Add setup script

2026-03-02 00:36:38 +00:00 · 2024-12-26 18:05:23 -05:00
parent 34e3e7c819
commit 37790c850a
11 changed files with 556 additions and 1 deletions
--- a/install/fs/config.yml
+++ b/install/fs/config.yml
@@ -0,0 +1,48 @@
+app:
+    base_url: https://{{.Domain}}
+    log_level: info
+    save_logs: false
+
+server:
+    external_port: 3000
+    internal_port: 3001
+    next_port: 3002
+    internal_hostname: pangolin
+    secure_cookies: false
+    session_cookie_name: session
+    resource_session_cookie_name: resource_session
+
+traefik:
+    cert_resolver: letsencrypt
+    http_entrypoint: web
+    https_entrypoint: websecure
+    prefer_wildcard_cert: false
+
+gerbil:
+    start_port: 51820
+    base_endpoint: {{.Domain}}
+    use_subdomain: false
+    block_size: 16
+    subnet_group: 10.0.0.0/8
+
+rate_limits:
+    global:
+        window_minutes: 1
+        max_requests: 100
+{{if .EnableEmail}}
+email:
+    smtp_host: {{.EmailSMTPHost}}
+    smtp_port: {{.EmailSMTPPort}}
+    smtp_user: {{.EmailSMTPUser}}
+    smtp_pass: {{.EmailSMTPPass}}
+    no_reply: {{.EmailNoReply}}
+{{end}}
+users:
+    server_admin:
+        email: {{.AdminUserEmail}}
+        password: {{.AdminUserPassword}}
+
+flags:
+    require_email_verification: {{.EnableEmail}}
+    disable_signup_without_invite: {{.DisableSignupWithoutInvite}}
+    disable_user_create_org: {{.DisableUserCreateOrg}}
--- a/install/fs/docker-compose.yml
+++ b/install/fs/docker-compose.yml
@@ -0,0 +1,51 @@
+services:
+  pangolin:
+    image: fossorial/pangolin
+    container_name: pangolin
+    restart: unless-stopped
+    ports:
+      - 3001:3001
+      - 3000:3000
+    volumes:
+      - ./config:/app/config
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
+      interval: "3s"
+      timeout: "3s"
+      retries: 5
+
+  gerbil:
+    image: fossorial/gerbil
+    container_name: gerbil
+    restart: unless-stopped
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --reachableAt=http://gerbil:3003
+      - --generateAndSaveKeyTo=/var/config/key
+      - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
+      - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
+    volumes:
+      - ./config/:/var/config
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    ports:
+      - 51820:51820/udp
+      - 443:443 # Port for traefik because of the network_mode
+      - 80:80 # Port for traefik because of the network_mode
+
+  traefik:
+    image: traefik:v3.1
+    container_name: traefik
+    restart: unless-stopped
+    network_mode: service:gerbil # Ports appear on the gerbil service
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --configFile=/etc/traefik/traefik_config.yml
+    volumes:
+      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
+      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
--- a/install/fs/traefik/dynamic_config.yml
+++ b/install/fs/traefik/dynamic_config.yml
@@ -0,0 +1,54 @@
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
+  routers:
+    # HTTP to HTTPS redirect router
+    main-app-router-redirect:
+      rule: "Host(`{{.Domain}}`)"
+      service: next-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    # Next.js router (handles everything except API and WebSocket paths)
+    next-router:
+      rule: "Host(`{{.Domain}}`) && !PathPrefix(`/api/v1`)"
+      service: next-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # API router (handles /api/v1 paths)
+    api-router:
+      rule: "Host(`{{.Domain}}`) && PathPrefix(`/api/v1`)"
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # WebSocket router
+    ws-router:
+      rule: "Host(`{{.Domain}}`)"
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    next-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3002"  # Next.js server
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3000"  # API/WebSocket server
--- a/install/fs/traefik/traefik_config.yml
+++ b/install/fs/traefik/traefik_config.yml
@@ -0,0 +1,41 @@
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  http:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config"
+    pollInterval: "5s"
+  file:
+    filename: "/etc/traefik/dynamic_config.yml"
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "v1.0.0-beta.1"
+
+log:
+  level: "INFO"
+  format: "common"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      httpChallenge:
+        entryPoint: web
+      email: "{{.LetsEncryptEmail}}"
+      storage: "/letsencrypt/acme.json"
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        certResolver: "letsencrypt"
+
+serversTransport:
+  insecureSkipVerify: true