Fix deploy restart hang and Mongo config

.github/workflows/deploy.yml

@@ -32,7 +32,24 @@ jobs:
           username: ${{ secrets.FREEBSD_DEPLOY_USER }}
           key: ${{ secrets.FREEBSD_DEPLOY_SSH_KEY }}
           port: 222
-          script: sudo bastille cmd node sh -c "cd /usr/local/indiekit && su -l indiekit -c 'git pull origin main && npm ci && sudo service indiekit restart'"
+          script: |
+            set -eu
+
+            # Update code and dependencies as indiekit user inside the jail.
+            sudo bastille cmd node sh -lc 'cd /usr/local/indiekit && su -l indiekit -c "git pull origin main && npm ci"'
+
+            # Restart asynchronously to avoid hanging SSH sessions when rc scripts keep stdout open.
+            sudo bastille cmd node sh -lc 'nohup service indiekit restart >/tmp/indiekit-restart.log 2>&1 </dev/null &'
+
+            sleep 3
+
+            if sudo bastille cmd node pgrep -f "indiekit serve" >/dev/null 2>&1; then
+              echo "Indiekit restart triggered and process is running."
+            else
+              echo "Indiekit process not found after restart."
+              sudo bastille cmd node sh -lc 'tail -n 80 /tmp/indiekit-restart.log || true'
+              exit 1
+            fi
       # Optionally reload nginx on web jail
       # - name: Reload nginx
       #   uses: appleboy/ssh-action@v0.1.10

.gitignore

@@ -1,2 +1,3 @@
 .env
 start.sh
+indiekit.config.mjs.orig

README.md

@@ -5,4 +5,10 @@
 - The IndieKit admin is expected to run behind `/admin`.
 - Set `INDIEKIT_ADMIN_URL` to the public admin base URL, including trailing slash (example: `https://blog.giersig.eu/admin/`).
 - Login uses `PASSWORD_SECRET` (bcrypt hash), not `INDIEKIT_PASSWORD`.
-- If no `PASSWORD_SECRET` exists yet, open `/admin/auth/new-password` once to generate it.
+- If no `PASSWORD_SECRET` exists yet, open `/admin/auth/new-password` once to generate it.
+
+## MongoDB
+
+- Preferred: set a full `MONGO_URL` (example: `mongodb://user:pass@host:27017/indiekit?authSource=admin`).
+- If `MONGO_URL` is not set, config builds the URL from `MONGO_USERNAME`, `MONGO_PASSWORD`, `MONGO_HOST`, `MONGO_PORT`, `MONGO_DATABASE`, `MONGO_AUTH_SOURCE`.
+- For `MongoServerError: Authentication failed`, first verify `MONGO_PASSWORD`, then try `MONGO_AUTH_SOURCE=admin`.

indiekit.config.mjs

@@ -4,6 +4,28 @@ const adminUrl = new URL(
   rawAdminUrl.endsWith("/") ? rawAdminUrl : `${rawAdminUrl}/`,
 ).href;
 
+const mongoUsername =
+  process.env.MONGO_USERNAME || process.env.MONGO_USER || "indiekit";
+const mongoPassword = process.env.MONGO_PASSWORD || "";
+const mongoHost = process.env.MONGO_HOST || "10.100.0.20";
+const mongoPort = process.env.MONGO_PORT || "27017";
+const mongoDatabase =
+  process.env.MONGO_DATABASE || process.env.MONGO_DB || "indiekit";
+const mongoAuthSource = process.env.MONGO_AUTH_SOURCE || "";
+const mongoCredentials =
+  mongoUsername && mongoPassword
+    ? `${encodeURIComponent(mongoUsername)}:${encodeURIComponent(
+        mongoPassword,
+      )}@`
+    : "";
+const mongoQuery =
+  mongoCredentials && mongoAuthSource
+    ? `?authSource=${encodeURIComponent(mongoAuthSource)}`
+    : "";
+const mongoUrl =
+  process.env.MONGO_URL ||
+  `mongodb://${mongoCredentials}${mongoHost}:${mongoPort}/${mongoDatabase}${mongoQuery}`;
+
 export default {
   debug: "indiekit:*",
   application: {
@@ -12,7 +34,7 @@ export default {
     authorizationEndpoint: new URL("auth", adminUrl).href,
     introspectionEndpoint: new URL("auth/introspect", adminUrl).href,
     tokenEndpoint: new URL("auth/token", adminUrl).href,
-    mongodbUrl: `mongodb://indiekit:${process.env.MONGO_PASSWORD}@10.100.0.20:27017/indiekit`,
+    mongodbUrl: mongoUrl,
   },
   publication: {
     me: "https://blog.giersig.eu",