Quick setup for rocky server

reverse_proxy/Dockerfile

@@ -7,7 +7,7 @@ COPY . ./
 FROM alpine:latest AS tailscale
 WORKDIR /app
 COPY . ./
-ENV TSFILE=tailscale_1.84.0_amd64.tgz
+ENV TSFILE=tailscale_1.86.2_amd64.tgz
 RUN wget https://pkgs.tailscale.com/stable/${TSFILE} && tar xzf ${TSFILE} --strip-components=1
 COPY . ./
 

reverse_proxy/nginx.conf

@@ -77,6 +77,7 @@ server {
     server_name nombres.ralsina.me;
     server_name grafito.ralsina.me;
     server_name tocry.ralsina.me;
+    server_name kv.ralsina.me;
 
     location / {
         proxy_pass http://rocky.tail20c16.ts.net:8080;

rocky/before.txt

@@ -0,0 +1,68 @@
+# ==============================
+# Radxa First Boot Configuration
+# ==============================
+
+# Allow config to continue even when some commands fail
+no_fail
+log "Running before.txt as first boot configuration"
+
+# Update generic hostname
+# Command:
+#   update_generic_hostname <generic hostname>
+update_generic_hostname rocky
+
+# Create default accounts
+# Commands:
+#   add_user <user name> <password>
+#   user_append_group <user name> <group>
+#
+add_user ralsina ralsina
+user_append_group ralsina sudo
+user_append_group ralsina audio
+user_append_group ralsina video
+user_append_group ralsina plugdev
+user_append_group ralsina render
+user_append_group ralsina gpio
+user_append_group ralsina i2c
+user_append_group ralsina spidev
+user_append_group ralsina pwm
+
+
+# Resize root partition at the filesystem level
+#
+resize_root
+
+# Disable services
+# Command:
+#   disable_service <systemd unit name>
+#
+disable_service smbd
+disable_service nmbd
+# Disable systemd-networkd due to systemd-networkd-wait-online blocking network.target
+# We use NetworkManger, so systemd-networkd can be safely disabled
+disable_service systemd-networkd
+
+# Generate unique hardware fingerprint
+#
+regenerate_ssh_hostkey
+
+# Configure locale
+# Command:
+#   update_locale <locale>
+#
+update_locale en_US.UTF-8
+
+# Connect to Wi-Fi
+# Command:
+#   connect_wi-fi <network name> [password]
+#
+connect_wi-fi Telecentro-4ad3 QMZHHDN2MZYV
+
+enable_service ssh
+enable_service ssh.socket
+
+# Remove first-boot package
+# Command:
+#   remove_packages <package names>
+#
+remove_packages rsetup-config-first-boot

rocky/local

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+mount UUID=721a0aaa-28cd-46b8-98ba-485bc719d680 /data
+systemctl start docker
+

rocky/local.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Startup
+After=network.target local-fs.target
+
+[Service]
+Type=oneshot
+ExecStart=/etc/rc.local
+StandardOutput=journal
+StandardError=journal
+User=root

rocky/setup.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+set -e
+apt update
+apt upgrade
+
+apt install foot-terminfo btrfs-progs ca-certificates curl rsync
+
+mkdir ~/.ssh -p
+chmod 700 ~/.ssh
+echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvwFdqrGf0V44l/akfJP1oLMG5Ou9XCrEBUYXn22nPd/0osoXxfbiyFhgLJ6ZVV8fXxH4qhPhniDvUR7oLemjZqpNO3eizyzXoZ1GBqB7OBSM+99HHqYZkWDVM4RHh3U4GAqh/MPty9ALp82MlJwCH4JolV+ejFmm/dzO1A8gx12X5KbEjhCG0bRXGfQx0Xkhfdy5X1NGXsRa2Qq6y9WuoxeSTq6kQQHqlSnGHkvumEVjHLD57KTpO72nPXZ2NxZRHeCuhBXCv7FzCguzT9NEt8L7z+kX6E31Rav5dsxA3CKoDcCHqKYIE66qQ7ad8WNKzwYoG67l7MiCtlIdO7jUGw== ralsina@mont' > ~/.ssh/authorized_keys
+chmod 00 ~/.ssh/authorized_keys
+
+
+for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
+
+curl -fsSL https://get.docker.com -o get-docker.sh
+sudo sh ./get-docker.sh --dry-run
+
+systemctl disable docker || true
+
+hostname rocky
+echo rocky > /etc/hostname
+
+curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up --auth-key=enter-tailscale-deploy-key-here
+
+tailscale up
+
+# Docker Engine for Linux installation script.
+
+# Add Docker's official GPG key:
+sudo install -m 0755 -d /etc/apt/keyrings
+sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
+# # Add the repository to Apt sources:
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+      sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+      sudo apt-get update
+
+sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+systemctl disable docker
+systemctl stop docker
+
+mkdir /data
+mount UUID=721a0aaa-28cd-46b8-98ba-485bc719d680 /data
+docker network create faaso-net
+pushd /data/stacks
+for a in */
+do
+	cd $a
+	docker compose up -d
+	cd ..
+done
+popd
+
+
+cp local.service /etc/systemd/system/local.service
+cp local /etc/rc.local
+chmod +x /etc/rc.local
+systemctl daemon-reload
+
+reboot