diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..bc1425a --- /dev/null +++ b/.drone.yml @@ -0,0 +1,28 @@ +# yaml-language-server: $schema=https://json.schemastore.org/drone.json +name: deploy +kind: pipeline +type: docker +node: + instance: system +trigger: + event: + - push + branch: + - main +steps: + - name: deploy + image: docker:20.10.22-cli-alpine3.17@sha256:9586963dcc07a22641bf03c22f43cd7e45b3107df6bf55c92d8c5098b0ac1750 + commands: + - mkdir -p /root/.ssh + - install -v -m 600 /home/ubuntu/.ssh/id_ed25519 /root/.ssh/id_ed25519 + - ssh-keyscan beta.fogtype.com >> /root/.ssh/known_hosts + - docker context create --docker=host=ssh://ubuntu@beta.fogtype.com beta + - docker context use beta + - docker compose --project-name=beta up --detach + volumes: + - name: ssh_key + path: /home/ubuntu/.ssh/id_ed25519 +volumes: + - name: ssh_key + host: + path: /home/ubuntu/.ssh/id_ed25519 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1d128aa --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM caddy:2.6.2-builder-alpine AS builder +RUN xcaddy build --with github.com/lucaslorentz/caddy-docker-proxy/v2 +FROM caddy:2.6.2-alpine +COPY --from=builder /usr/bin/caddy /usr/bin/caddy +CMD ["caddy", "docker-proxy", "--ingress-networks=caddy"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..0e259d4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/README.md b/README.md index eac3d6f..56cf963 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,13 @@ -# beta.fogtype.com +# β +beta.fogtype.com +: 使い捨て実行環境 + +## Setup + +```sh +sudo apt install ansible +ansible-playbook setup.yml +``` + +詳しい構成は [setup.yml](setup.yml) を参照 diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..76ada53 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +inventory = etc/ansible/hosts diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..29f8ad1 --- /dev/null +++ b/compose.yml @@ -0,0 +1,20 @@ +services: + caddy: + image: git.fogtype.com/nebel/caddy-docker-proxy + build: "." + restart: unless-stopped + ports: + - "80:80" + - "443:443/udp" + - "443:443/tcp" + - "127.0.0.1:2019:2019" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - caddy_data:/data + - caddy_config:/config +networks: + default: + name: caddy +volumes: + caddy_data: + caddy_config: diff --git a/etc/ansible/hosts b/etc/ansible/hosts new file mode 100644 index 0000000..bc8fc2d --- /dev/null +++ b/etc/ansible/hosts @@ -0,0 +1,4 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/inventory.json +all: + hosts: + beta.fogtype.com: diff --git a/etc/docker/daemon.json b/etc/docker/daemon.json new file mode 100644 index 0000000..b73dceb --- /dev/null +++ b/etc/docker/daemon.json @@ -0,0 +1,4 @@ +{ + "live-restore": true, + "log-driver": "journald" +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..98b435a --- /dev/null +++ b/renovate.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + ":automergeAll", + ":automergeBranch", + ":skipStatusChecks", + "docker:enableMajor", + "docker:pinDigests" + ] +} diff --git a/setup.yml b/setup.yml new file mode 100644 index 0000000..b5c5666 --- /dev/null +++ b/setup.yml @@ -0,0 +1,42 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/playbook +- hosts: all + remote_user: ubuntu + vars_prompt: + - name: grafana_gcloud_api_key + prompt: GCLOUD_API_KEY + tasks: + - ansible.posix.authorized_key: + user: ubuntu + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnt8d3tggYhyeIYK/mHhZXXzv22OdAoQY+eQoyTvfuD ubuntu@gamma + - name: Grafana Cloud + ansible.builtin.shell: | + ARCH=amd64 GCLOUD_STACK_ID="373424" GCLOUD_API_URL="https://integrations-api-us-central.grafana.net" /bin/sh -c "$(curl -fsSL https://raw.githubusercontent.com/grafana/agent/release/production/grafanacloud-install.sh)" + sed -i "s/ hostname\$/ $(hostname)/" /etc/grafana-agent.yaml + systemctl restart grafana-agent.service + become: true + environment: + GCLOUD_API_KEY: "{{ grafana_gcloud_api_key }}" + - ansible.builtin.copy: + src: etc/docker/ + dest: /etc/docker/ + become: true + - ansible.builtin.apt_repository: + filename: docker + repo: deb [trusted=yes] https://download.docker.com/linux/ubuntu jammy stable + become: true + - ansible.builtin.apt_repository: + filename: tailscale + repo: deb [trusted=yes] https://pkgs.tailscale.com/stable/ubuntu jammy main + become: true + - ansible.builtin.apt: + pkg: + - docker-ce + - tailscale + install_recommends: false + become: true + - ansible.builtin.user: + name: "{{ ansible_user_id }}" + groups: docker + append: true + become: true + - ansible.builtin.meta: reset_connection