvironmentFile=-/opt/boss/.env.server
+ExecStart=/usr/bin/npm start
+Restart=always
+RestartSec=3
+User=ubuntu
+Group=ubuntu
+
+[Install]
+WantedBy=multi-user.target