From 35c7af8334317e75520f7536e8a2762eeec510f2 Mon Sep 17 00:00:00 2001 From: Roberto Alsina Date: Tue, 2 Sep 2025 12:54:41 -0300 Subject: [PATCH] Quick setup for rocky server --- reverse_proxy/Dockerfile | 2 +- reverse_proxy/nginx.conf | 1 + rocky/before.txt | 68 ++++++++++++++++++++++++++++++++++++++++ rocky/local | 5 +++ rocky/local.service | 10 ++++++ rocky/setup.sh | 63 +++++++++++++++++++++++++++++++++++++ 6 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 rocky/before.txt create mode 100755 rocky/local create mode 100644 rocky/local.service create mode 100644 rocky/setup.sh diff --git a/reverse_proxy/Dockerfile b/reverse_proxy/Dockerfile index a2f52e9..6c7894c 100644 --- a/reverse_proxy/Dockerfile +++ b/reverse_proxy/Dockerfile @@ -7,7 +7,7 @@ COPY . ./ FROM alpine:latest AS tailscale WORKDIR /app COPY . ./ -ENV TSFILE=tailscale_1.84.0_amd64.tgz +ENV TSFILE=tailscale_1.86.2_amd64.tgz RUN wget https://pkgs.tailscale.com/stable/${TSFILE} && tar xzf ${TSFILE} --strip-components=1 COPY . ./ diff --git a/reverse_proxy/nginx.conf b/reverse_proxy/nginx.conf index ac0c398..fea706b 100644 --- a/reverse_proxy/nginx.conf +++ b/reverse_proxy/nginx.conf @@ -77,6 +77,7 @@ server { server_name nombres.ralsina.me; server_name grafito.ralsina.me; server_name tocry.ralsina.me; + server_name kv.ralsina.me; location / { proxy_pass http://rocky.tail20c16.ts.net:8080; diff --git a/rocky/before.txt b/rocky/before.txt new file mode 100644 index 0000000..8b7c5de --- /dev/null +++ b/rocky/before.txt @@ -0,0 +1,68 @@ +# ============================== +# Radxa First Boot Configuration +# ============================== + +# Allow config to continue even when some commands fail +no_fail +log "Running before.txt as first boot configuration" + +# Update generic hostname +# Command: +# update_generic_hostname +update_generic_hostname rocky + +# Create default accounts +# Commands: +# add_user +# user_append_group +# +add_user ralsina ralsina +user_append_group ralsina sudo +user_append_group ralsina audio +user_append_group ralsina video +user_append_group ralsina plugdev +user_append_group ralsina render +user_append_group ralsina gpio +user_append_group ralsina i2c +user_append_group ralsina spidev +user_append_group ralsina pwm + + +# Resize root partition at the filesystem level +# +resize_root + +# Disable services +# Command: +# disable_service +# +disable_service smbd +disable_service nmbd +# Disable systemd-networkd due to systemd-networkd-wait-online blocking network.target +# We use NetworkManger, so systemd-networkd can be safely disabled +disable_service systemd-networkd + +# Generate unique hardware fingerprint +# +regenerate_ssh_hostkey + +# Configure locale +# Command: +# update_locale +# +update_locale en_US.UTF-8 + +# Connect to Wi-Fi +# Command: +# connect_wi-fi [password] +# +connect_wi-fi Telecentro-4ad3 QMZHHDN2MZYV + +enable_service ssh +enable_service ssh.socket + +# Remove first-boot package +# Command: +# remove_packages +# +remove_packages rsetup-config-first-boot \ No newline at end of file diff --git a/rocky/local b/rocky/local new file mode 100755 index 0000000..ec0a1e2 --- /dev/null +++ b/rocky/local @@ -0,0 +1,5 @@ +#!/bin/sh + +mount UUID=721a0aaa-28cd-46b8-98ba-485bc719d680 /data +systemctl start docker + diff --git a/rocky/local.service b/rocky/local.service new file mode 100644 index 0000000..c440444 --- /dev/null +++ b/rocky/local.service @@ -0,0 +1,10 @@ +[Unit] +Description=Startup +After=network.target local-fs.target + +[Service] +Type=oneshot +ExecStart=/etc/rc.local +StandardOutput=journal +StandardError=journal +User=root diff --git a/rocky/setup.sh b/rocky/setup.sh new file mode 100644 index 0000000..ed58908 --- /dev/null +++ b/rocky/setup.sh @@ -0,0 +1,63 @@ +#!/bin/bash +set -e +apt update +apt upgrade + +apt install foot-terminfo btrfs-progs ca-certificates curl rsync + +mkdir ~/.ssh -p +chmod 700 ~/.ssh +echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvwFdqrGf0V44l/akfJP1oLMG5Ou9XCrEBUYXn22nPd/0osoXxfbiyFhgLJ6ZVV8fXxH4qhPhniDvUR7oLemjZqpNO3eizyzXoZ1GBqB7OBSM+99HHqYZkWDVM4RHh3U4GAqh/MPty9ALp82MlJwCH4JolV+ejFmm/dzO1A8gx12X5KbEjhCG0bRXGfQx0Xkhfdy5X1NGXsRa2Qq6y9WuoxeSTq6kQQHqlSnGHkvumEVjHLD57KTpO72nPXZ2NxZRHeCuhBXCv7FzCguzT9NEt8L7z+kX6E31Rav5dsxA3CKoDcCHqKYIE66qQ7ad8WNKzwYoG67l7MiCtlIdO7jUGw== ralsina@mont' > ~/.ssh/authorized_keys +chmod 00 ~/.ssh/authorized_keys + + +for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done + +curl -fsSL https://get.docker.com -o get-docker.sh +sudo sh ./get-docker.sh --dry-run + +systemctl disable docker || true + +hostname rocky +echo rocky > /etc/hostname + +curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up --auth-key=enter-tailscale-deploy-key-here + +tailscale up + +# Docker Engine for Linux installation script. + +# Add Docker's official GPG key: +sudo install -m 0755 -d /etc/apt/keyrings +sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc +sudo chmod a+r /etc/apt/keyrings/docker.asc +# # Add the repository to Apt sources: +echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + sudo apt-get update + +sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +systemctl disable docker +systemctl stop docker + +mkdir /data +mount UUID=721a0aaa-28cd-46b8-98ba-485bc719d680 /data +docker network create faaso-net +pushd /data/stacks +for a in */ +do + cd $a + docker compose up -d + cd .. +done +popd + + +cp local.service /etc/systemd/system/local.service +cp local /etc/rc.local +chmod +x /etc/rc.local +systemctl daemon-reload + +reboot