tangled.org / core
Monorepo for Tangled tangled.org
fork atom

local-infra: local, sandboxed atmosphere infra #684

closed opened by boltless.me targeting master from sandboxed-atmosphere
STACK 6
#768 local-infra: local, sandboxed atmosphere infra
3/3
1
#0
#701 nix/vm: make vm more configurable
3/3
0
#8
#700 nix: knot: pass config to knot guard
3/3
0
#8
#699 nix: add plcUrl options for services.{knot,spindle}
3/3
0
#8
#698 Revert "Revert "*/config: add PLC URL config option""
3/3
0
#8
#704 appview/oauth: support custom PLC directory
3/3
0
#8
ABANDONED PULLS 1
#718 local-infra: support https scheme for knot
0
#0
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:xasnlahkri4ewmbuzly2rlc5/sh.tangled.repo.pull/3m3hok6yxvs22
+51 -23
Interdiff #1 #2
unified split
+3 -12
local-infra/Caddyfile
··· 6 name "LocalTangledCA" 7 } 8 } 9 } 10 11 plc.tngl.boltless.dev { ··· 35 reverse_proxy http://jetstream:6008 36 } 37 38 - knot.tngl.boltless.dev { 39 - tls { 40 - issuer internal { 41 - ca localtangled 42 - } 43 - } 44 reverse_proxy http://host.docker.internal:6000 45 } 46 47 - spindle.tngl.boltless.dev { 48 - tls { 49 - issuer internal { 50 - ca localtangled 51 - } 52 - } 53 reverse_proxy http://host.docker.internal:6555 54 }
··· 6 name "LocalTangledCA" 7 } 8 } 9 + auto_https disable_redirects 10 } 11 12 plc.tngl.boltless.dev { ··· 36 reverse_proxy http://jetstream:6008 37 } 38 39 + http://knot.tngl.boltless.dev { 40 reverse_proxy http://host.docker.internal:6000 41 } 42 43 + http://spindle.tngl.boltless.dev { 44 reverse_proxy http://host.docker.internal:6555 45 }
+8 -4
local-infra/docker-compose.yml
··· 14 - "443:443/udp" 15 volumes: 16 - ./Caddyfile:/etc/caddy/Caddyfile 17 - caddy_data:/data 18 - caddy_config:/config 19 ··· 23 platform: linux/amd64 24 container_name: plc 25 restart: unless-stopped 26 - ports: 27 - - "4000:8080" 28 depends_on: 29 - plc_db 30 environment: ··· 51 container_name: pds 52 image: ghcr.io/bluesky-social/pds:0.4 53 restart: unless-stopped 54 - ports: 55 - - "4001:3000" 56 volumes: 57 - pds:/pds 58 env_file: 59 - ./pds.env 60 61 jetstream: 62 container_name: jetstream 63 image: ghcr.io/bluesky-social/jetstream:sha-0ab10bd
··· 14 - "443:443/udp" 15 volumes: 16 - ./Caddyfile:/etc/caddy/Caddyfile 17 + - ./cert/localtangled:/data/pki/authorities/localtangled 18 - caddy_data:/data 19 - caddy_config:/config 20 ··· 24 platform: linux/amd64 25 container_name: plc 26 restart: unless-stopped 27 depends_on: 28 - plc_db 29 environment: ··· 50 container_name: pds 51 image: ghcr.io/bluesky-social/pds:0.4 52 restart: unless-stopped 53 volumes: 54 - pds:/pds 55 env_file: 56 - ./pds.env 57 58 + # I can change the knot-docker and spindle-docker images, 59 + # which means I can inject the cert to those containers 60 + # 61 + # so define *.tngl.boltless.dev as extra_hosts & inject certs to those two containers 62 + # extra_hosts: 63 + # plc.tngl.boltless.dev:host.docker.internal 64 + 65 jetstream: 66 container_name: jetstream 67 image: ghcr.io/bluesky-social/jetstream:sha-0ab10bd
+1 -1
local-infra/pds.env
··· 10 PDS_DATA_DIRECTORY=/pds 11 PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks 12 13 - # PDS_DID_PLC_URL=http://plc:8080 14 PDS_HOSTNAME=pds.tngl.boltless.dev 15 16 # PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
··· 10 PDS_DATA_DIRECTORY=/pds 11 PDS_BLOBSTORE_DISK_LOCATION=/pds/blocks 12 13 + PDS_DID_PLC_URL=http://plc:8080 14 PDS_HOSTNAME=pds.tngl.boltless.dev 15 16 # PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
+1 -6
local-infra/readme.md
··· 3 docker compose up -d 4 ``` 5 6 - copy the self-signed certificate to host machine 7 - ``` 8 - docker cp caddy:/data/pki/authorities/localtangled/root.crt localtangled.crt 9 - ``` 10 - 11 trust the cert (macOS) 12 ``` 13 - sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./localtangled.crt 14 ```
··· 3 docker compose up -d 4 ``` 5 6 trust the cert (macOS) 7 ``` 8 + sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./local-infra/cert/localtangled/root.crt 9 ```
local-infra/scripts/create-test-account.sh

This file has not been changed.

+12
local-infra/cert/localtangled/intermediate.crt
···
··· 1 + -----BEGIN CERTIFICATE----- 2 + MIIBuTCCAWCgAwIBAgIRALKb0dndMd7jlCHAzm0G+N4wCgYIKoZIzj0EAwIwKTEn 3 + MCUGA1UEAxMeTG9jYWxUYW5nbGVkQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTAy 4 + MTA3NDAwNloXDTI1MTAyODA3NDAwNlowLDEqMCgGA1UEAxMhTG9jYWxUYW5nbGVk 5 + Q0EgLSBFQ0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 6 + bX+zyr9rLxF3E8oCZwJluCKX/xmU4waabkjaTGbI5K0cemiAAmZRJ2lVhgh+KfXD 7 + PpTmt+YE6FUF4xAWADOUuaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI 8 + MAYBAf8CAQAwHQYDVR0OBBYEFIoGsfx3Qg/9qG7tm7CZ1pHYl3prMB8GA1UdIwQY 9 + MBaAFCkl8dPP2IAMTPru6WEHLP1hySEQMAoGCCqGSM49BAMCA0cAMEQCIFc3gOEl 10 + aUR/OWbQuWvYwoTZs81ERj73ZeQWy4a3i4ooAiAB7Mnih/7kEvLyfkjLRgRXrtlq 11 + kVmXVyWHIncR6Bsktw== 12 + -----END CERTIFICATE-----
+5
local-infra/cert/localtangled/intermediate.key
···
··· 1 + -----BEGIN EC PRIVATE KEY----- 2 + MHcCAQEEIB1EH4KZGLcfO0neWDuV3oWMXPEze8JTsyKFoQuYApFSoAoGCCqGSM49 3 + AwEHoUQDQgAEbX+zyr9rLxF3E8oCZwJluCKX/xmU4waabkjaTGbI5K0cemiAAmZR 4 + J2lVhgh+KfXDPpTmt+YE6FUF4xAWADOUuQ== 5 + -----END EC PRIVATE KEY-----
+11
local-infra/cert/localtangled/root.crt
···
··· 1 + -----BEGIN CERTIFICATE----- 2 + MIIBlTCCATygAwIBAgIRAMDTcwNxYDMgtUNC5LkCeEQwCgYIKoZIzj0EAwIwKTEn 3 + MCUGA1UEAxMeTG9jYWxUYW5nbGVkQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTAx 4 + NzE2MTE0NVoXDTM1MDgyNjE2MTE0NVowKTEnMCUGA1UEAxMeTG9jYWxUYW5nbGVk 5 + Q0EgLSAyMDI1IEVDQyBSb290MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7rFM 6 + 4oNfT0UMqMuc3L60TCLeTd58WFSUYnKl7R1HOHDWeWZhhoNdWguXJSHhFPiWmQ5E 7 + +fiI7KvDAVQGHzfUAqNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB 8 + Af8CAQEwHQYDVR0OBBYEFCkl8dPP2IAMTPru6WEHLP1hySEQMAoGCCqGSM49BAMC 9 + A0cAMEQCIFjSGjvie1gO/JuNtP2HqeUHQNEh82K1fXdks54up3KEAiBWQDaOYeZ2 10 + zVTiKe8ZQHpH3glXsIS0USsxeKaohMp0zA== 11 + -----END CERTIFICATE-----
+5
local-infra/cert/localtangled/root.key
···
··· 1 + -----BEGIN EC PRIVATE KEY----- 2 + MHcCAQEEIBqEj1iG3q+OLBgHjWQ3UkvKjq4sy5ej47syIYWn/Ql/oAoGCCqGSM49 3 + AwEHoUQDQgAE7rFM4oNfT0UMqMuc3L60TCLeTd58WFSUYnKl7R1HOHDWeWZhhoNd 4 + WguXJSHhFPiWmQ5E+fiI7KvDAVQGHzfUAg== 5 + -----END EC PRIVATE KEY-----
+5
nix/vm.nix
··· 77 }; 78 # This is fine because any and all ports that are forwarded to host are explicitly marked above, we don't need a separate guest firewall 79 networking.firewall.enable = false; 80 time.timeZone = "Europe/London"; 81 services.getty.autologinUser = "root"; 82 environment.systemPackages = with pkgs; [curl vim git sqlite litecli];
··· 77 }; 78 # This is fine because any and all ports that are forwarded to host are explicitly marked above, we don't need a separate guest firewall 79 networking.firewall.enable = false; 80 + services.dnsmasq.enable = true; 81 + services.dnsmasq.settings.address = "/tngl.boltless.dev/10.0.2.2"; 82 + security.pki.certificates = [ 83 + (builtins.readFile ../local-infra/cert/localtangled/root.crt) 84 + ]; 85 time.timeZone = "Europe/London"; 86 services.getty.autologinUser = "root"; 87 environment.systemPackages = with pkgs; [curl vim git sqlite litecli];

History

11 rounds 1 comment
sign up or login to add to the discussion
boltless.me submitted #10
diff interdiff
1 commit
expand
006a6526
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
closed without merging
boltless.me submitted #9
diff interdiff
1 commit
expand
4e54aab7
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #8
diff interdiff
1 commit
expand
f6bb1c75
local-infra: local, sandboxed atmosphere infra
1/3 failed, 2/3 timeout
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #7
diff interdiff
1 commit
expand
3e247994
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #6
diff interdiff
1 commit
expand
ce6180b3
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #5
diff interdiff
1 commit
expand
74f37a3d
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #4
diff interdiff
1 commit
expand
0682aaff
local-infra: local, sandboxed atmosphere infra
3/3 success
expand
build.yml
fmt.yml
test.yml
expand 0 comments
boltless.me submitted #3
diff interdiff
1 commit
expand
916ad126
local-infra: local, sandboxed atmosphere infra
expand 0 comments
boltless.me submitted #2
diff
1 commit
expand
6b2f47b6
local-infra: local, sandboxed atmosphere infra
expand 0 comments
boltless.me submitted #1
diff interdiff
1 commit
expand
887e9aa9
local-infra: local, sandboxed atmosphere infra
expand 0 comments
boltless.me submitted #0
diff
1 commit
expand
490f3e7c
local-infra: local, sandboxed atmosphere infra
expand 1 comment
boltless.me

this is draft PR that needs more work, I'm not sure if we are ok with docker-compose or should we package everything into nixos-vm. #683 is fine to merge though.