commit db7c4e33de406881fbb0a903af18a900720e2508 Author: Greg Burd Date: Tue Oct 17 16:36:25 2023 -0400 initial import of https://git.mat.services/mat/fly-apps diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a23f68e --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.nvimlog +*.priv.* \ No newline at end of file diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..5c49b7d --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "tailscale-exit"] + path = tailscale-exit + url = https://github.com/patte/fly-tailscale-exit.git diff --git a/burd.me/fly.toml b/burd.me/fly.toml new file mode 100644 index 0000000..2dcdf20 --- /dev/null +++ b/burd.me/fly.toml @@ -0,0 +1,21 @@ +# fly.toml app configuration file generated for burd-infra-ghost on 2023-09-18T10:15:44-04:00 +# +# See https://fly.io/docs/reference/configuration/ for information about how to use this file. +# + +app = "burd-infra-ghost" +primary_region = "sea" + +[build] + image = "ghost:5-alpine" + +[http_service] + internal_port = 2368 + force_https = true + auto_stop_machines = true + auto_start_machines = true + min_machines_running = 0 + processes = ["app"] +[mounts] +source="ghost_data" +destination="/var/lib/ghost/content" diff --git a/burd.me/ghost-fly.sh b/burd.me/ghost-fly.sh new file mode 100644 index 0000000..6b13b74 --- /dev/null +++ b/burd.me/ghost-fly.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# https://www.autodidacts.io/host-a-ghost-blog-free-on-fly-io/ + +set -euo pipefail +set -x + +#read -p "Enter App Name: " appname /dev/null 2>&1 || { echo >&2 "Fly CLI required and not found. Installing..."; curl -L https://fly.io/install.sh | sh; } + +# This will open a browser, where you can enter a username and password, and your credit card (which is required even for free tier, for fraud prevention). +flyctl auth signup + +# Create a directory for the project and enter it, since the next command will output a file +#mkdir ghost-flyio && cd ghost-flyio + +# Create an app -- using Ghost Dockerfile, Seattle region, and app name prompted for earlier -- but don't deploy it +flyctl launch --name $appname --image=ghost:5-alpine --region sea --no-deploy --org personal + +# Provision a volume for Ghost's content and SQLite Database. +# Size can be up to 3GB and still fit in the free plan, but 1GB will be enough for starters. +flyctl volumes create ghost_data --region sea --size 3 -a $appname --auto-confirm + +# Update the port to Ghost's default (2368) +sed -i 's/internal_port = 8080/internal_port = 2368/g' fly.toml + +# Append info about where to find the persistent storage to fly.toml +cat >> fly.toml << BLOCK +[mounts] +source="ghost_data" +destination="/var/lib/ghost/content" +BLOCK + +# Set Ghost url +flyctl secrets set url=https://$appname.fly.dev + +# Since we're using SQLite, we need to set ghost to run in development mode +flyctl secrets set -a $appname NODE_ENV=development + +# Put the SQLite DB somewhere where it doesn't get overwritten on redeploy... +fly secrets set database__connection__filename=/var/lib/ghost/content/data/ghost-dev.db + +# Boom! We're airborne. +flyctl deploy + diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..3f82be1 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,14 @@ +FROM docker:dind + +RUN apk add bash ip6tables pigz sysstat procps lsof gcompat + +COPY etc/docker/daemon.json /etc/docker/daemon.json + +COPY ./entrypoint ./entrypoint +COPY ./docker-entrypoint.d/* ./docker-entrypoint.d/ + +ENV DOCKER_TMPDIR=/data/docker/tmp + +ENTRYPOINT ["./entrypoint"] + +CMD ["dockerd", "-p", "/var/run/docker.pid"] diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..c0827e8 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,26 @@ +# Fly Docker Daemon + +This deploys a Docker Daemon running on Fly.io which you can used to offload builds and other tasks to a Fly app running in a city near you. + +## Installation + +1. Clone this repository +1. `fly launch`, follow the prompts +1. Select `n` when it asks if you want to deploy +1. Create a volume in a region of your choice: `fly volumes create data --size 50 --region ord` +1. Deploy + +## Get Connected + +1. Create a WireGuard peer with `fly wireguard create` +1. Setup WireGuard with generated config +1. `fly ips private` to get the IP of your Daemon +1. Set the `DOCKER_HOST` env variable using that IP: + ``` + export DOCKER_HOST=tcp://[fdaa:0:5d2:a7b:81:0:26d4:2]:2375 + ``` + +# Final Step + +1. Delete the Docker Engine from your local system. +1. You probably want to scale your remote Daemon: `fly scale vm dedicated-cpu-2x` diff --git a/docker/docker-entrypoint.d/docker b/docker/docker-entrypoint.d/docker new file mode 100755 index 0000000..72a923b --- /dev/null +++ b/docker/docker-entrypoint.d/docker @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +echo "Setting up Docker data directory" +mkdir -p /data/docker + +echo "Configuring ipv6 for docker" +ip6tables -t nat -A POSTROUTING -s 2001:db8:1::/64 ! -o docker0 -j MASQUERADE + +echo "Done setting up docker!" diff --git a/docker/docker-entrypoint.d/sysctl b/docker/docker-entrypoint.d/sysctl new file mode 100755 index 0000000..15c3ba0 --- /dev/null +++ b/docker/docker-entrypoint.d/sysctl @@ -0,0 +1,46 @@ +#!/bin/bash + +set -e + +echo "Allowing ipv6 forwarding via sysctl" +sysctl net.ipv6.conf.default.forwarding=1 +sysctl net.ipv6.conf.all.forwarding=1 + +echo "General sysctl tweaks" +sysctl vm.swappiness=0 +sysctl vm.dirty_ratio=6 +sysctl vm.dirty_background_ratio=3 + +# Default Socket Receive Buffer +sysctl net.core.rmem_default=31457280 + +# Maximum Socket Receive Buffer +sysctl net.core.rmem_max=33554432 + +# Default Socket Send Buffer +sysctl net.core.wmem_default=31457280 + +# Maximum Socket Send Buffer +sysctl net.core.wmem_max=33554432 + +# Increase number of incoming connections +sysctl net.core.somaxconn=65535 + +# Increase number of incoming connections backlog +sysctl net.core.netdev_max_backlog=65536 + +# Increase the maximum amount of option memory buffers +sysctl net.core.optmem_max=25165824 + +# Increase the maximum total buffer-space allocatable +# This is measured in units of pages (4096 bytes) +sysctl "net.ipv4.tcp_mem=786432 1048576 26777216" +sysctl "net.ipv4.udp_mem=65536 131072 262144" + +# Increase the read-buffer space allocatable +sysctl "net.ipv4.tcp_rmem=8192 87380 33554432" +sysctl net.ipv4.udp_rmem_min=16384 + +# Increase the write-buffer-space allocatable +sysctl "net.ipv4.tcp_wmem=8192 65536 33554432" +sysctl net.ipv4.udp_wmem_min=16384 \ No newline at end of file diff --git a/docker/entrypoint b/docker/entrypoint new file mode 100755 index 0000000..89e5fe3 --- /dev/null +++ b/docker/entrypoint @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +if [[ -d "docker-entrypoint.d" ]] +then +echo "Running docker-entrypoint.d files" +/bin/run-parts docker-entrypoint.d +fi + +echo "Running $@" + +exec "$@" diff --git a/docker/etc/docker/daemon.json b/docker/etc/docker/daemon.json new file mode 100644 index 0000000..574c149 --- /dev/null +++ b/docker/etc/docker/daemon.json @@ -0,0 +1,27 @@ +{ + "data-root": "/data/docker", + "experimental": true, + "ipv6": true, + "ip6tables": true, + "fixed-cidr-v6": "2001:db8:1::/64", + "default-address-pools": [ + { + "base": "10.100.0.1/16", + "size": 24 + } + ], + "debug": true, + "log-level": "debug", + "features": { + "buildkit": false + }, + "hosts": [ + "unix:///var/run/docker.sock", + "tcp://[::]:2375" + ], + "mtu": 1400, + "max-concurrent-downloads": 10, + "max-concurrent-uploads": 5, + "metrics-addr": "0.0.0.0:9323", + "tls": false +} \ No newline at end of file diff --git a/docker/fly.toml b/docker/fly.toml new file mode 100644 index 0000000..c7ea9ce --- /dev/null +++ b/docker/fly.toml @@ -0,0 +1,13 @@ +app = "burd-infra-docker-machine" +kill_signal = "SIGINT" +kill_timeout = 5 + +[mounts] + destination = "/data" + source = "docker_data" + +[[services]] + protocol = "tcp" + internal_port = 2375 + [[services.ports]] + port = 2375 diff --git a/drone/Dockerfile b/drone/Dockerfile new file mode 100644 index 0000000..6f26dff --- /dev/null +++ b/drone/Dockerfile @@ -0,0 +1,10 @@ +FROM drone/drone-runner-docker:latest as runner + +FROM drone/drone:latest + +COPY --from=runner /bin/tmate /bin/ +COPY --from=runner /bin/drone-runner-docker /bin/ +LABEL com.centurylinklabs.watchtower.stop-signal="SIGINT" + +ENTRYPOINT [] +CMD "" diff --git a/drone/fly.toml b/drone/fly.toml new file mode 100644 index 0000000..fcc033c --- /dev/null +++ b/drone/fly.toml @@ -0,0 +1,55 @@ +# fly.toml app configuration file generated for burd-infra-drone on 2023-10-17T16:27:21-04:00 +# +# See https://fly.io/docs/reference/configuration/ for information about how to use this file. +# + +app = "burd-infra-drone" +primary_region = "sea" +kill_signal = "SIGINT" +kill_timeout = "5s" + +[experimental] + auto_rollback = true + +[build] + +[env] + DRONE_GITEA_SERVER = "https://git.burd.me" + DRONE_JSONNET_ENABLED = "true" + DRONE_REGISTRATION_CLOSED = "true" + DRONE_RPC_PROTO = "http" + DRONE_RUNNER_CAPACITY = "1" + DRONE_SERVER_HOST = "build.burd.me" + DRONE_SERVER_PROTO = "https" + +[processes] + runner = "/bin/drone-runner-docker" + server = "/bin/drone-server" + +[[mounts]] + source = "drone_data" + destination = "/data" + processes = ["server"] + +[[services]] + protocol = "tcp" + internal_port = 80 + processes = ["server"] + + [[services.ports]] + port = 80 + handlers = ["http"] + force_https = true + + [[services.ports]] + port = 443 + handlers = ["tls", "http"] + [services.concurrency] + type = "connections" + hard_limit = 25 + soft_limit = 20 + + [[services.tcp_checks]] + interval = "15s" + timeout = "2s" + grace_period = "1s" diff --git a/forgejo/fly.toml b/forgejo/fly.toml new file mode 100644 index 0000000..0514831 --- /dev/null +++ b/forgejo/fly.toml @@ -0,0 +1,69 @@ +# fly.toml app configuration file generated for burd-infra-forgejo on 2023-10-17T16:24:22-04:00 +# +# See https://fly.io/docs/reference/configuration/ for information about how to use this file. +# + +app = "burd-infra-forgejo" +primary_region = "sea" +kill_signal = "SIGINT" +kill_timeout = "5s" + +[experimental] + auto_rollback = true + +[build] + image = "codeberg.org/forgejo/forgejo:1.20.5-0" + +[env] + GITEA____APP_NAME = "git.burd.me: Git for us" + GITEA__database__DB_TYPE = "sqlite3" + GITEA__database__PATH = "/data/gitea/gitea.db" + GITEA__federation__ENABLED = "true" + GITEA__mailer__ENABLED = "false" + GITEA__mailer__FROM = "noreply@git.burd.me" + GITEA__mailer__PROTOCOL = "sendmail" + GITEA__mailer__SUBJECT_PREFIX = "git.burd.me" + GITEA__security__INSTALL_LOCK = "true" + GITEA__server__DOMAIN = "git.burd.me" + GITEA__server__ROOT_URL = "https://git.burd.me" + GITEA__server__SSH_DOMAIN = "git.burd.me" + GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE = "true" + GITEA__service__DEFAULT_USER_IS_RESTRICTED = "true" + GITEA__service__DISABLE_REGISTRATION = "false" + GITEA__service__REGISTER_EMAIL_CONFIRM = "false" + GITEA__service__REGISTER_MANUAL_CONFIRM = "true" + "GITEA__ui.meta__AUTHOR" = "git.burd.me: Git for us" + GITEA__ui__DEFAULT_THEME = "forgejo-auto" + +[[mounts]] + source = "gitea_data" + destination = "/data" + processes = ["app"] + +[[services]] + protocol = "tcp" + internal_port = 22 + + [[services.ports]] + port = 22 + [services.concurrency] + type = "connections" + hard_limit = 25 + soft_limit = 20 + +[[services]] + protocol = "tcp" + internal_port = 3000 + + [[services.ports]] + port = 80 + handlers = ["http"] + force_https = true + + [[services.ports]] + port = 443 + handlers = ["tls", "http"] + [services.concurrency] + type = "connections" + hard_limit = 25 + soft_limit = 20 diff --git a/goatcounter/Dockerfile b/goatcounter/Dockerfile new file mode 100644 index 0000000..6fc6b93 --- /dev/null +++ b/goatcounter/Dockerfile @@ -0,0 +1,22 @@ +FROM alpine:latest + +WORKDIR /goatcounter + +ENV GOATCOUNTER_VERSION 'v2.4.1' +ENV GOATCOUNTER_TAG $GOATCOUNTER_VERSION + +RUN apk add --no-cache ca-certificates wget bash \ + && update-ca-certificates --fresh + +RUN wget "https://github.com/arp242/goatcounter/releases/download/$GOATCOUNTER_VERSION/goatcounter-$GOATCOUNTER_TAG-linux-amd64.gz" \ + && gzip -d "goatcounter-$GOATCOUNTER_TAG-linux-amd64.gz" \ + && mv "goatcounter-$GOATCOUNTER_TAG-linux-amd64" /usr/local/bin/goatcounter \ + && chmod +x /usr/local/bin/goatcounter + +COPY goatcounter.sh ./ +COPY entrypoint.sh /entrypoint.sh + +EXPOSE 8080 + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["/goatcounter/goatcounter.sh"] \ No newline at end of file diff --git a/goatcounter/entrypoint.sh b/goatcounter/entrypoint.sh new file mode 100755 index 0000000..4409656 --- /dev/null +++ b/goatcounter/entrypoint.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -eu + +create_site () +{ + goatcounter db create site \ + -createdb \ + -vhost "$GOATCOUNTER_DOMAIN" \ + -user.email "$GOATCOUNTER_EMAIL" \ + -password "$GOATCOUNTER_PASSWORD" \ + -db "$GOATCOUNTER_DB" +} + +# silence any errors +if ! create_site; then + /bin/true +fi + +exec "$@" \ No newline at end of file diff --git a/goatcounter/fly.toml b/goatcounter/fly.toml new file mode 100644 index 0000000..d01142b --- /dev/null +++ b/goatcounter/fly.toml @@ -0,0 +1,45 @@ +app = "burd-infra-goatcounter-services" +primary_region = "sea" +kill_signal = "SIGINT" +kill_timeout = "5s" + +[experimental] + auto_rollback = true + +[build] + +[env] + GOATCOUNTER_DB = "sqlite+/data/goatcounter.sqlite3" + GOATCOUNTER_DEBUG = "" + GOATCOUNTER_DOMAIN = "stats.burd.me" + GOATCOUNTER_EMAIL = "greg@burd.me" + GOATCOUNTER_LISTEN = "0.0.0.0:8080" + GOATCOUNTER_SMTP = "" + +[[mounts]] + source = "goatcounter_data" + destination = "/data" + processes = ["app"] + +[[services]] + protocol = "tcp" + internal_port = 8080 + processes = ["app"] + + [[services.ports]] + port = 80 + handlers = ["http"] + force_https = true + + [[services.ports]] + port = 443 + handlers = ["tls", "http"] + [services.concurrency] + type = "connections" + hard_limit = 25 + soft_limit = 20 + + [[services.tcp_checks]] + interval = "15s" + timeout = "2s" + grace_period = "1s" diff --git a/goatcounter/goatcounter.sh b/goatcounter/goatcounter.sh new file mode 100755 index 0000000..35f82e3 --- /dev/null +++ b/goatcounter/goatcounter.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -e + +declare OPTS="" + +OPTS="$OPTS -automigrate" +OPTS="$OPTS -listen $GOATCOUNTER_LISTEN" +OPTS="$OPTS -tls none" +OPTS="$OPTS -email-from $GOATCOUNTER_EMAIL" +OPTS="$OPTS -db $GOATCOUNTER_DB" + +if [ -n "$GOATCOUNTER_SMTP" ]; then + OPTS="$OPTS -smtp $GOATCOUNTER_SMTP" +fi + +if [ -n "$GOATCOUNTER_DEBUG" ]; then + OPTS="$OPTS -debug all" +fi + +goatcounter serve $OPTS diff --git a/tailscale-exit b/tailscale-exit new file mode 160000 index 0000000..3991184 --- /dev/null +++ b/tailscale-exit @@ -0,0 +1 @@ +Subproject commit 39911843a4d1ef997ff61882ac04b664f3216447