ingress/install.sh

#!/usr/bin/env bash
set -euo pipefail

##
# Source Code
# We store all initial configs in the /srv location
cd /srv
# Clone if not yet cloned
if [ ! -d .git ]; then
  git clone --depth 1 https://code.tjo.space/tjo-cloud/ingress.git .
else
  git pull
fi

##
# Metadata
SERVICE_NAME="ingress.tjo.cloud"
SERVICE_VERSION="$(git describe --tags --always --dirty)"
CLOUD_REGION="$(hostname -s)"

SERVICE_ACCOUNT_USERNAME=$(jq -r ".service_account.username" /etc/tjo.cloud/meta.json)
SERVICE_ACCOUNT_PASSWORD=$(jq -r ".service_account.password" /etc/tjo.cloud/meta.json)

##
# Dependencies
apt update -y

apt install -y \
  gpg \
  git \
  nginx \
  nginx-extras \
  libnginx-mod-http-geoip2 \
  libnginx-mod-stream-geoip2

# Grafana Alloy
mkdir -p /etc/apt/keyrings/
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor >/etc/apt/keyrings/grafana.gpg
echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" >/etc/apt/sources.list.d/grafana.list
apt update -y
apt install -y alloy

# Tailscale
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg >/usr/share/keyrings/tailscale-archive-keyring.gpg
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list >/etc/apt/sources.list.d/tailscale.list
apt update -y
apt install -y tailscale

##
# Ensure services are enabled
systemctl enable --now nginx alloy tailscaled

##
# Configure Alloy
cp -r root/etc/alloy/* /etc/alloy/
cp -r root/etc/default/alloy /etc/default/alloy
# Set Attributes
ATTRIBUTES=""
ATTRIBUTES+="service.name=${SERVICE_NAME},"
ATTRIBUTES+="service.version=${SERVICE_VERSION},"
ATTRIBUTES+="cloud.region=${CLOUD_REGION}"
echo "OTEL_RESOURCE_ATTRIBUTES=${ATTRIBUTES}" >>/etc/default/alloy
# Set Credentials
{
  echo "ALLOY_USERNAME=${SERVICE_ACCOUNT_USERNAME}"
  echo "ALLOY_PASSWORD=${SERVICE_ACCOUNT_PASSWORD}"
} >>/etc/default/alloy
systemctl reload alloy

##
# Configure Tailscale
tailscale up \
  --ssh=true \
  --accept-routes=true \
  --accept-dns=false \
  --advertise-tags="tag:ingress-tjo-cloud" \
  --hostname="$(hostname -f | sed 's/\./-/g')"

##
# Configure NGINX
cp assets/dbip-city-lite-2023-07.mmdb /var/geoip.mmdb
cp -r root/etc/nginx/* /etc/nginx/
systemctl reload nginx
feat: preparation 2024-09-19 18:42:30 +00:00			`#!/usr/bin/env bash`
feat: preparation 2024-09-19 18:43:51 +00:00			`set -euo pipefail`

feat: refactor, deploy and provisioning 2024-11-04 20:32:57 +00:00			`##`
			`# Source Code`
			`# We store all initial configs in the /srv location`
			`cd /srv`
			`# Clone if not yet cloned`
			`if [ ! -d .git ]; then`
feat: tailscale 2024-11-09 16:43:32 +00:00			`git clone --depth 1 https://code.tjo.space/tjo-cloud/ingress.git .`
feat: refactor, deploy and provisioning 2024-11-04 20:32:57 +00:00			`else`
			`git pull`
			`fi`

			`##`
			`# Metadata`
feat: preparation 2024-09-19 18:42:30 +00:00			`SERVICE_NAME="ingress.tjo.cloud"`
			`SERVICE_VERSION="$(git describe --tags --always --dirty)"`
			`CLOUD_REGION="$(hostname -s)"`

			`SERVICE_ACCOUNT_USERNAME=$(jq -r ".service_account.username" /etc/tjo.cloud/meta.json)`
			`SERVICE_ACCOUNT_PASSWORD=$(jq -r ".service_account.password" /etc/tjo.cloud/meta.json)`

			`##`
			`# Dependencies`
			`apt update -y`

			`apt install -y \`
			`gpg \`
			`git \`
			`nginx \`
			`nginx-extras \`
			`libnginx-mod-http-geoip2 \`
			`libnginx-mod-stream-geoip2`

			`# Grafana Alloy`
			`mkdir -p /etc/apt/keyrings/`
feat: tailscale 2024-11-09 16:43:32 +00:00			`wget -q -O - https://apt.grafana.com/gpg.key \| gpg --dearmor >/etc/apt/keyrings/grafana.gpg`
			`echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" >/etc/apt/sources.list.d/grafana.list`
feat: preparation 2024-09-19 18:42:30 +00:00			`apt update -y`
feat: refactor, deploy and provisioning 2024-11-04 20:32:57 +00:00			`apt install -y alloy`
feat: preparation 2024-09-19 18:42:30 +00:00
feat: tailscale 2024-11-09 16:43:32 +00:00			`# Tailscale`
			`curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg >/usr/share/keyrings/tailscale-archive-keyring.gpg`
			`curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list >/etc/apt/sources.list.d/tailscale.list`
			`apt update -y`
			`apt install -y tailscale`

feat: preparation 2024-09-19 18:42:30 +00:00			`##`
			`# Ensure services are enabled`
feat: tailscale 2024-11-09 16:43:32 +00:00			`systemctl enable --now nginx alloy tailscaled`
feat: preparation 2024-09-19 18:42:30 +00:00
			`##`
			`# Configure Alloy`
			`cp -r root/etc/alloy/* /etc/alloy/`
			`cp -r root/etc/default/alloy /etc/default/alloy`
			`# Set Attributes`
			`ATTRIBUTES=""`
			`ATTRIBUTES+="service.name=${SERVICE_NAME},"`
			`ATTRIBUTES+="service.version=${SERVICE_VERSION},"`
			`ATTRIBUTES+="cloud.region=${CLOUD_REGION}"`
			`echo "OTEL_RESOURCE_ATTRIBUTES=${ATTRIBUTES}" >>/etc/default/alloy`
			`# Set Credentials`
			`{`
			`echo "ALLOY_USERNAME=${SERVICE_ACCOUNT_USERNAME}"`
			`echo "ALLOY_PASSWORD=${SERVICE_ACCOUNT_PASSWORD}"`
			`} >>/etc/default/alloy`
			`systemctl reload alloy`

feat: tailscale 2024-11-09 16:43:32 +00:00			`##`
			`# Configure Tailscale`
			`tailscale up \`
			`--ssh=true \`
			`--accept-routes=true \`
			`--accept-dns=false \`
			`--advertise-tags="tag:ingress-tjo-cloud" \`
			`--hostname="$(hostname -f \| sed 's/\./-/g')"`

feat: preparation 2024-09-19 18:42:30 +00:00			`##`
			`# Configure NGINX`
chore: add mmdb 2024-11-05 20:34:22 +00:00			`cp assets/dbip-city-lite-2023-07.mmdb /var/geoip.mmdb`
			`cp -r root/etc/nginx/* /etc/nginx/`
feat: preparation 2024-09-19 18:42:30 +00:00			`systemctl reload nginx`