initial import of https://git.mat.services/mat/fly-apps

.gitignore

@@ -0,0 +1,2 @@
+.nvimlog
+*.priv.*

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "tailscale-exit"]
+	path = tailscale-exit
+	url = https://github.com/patte/fly-tailscale-exit.git

burd.me/fly.toml

@@ -0,0 +1,21 @@
+# fly.toml app configuration file generated for burd-infra-ghost on 2023-09-18T10:15:44-04:00
+#
+# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
+#
+
+app = "burd-infra-ghost"
+primary_region = "sea"
+
+[build]
+  image = "ghost:5-alpine"
+
+[http_service]
+  internal_port = 2368
+  force_https = true
+  auto_stop_machines = true
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ["app"]
+[mounts]
+source="ghost_data"
+destination="/var/lib/ghost/content"

burd.me/ghost-fly.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# https://www.autodidacts.io/host-a-ghost-blog-free-on-fly-io/
+
+set -euo pipefail
+set -x
+
+#read -p "Enter App Name: " appname </dev/tty &&
+appname="burd-infra-ghost"
+
+# Inspect script first if you are leery of pipe-to-bash
+command -v flyctl >/dev/null 2>&1 || { echo >&2 "Fly CLI required and not found. Installing..."; curl -L https://fly.io/install.sh | sh; }
+
+# This will open a browser, where you can enter a username and password, and your credit card (which is required even for free tier, for fraud prevention).
+flyctl auth signup
+
+# Create a directory for the project and enter it, since the next command will output a file
+#mkdir ghost-flyio && cd ghost-flyio
+
+# Create an app -- using Ghost Dockerfile, Seattle region, and app name prompted for earlier -- but don't deploy it
+flyctl launch --name $appname --image=ghost:5-alpine --region sea --no-deploy --org personal
+
+# Provision a volume for Ghost's content and SQLite Database.
+# Size can be up to 3GB and still fit in the free plan, but 1GB will be enough for starters.
+flyctl volumes create ghost_data --region sea --size 3 -a $appname --auto-confirm
+
+# Update the port to Ghost's default (2368)
+sed -i 's/internal_port = 8080/internal_port = 2368/g' fly.toml
+
+# Append info about where to find the persistent storage to fly.toml
+cat >> fly.toml << BLOCK
+[mounts]
+source="ghost_data"
+destination="/var/lib/ghost/content"
+BLOCK
+
+# Set Ghost url
+flyctl secrets set url=https://$appname.fly.dev
+
+# Since we're using SQLite, we need to set ghost to run in development mode
+flyctl secrets set -a $appname NODE_ENV=development
+
+# Put the SQLite DB somewhere where it doesn't get overwritten on redeploy...
+fly secrets set database__connection__filename=/var/lib/ghost/content/data/ghost-dev.db
+
+# Boom! We're airborne.
+flyctl deploy
+

docker/Dockerfile

@@ -0,0 +1,14 @@
+FROM docker:dind
+
+RUN apk add bash ip6tables pigz sysstat procps lsof gcompat
+
+COPY etc/docker/daemon.json /etc/docker/daemon.json
+
+COPY ./entrypoint ./entrypoint
+COPY ./docker-entrypoint.d/* ./docker-entrypoint.d/
+
+ENV DOCKER_TMPDIR=/data/docker/tmp
+
+ENTRYPOINT ["./entrypoint"]
+
+CMD ["dockerd", "-p", "/var/run/docker.pid"]

docker/README.md

@@ -0,0 +1,26 @@
+# Fly Docker Daemon
+
+This deploys a Docker Daemon running on Fly.io which you can used to offload builds and other tasks to a Fly app running in a city near you.
+
+## Installation
+
+1. Clone this repository
+1. `fly launch`, follow the prompts
+1. Select `n` when it asks if you want to deploy
+1. Create a volume in a region of your choice: `fly volumes create data --size 50 --region ord`
+1. Deploy
+
+## Get Connected
+
+1. Create a WireGuard peer with `fly wireguard create`
+1. Setup WireGuard with generated config
+1. `fly ips private` to get the IP of your Daemon
+1. Set the `DOCKER_HOST` env variable using that IP:
+    ```
+    export DOCKER_HOST=tcp://[fdaa:0:5d2:a7b:81:0:26d4:2]:2375
+    ```
+
+# Final Step
+
+1. Delete the Docker Engine from your local system.
+1. You probably want to scale your remote Daemon: `fly scale vm dedicated-cpu-2x`

docker/docker-entrypoint.d/docker

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+echo "Setting up Docker data directory"
+mkdir -p /data/docker
+
+echo "Configuring ipv6 for docker"
+ip6tables -t nat -A POSTROUTING -s 2001:db8:1::/64 ! -o docker0 -j MASQUERADE
+
+echo "Done setting up docker!"

docker/docker-entrypoint.d/sysctl

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -e
+
+echo "Allowing ipv6 forwarding via sysctl"
+sysctl net.ipv6.conf.default.forwarding=1
+sysctl net.ipv6.conf.all.forwarding=1
+
+echo "General sysctl tweaks"
+sysctl vm.swappiness=0
+sysctl vm.dirty_ratio=6
+sysctl vm.dirty_background_ratio=3
+
+# Default Socket Receive Buffer
+sysctl net.core.rmem_default=31457280
+
+# Maximum Socket Receive Buffer
+sysctl net.core.rmem_max=33554432
+
+# Default Socket Send Buffer
+sysctl net.core.wmem_default=31457280
+
+# Maximum Socket Send Buffer
+sysctl net.core.wmem_max=33554432
+
+# Increase number of incoming connections
+sysctl net.core.somaxconn=65535
+
+# Increase number of incoming connections backlog
+sysctl net.core.netdev_max_backlog=65536
+
+# Increase the maximum amount of option memory buffers
+sysctl net.core.optmem_max=25165824
+
+# Increase the maximum total buffer-space allocatable
+# This is measured in units of pages (4096 bytes)
+sysctl "net.ipv4.tcp_mem=786432 1048576 26777216"
+sysctl "net.ipv4.udp_mem=65536 131072 262144"
+
+# Increase the read-buffer space allocatable
+sysctl "net.ipv4.tcp_rmem=8192 87380 33554432"
+sysctl net.ipv4.udp_rmem_min=16384
+
+# Increase the write-buffer-space allocatable
+sysctl "net.ipv4.tcp_wmem=8192 65536 33554432"
+sysctl net.ipv4.udp_wmem_min=16384

docker/entrypoint

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+if [[ -d "docker-entrypoint.d" ]]
+then
+echo "Running docker-entrypoint.d files"
+/bin/run-parts docker-entrypoint.d
+fi
+
+echo "Running $@"
+
+exec "$@"

docker/etc/docker/daemon.json

@@ -0,0 +1,27 @@
+{
+    "data-root": "/data/docker",
+    "experimental": true,
+    "ipv6": true,
+    "ip6tables": true,
+    "fixed-cidr-v6": "2001:db8:1::/64",
+    "default-address-pools": [
+        {
+            "base": "10.100.0.1/16",
+            "size": 24
+        }
+    ],
+    "debug": true,
+    "log-level": "debug",
+    "features": {
+        "buildkit": false
+    },
+    "hosts": [
+        "unix:///var/run/docker.sock",
+        "tcp://[::]:2375"
+    ],
+    "mtu": 1400,
+    "max-concurrent-downloads": 10,
+    "max-concurrent-uploads": 5,
+    "metrics-addr": "0.0.0.0:9323",
+    "tls": false
+}

docker/fly.toml

@@ -0,0 +1,13 @@
+app = "burd-infra-docker-machine"
+kill_signal = "SIGINT"
+kill_timeout = 5
+
+[mounts]
+  destination = "/data"
+  source = "docker_data"
+
+[[services]]
+  protocol = "tcp"
+  internal_port = 2375
+  [[services.ports]]
+    port = 2375

drone/Dockerfile

@@ -0,0 +1,10 @@
+FROM drone/drone-runner-docker:latest as runner
+
+FROM drone/drone:latest
+
+COPY --from=runner /bin/tmate /bin/
+COPY --from=runner /bin/drone-runner-docker /bin/
+LABEL com.centurylinklabs.watchtower.stop-signal="SIGINT"
+
+ENTRYPOINT []
+CMD ""

drone/fly.toml

@@ -0,0 +1,55 @@
+# fly.toml app configuration file generated for burd-infra-drone on 2023-10-17T16:27:21-04:00
+#
+# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
+#
+
+app = "burd-infra-drone"
+primary_region = "sea"
+kill_signal = "SIGINT"
+kill_timeout = "5s"
+
+[experimental]
+  auto_rollback = true
+
+[build]
+
+[env]
+  DRONE_GITEA_SERVER = "https://git.burd.me"
+  DRONE_JSONNET_ENABLED = "true"
+  DRONE_REGISTRATION_CLOSED = "true"
+  DRONE_RPC_PROTO = "http"
+  DRONE_RUNNER_CAPACITY = "1"
+  DRONE_SERVER_HOST = "build.burd.me"
+  DRONE_SERVER_PROTO = "https"
+
+[processes]
+  runner = "/bin/drone-runner-docker"
+  server = "/bin/drone-server"
+
+[[mounts]]
+  source = "drone_data"
+  destination = "/data"
+  processes = ["server"]
+
+[[services]]
+  protocol = "tcp"
+  internal_port = 80
+  processes = ["server"]
+
+  [[services.ports]]
+    port = 80
+    handlers = ["http"]
+    force_https = true
+
+  [[services.ports]]
+    port = 443
+    handlers = ["tls", "http"]
+  [services.concurrency]
+    type = "connections"
+    hard_limit = 25
+    soft_limit = 20
+
+  [[services.tcp_checks]]
+    interval = "15s"
+    timeout = "2s"
+    grace_period = "1s"

forgejo/fly.toml

@@ -0,0 +1,69 @@
+# fly.toml app configuration file generated for burd-infra-forgejo on 2023-10-17T16:24:22-04:00
+#
+# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
+#
+
+app = "burd-infra-forgejo"
+primary_region = "sea"
+kill_signal = "SIGINT"
+kill_timeout = "5s"
+
+[experimental]
+  auto_rollback = true
+
+[build]
+  image = "codeberg.org/forgejo/forgejo:1.20.5-0"
+
+[env]
+  GITEA____APP_NAME = "git.burd.me: Git for us"
+  GITEA__database__DB_TYPE = "sqlite3"
+  GITEA__database__PATH = "/data/gitea/gitea.db"
+  GITEA__federation__ENABLED = "true"
+  GITEA__mailer__ENABLED = "false"
+  GITEA__mailer__FROM = "noreply@git.burd.me"
+  GITEA__mailer__PROTOCOL = "sendmail"
+  GITEA__mailer__SUBJECT_PREFIX = "git.burd.me"
+  GITEA__security__INSTALL_LOCK = "true"
+  GITEA__server__DOMAIN = "git.burd.me"
+  GITEA__server__ROOT_URL = "https://git.burd.me"
+  GITEA__server__SSH_DOMAIN = "git.burd.me"
+  GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE = "true"
+  GITEA__service__DEFAULT_USER_IS_RESTRICTED = "true"
+  GITEA__service__DISABLE_REGISTRATION = "false"
+  GITEA__service__REGISTER_EMAIL_CONFIRM = "false"
+  GITEA__service__REGISTER_MANUAL_CONFIRM = "true"
+  "GITEA__ui.meta__AUTHOR" = "git.burd.me: Git for us"
+  GITEA__ui__DEFAULT_THEME = "forgejo-auto"
+
+[[mounts]]
+  source = "gitea_data"
+  destination = "/data"
+  processes = ["app"]
+
+[[services]]
+  protocol = "tcp"
+  internal_port = 22
+
+  [[services.ports]]
+    port = 22
+  [services.concurrency]
+    type = "connections"
+    hard_limit = 25
+    soft_limit = 20
+
+[[services]]
+  protocol = "tcp"
+  internal_port = 3000
+
+  [[services.ports]]
+    port = 80
+    handlers = ["http"]
+    force_https = true
+
+  [[services.ports]]
+    port = 443
+    handlers = ["tls", "http"]
+  [services.concurrency]
+    type = "connections"
+    hard_limit = 25
+    soft_limit = 20

goatcounter/Dockerfile

@@ -0,0 +1,22 @@
+FROM alpine:latest
+
+WORKDIR /goatcounter
+
+ENV GOATCOUNTER_VERSION 'v2.4.1'
+ENV GOATCOUNTER_TAG $GOATCOUNTER_VERSION
+
+RUN apk add --no-cache ca-certificates wget bash \
+  && update-ca-certificates --fresh
+
+RUN wget "https://github.com/arp242/goatcounter/releases/download/$GOATCOUNTER_VERSION/goatcounter-$GOATCOUNTER_TAG-linux-amd64.gz" \
+  && gzip -d "goatcounter-$GOATCOUNTER_TAG-linux-amd64.gz" \
+  && mv "goatcounter-$GOATCOUNTER_TAG-linux-amd64" /usr/local/bin/goatcounter \
+  && chmod +x /usr/local/bin/goatcounter
+
+COPY goatcounter.sh ./
+COPY entrypoint.sh /entrypoint.sh
+
+EXPOSE 8080
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["/goatcounter/goatcounter.sh"]

goatcounter/entrypoint.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -eu
+
+create_site ()
+{
+  goatcounter db create site \
+    -createdb \
+    -vhost "$GOATCOUNTER_DOMAIN" \
+    -user.email "$GOATCOUNTER_EMAIL" \
+    -password "$GOATCOUNTER_PASSWORD" \
+    -db "$GOATCOUNTER_DB"
+}
+
+# silence any errors
+if ! create_site; then
+  /bin/true
+fi
+
+exec "$@"

goatcounter/fly.toml

@@ -0,0 +1,45 @@
+app = "burd-infra-goatcounter-services"
+primary_region = "sea"
+kill_signal = "SIGINT"
+kill_timeout = "5s"
+
+[experimental]
+  auto_rollback = true
+
+[build]
+
+[env]
+  GOATCOUNTER_DB = "sqlite+/data/goatcounter.sqlite3"
+  GOATCOUNTER_DEBUG = ""
+  GOATCOUNTER_DOMAIN = "stats.burd.me"
+  GOATCOUNTER_EMAIL = "greg@burd.me"
+  GOATCOUNTER_LISTEN = "0.0.0.0:8080"
+  GOATCOUNTER_SMTP = ""
+
+[[mounts]]
+  source = "goatcounter_data"
+  destination = "/data"
+  processes = ["app"]
+
+[[services]]
+  protocol = "tcp"
+  internal_port = 8080
+  processes = ["app"]
+
+  [[services.ports]]
+    port = 80
+    handlers = ["http"]
+    force_https = true
+
+  [[services.ports]]
+    port = 443
+    handlers = ["tls", "http"]
+  [services.concurrency]
+    type = "connections"
+    hard_limit = 25
+    soft_limit = 20
+
+  [[services.tcp_checks]]
+    interval = "15s"
+    timeout = "2s"
+    grace_period = "1s"

goatcounter/goatcounter.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+set -e
+
+declare OPTS=""
+
+OPTS="$OPTS -automigrate"
+OPTS="$OPTS -listen $GOATCOUNTER_LISTEN"
+OPTS="$OPTS -tls none"
+OPTS="$OPTS -email-from $GOATCOUNTER_EMAIL"
+OPTS="$OPTS -db $GOATCOUNTER_DB"
+
+if [ -n "$GOATCOUNTER_SMTP" ]; then
+  OPTS="$OPTS -smtp $GOATCOUNTER_SMTP"
+fi
+
+if [ -n "$GOATCOUNTER_DEBUG" ]; then
+  OPTS="$OPTS -debug all"
+fi
+
+goatcounter serve $OPTS

tailscale-exit

@@ -0,0 +1 @@
+Subproject commit 39911843a4d1ef997ff61882ac04b664f3216447