From 590d1741422f279143566328a608af8764291880 Mon Sep 17 00:00:00 2001 From: Thomas Hintz Date: Sat, 16 Aug 2025 15:50:14 -0700 Subject: [PATCH] Refactor build process to clean it up. --- .gitignore | 4 ++- Makefile | 27 ++++++++++---- all-apps/Makefile | 2 ++ all-apps/app.service | 13 +++++++ all-apps/docker-compose.yaml | 25 +++++++++++++ all-apps/lb/Caddyfile | 17 +++++++++ all-apps/nextcloud/docker-compose.yaml | 50 ++++++++++++++++++++++++++ all-apps/wg-easy/docker-compose.yaml | 37 +++++++++++++++++++ flatcar/cl.yaml => cl.yaml | 0 flatcar/Makefile | 12 ------- main.tf | 2 +- 11 files changed, 169 insertions(+), 20 deletions(-) create mode 100644 all-apps/Makefile create mode 100644 all-apps/app.service create mode 100644 all-apps/docker-compose.yaml create mode 100644 all-apps/lb/Caddyfile create mode 100644 all-apps/nextcloud/docker-compose.yaml create mode 100644 all-apps/wg-easy/docker-compose.yaml rename flatcar/cl.yaml => cl.yaml (100%) delete mode 100644 flatcar/Makefile diff --git a/.gitignore b/.gitignore index 4eb1379..4c52ea4 100644 --- a/.gitignore +++ b/.gitignore @@ -11,4 +11,6 @@ ignition.json production.tfvars terraform.tfstate -terraform.tfstate.backup \ No newline at end of file +terraform.tfstate.backup + +app \ No newline at end of file diff --git a/Makefile b/Makefile index 1cc088f..991df38 100644 --- a/Makefile +++ b/Makefile @@ -1,11 +1,26 @@ -ignition: - $(MAKE) -C flatcar ignition +TERRAFORM_ENV=production -plan: - terraform plan -var-file production.tfvars +# .dirstamp plus && $@ is like make magic to get this rule +# to only run if the contents of all-apps changes +app/.dirstamp: all-apps/app.service all-apps/docker-compose.yaml $(wildcard all-apps/lb/*) $(wildcard all-apps/Nextcloud/*) $(wildcard all-apps/wg-easy/*) + rm -Rf app/ + cp -a all-apps app && touch $@ -apply: - terraform apply -var-file production.tfvars +ignition.json: cl.yaml app/.dirstamp + cat cl.yaml | sudo docker run --rm --volume /home/tjhintz/.ssh/id_rsa.pub:/pwd/ssh-keys --volume ${PWD}:/pwd --workdir /pwd -i quay.io/coreos/butane:latest -d /pwd > ignition.json +plan: ignition.json + terraform plan -var-file $(TERRAFORM_ENV).tfvars + +apply: ignition.json + terraform apply -var-file $(TERRAFORM_ENV).tfvars + +## to help me remember the command to run to test the config locally testlocalhost: curl -k --resolve localhost:443:146.190.12.129 https://localhost + +flatcarbuild: ignition.json + cp --reflink=auto flatcar/flatcar_production_qemu_image.img.fresh flatcar/flatcar_production_qemu_image.img + +flatcarrun: + ./flatcar/flatcar_production_qemu.sh -i ignition.json diff --git a/all-apps/Makefile b/all-apps/Makefile new file mode 100644 index 0000000..85ca201 --- /dev/null +++ b/all-apps/Makefile @@ -0,0 +1,2 @@ +run: + sudo docker-compose -f docker-compose.yaml $(find . -mindepth 2 -maxdepth 2 -type f -name docker-compose.yaml -exec echo -f {} \;) up diff --git a/all-apps/app.service b/all-apps/app.service new file mode 100644 index 0000000..bbba8b2 --- /dev/null +++ b/all-apps/app.service @@ -0,0 +1,13 @@ +[Unit] +Description=Main App +After=docker.service +Requires=docker.service +[Service] +TimeoutStartSec=0 +ExecStart=/bin/bash -c '/usr/bin/docker compose -f /app/docker-compose.yaml $(find /app -mindepth 2 -maxdepth 2 -type f -name docker-compose.yaml -exec echo -f {} \;) up' +ExecStop=/bin/bash -c '/usr/bin/docker compose -f /app/docker-compose.yaml $(find /app -mindepth 2 -maxdepth 2 -type f -name docker-compose.yaml -exec echo -f {} \;) stop' + +Restart=always +RestartSec=5s +[Install] +WantedBy=multi-user.target diff --git a/all-apps/docker-compose.yaml b/all-apps/docker-compose.yaml new file mode 100644 index 0000000..028fcdc --- /dev/null +++ b/all-apps/docker-compose.yaml @@ -0,0 +1,25 @@ +version: '3' +services: + lb: + image: docker.io/caddy:2 + volumes: +# - /app/lb:/etc/caddy + - ./lb/:/etc/caddy + - config:/config + - data:/data + networks: + - lb + restart: unless-stopped + ports: + - "443:443" + - "80:80" + nginx: + image: nginx + restart: unless-stopped + networks: + - lb +networks: + lb: +volumes: + config: + data: diff --git a/all-apps/lb/Caddyfile b/all-apps/lb/Caddyfile new file mode 100644 index 0000000..60f2e03 --- /dev/null +++ b/all-apps/lb/Caddyfile @@ -0,0 +1,17 @@ +wg-easy1.nassella.cc { + reverse_proxy http://wg-easy:80 + + # tls internal + # x + # log +} + +nextcloud1.nassella.cc { + reverse_proxy http://nextcloud:80 + # tls internal +} + +root.nassella.cc { + reverse_proxy http://nginx:80 + # tls internal +} \ No newline at end of file diff --git a/all-apps/nextcloud/docker-compose.yaml b/all-apps/nextcloud/docker-compose.yaml new file mode 100644 index 0000000..1e7ab7a --- /dev/null +++ b/all-apps/nextcloud/docker-compose.yaml @@ -0,0 +1,50 @@ +version: '3' + +services: + db: + image: postgres + shm_size: 128mb + restart: always + volumes: + - db:/var/lib/postgresql/data + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + networks: + - internal + redis: + image: redis:alpine + restart: always + networks: + - internal + nextcloud: + image: nextcloud + environment: + - POSTGRES_HOST=db + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - NEXTCLOUD_ADMIN_PASSWORD=password + - NEXTCLOUD_ADMIN_USER=admin + - REDIS_HOST=redis + - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud1.nassella.cc + ports: + - "8080:80" + depends_on: + - redis + - db + networks: + - lb + - internal + volumes: + - nextcloud:/var/www + restart: unless-stopped +networks: + lb: + internal: + driver: bridge + internal: true +volumes: + db: + nextcloud: diff --git a/all-apps/wg-easy/docker-compose.yaml b/all-apps/wg-easy/docker-compose.yaml new file mode 100644 index 0000000..aa00d2b --- /dev/null +++ b/all-apps/wg-easy/docker-compose.yaml @@ -0,0 +1,37 @@ +version: '3' +services: + wg-easy: + image: ghcr.io/wg-easy/wg-easy:15 + environment: + - PORT=80 + ports: + - "51820:51820/udp" + networks: + lb: + wg: + ipv4_address: 10.42.42.42 +# ipv6_address: fdcc:ad94:bacf:61a3::2a + volumes: + - etc_wireguard:/etc/wireguard + - /lib/modules:/lib/modules:ro + restart: unless-stopped + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv6.conf.all.forwarding=1 + - net.ipv6.conf.default.forwarding=1 +networks: + lb: + wg: + driver: bridge + ipam: + driver: default + config: + - subnet: 10.42.42.0/24 + - subnet: fdcc:ad94:bacf:61a3::/64 +volumes: + etc_wireguard: diff --git a/flatcar/cl.yaml b/cl.yaml similarity index 100% rename from flatcar/cl.yaml rename to cl.yaml diff --git a/flatcar/Makefile b/flatcar/Makefile deleted file mode 100644 index ce7f318..0000000 --- a/flatcar/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# get the directory of this makefile -ROOT_DIR:=$(shell dirname "$(realpath $(firstword $(MAKEFILE_LIST)))") - -ignition: - cat cl.yaml | sudo docker run --rm --volume /home/tjhintz/.ssh/id_rsa.pub:/pwd/ssh-keys --volume ${ROOT_DIR}:/pwd --workdir /pwd -i quay.io/coreos/butane:latest -d /pwd > ignition.json - -build: - cp --reflink=auto flatcar_production_qemu_image.img.fresh flatcar_production_qemu_image.img - make ignition - -run: - ./flatcar_production_qemu.sh -i ignition.json diff --git a/main.tf b/main.tf index c9af97e..64df1b5 100644 --- a/main.tf +++ b/main.tf @@ -136,7 +136,7 @@ resource "digitalocean_droplet" "machine" { region = var.datacenter size = var.server_type ssh_keys = [digitalocean_ssh_key.first.fingerprint] - user_data = file("flatcar/ignition.json") + user_data = file("ignition.json") lifecycle { create_before_destroy = true }