mlgrm/traefik-setup.sh

## traefik-setup.sh
#!/bin/bash
# usage curl -sL bit.ly/mlgrm-traefik-setup | DOMAIN=traefik.example.com HOST=gcp_hostname EMAIL=mail@example.com bash

set -e

ACME_EMAIL=${ACME_EMAIL:-$EMAIL}
DATA=${DATA:-/mnt/disks/data}
[[ -z $DOMAIN || -z $HOST || -z $ACME_EMAIL ]] && echo 'all of DOMAIN, HOST, and ACME_EMAIL must be defined' && exit 1

#set -e

# if the docker host doesn't exist, create it.
res=$(gcloud compute instances list --filter "name~^$HOST$" 2> /dev/null)
if grep "TERMINATED$" <<< $res; then gcloud compute instances start $HOST; fi
if [[ -z $res ]]; then
    curl -sL bit.ly/mlgrm-gcp-docker |
        HOST=$HOST IP_NAME=$IP_NAME BOOT_DISK_SIZE=$BOOT_DISK_SIZE bash
fi

# get the docker remote function if we don't have it
if [[ $(test -t docker_host) != "function" ]]; then
    fun=$(curl -sL bit.ly/mlgrm-docker-remote)
    echo "$fun" | tail -n +3 >> $HOME/.bashrc
    eval "$fun"
fi

docker_host $HOST
IP=$(sed -E 's/tcp:\/\/([0-9.]+).*/\1/' <<< $DOCKER_HOST)

# copy files to host

# wait for ssh to come up
>&2 echo "waiting for ssh..."
until netcat -z $IP 22; do sleep 1; done
gcloud compute ssh $HOST --command "sudo mkdir -p $DATA/traefik" -- -n

export DOMAIN ACME_EMAIL

# get our traefik.toml template and substitute our DOMAIN and ACME_EMAIL
curl -sL http://bit.ly/2YbJXCK |
    envsubst |
    gcloud compute ssh $HOST --command "sudo tee $DATA/traefik/traefik.toml > /dev/null"

# initialize the let's encrypt secrets file if they don't exist
gcloud compute ssh $HOST --command "[[ -f $DATA/traefik/acme.json ]] ||
    sudo touch $DATA/traefik/acme.json && sudo chmod 600 $DATA/traefik/acme.json" -- -n

# wait for docker to be available
>&2 echo "waiting for docker..."
until netcat -z $IP 2376; do sleep 5; done

if [[ -z $(docker network list --filter name=traefik -q) ]]; then docker network create traefik; fi

if docker container inspect traefik > /dev/null; then
    >&2 echo "container exists, deleting"
    docker rm -f traefik
fi
docker run -d --rm \
    --restart always \
    -p 80:80 -p 443:443 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v $DATA/traefik/traefik.toml:/traefik.toml \
    -v $DATA/traefik/acme.json:/acme.json \
    --name traefik \
    --network traefik \
    traefik


## ubuntu-docker-first-boot.sh
#!/bin/bash
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/var/log/first-boot.log 2>&1
set -x
set -e

# set up data disk as /var/lib
# export data="/dev/disk/by-id/google-data"
# try to mount data partition
if ! mkdir -p /mnt/disks/data && \
		mount /dev/disk/by-id/google-data /mnt/disk/data; then
    # format data disk
    mkfs -t ext4 /dev/disk/by-id/google-data
    # mount /dev/disk/by-id/google-data /mnt/
    # copy persistent data to data disk
    # tar c -C /var/lib . | tar x -C /mnt
    # umount /mnt
    mount /dev/disk/by-id/google-data /mnt/disk/data
fi

echo -e "/dev/disk/by-id/google-data /mnt/disk/data ext4 errors=remount-ro 0 0" >> fstab

apt-get update && apt-get upgrade -y

# install docker
addgroup --system docker
adduser "joshua" docker
apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io

# enable docker over tls
sed -ie 's/-H fd:\/\/ //' /lib/systemd/system/docker.service
cat > /etc/docker/daemon.json <<EOF
{
  "tlsverify": true,
  "tlscacert": "/etc/docker/tls/ca.pem",
  "tlscert"  : "/etc/docker/tls/server-cert.pem",
  "tlskey"   : "/etc/docker/tls/server-key.pem",
  "hosts"    : ["fd://", "tcp://0.0.0.0:2376"]
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
	#!/bin/bash
	# usage curl -sL bit.ly/mlgrm-traefik-setup \| DOMAIN=traefik.example.com HOST=gcp_hostname EMAIL=mail@example.com bash

	set -e

	ACME_EMAIL=${ACME_EMAIL:-$EMAIL}
	DATA=${DATA:-/mnt/disks/data}
	[[ -z $DOMAIN \|\| -z $HOST \|\| -z $ACME_EMAIL ]] && echo 'all of DOMAIN, HOST, and ACME_EMAIL must be defined' && exit 1

	#set -e

	# if the docker host doesn't exist, create it.
	res=$(gcloud compute instances list --filter "name~^$HOST$" 2> /dev/null)
	if grep "TERMINATED$" <<< $res; then gcloud compute instances start $HOST; fi
	if [[ -z $res ]]; then
	curl -sL bit.ly/mlgrm-gcp-docker \|
	HOST=$HOST IP_NAME=$IP_NAME BOOT_DISK_SIZE=$BOOT_DISK_SIZE bash
	fi

	# get the docker remote function if we don't have it
	if [[ $(test -t docker_host) != "function" ]]; then
	fun=$(curl -sL bit.ly/mlgrm-docker-remote)
	echo "$fun" \| tail -n +3 >> $HOME/.bashrc
	eval "$fun"
	fi

	docker_host $HOST
	IP=$(sed -E 's/tcp:\/\/([0-9.]+).*/\1/' <<< $DOCKER_HOST)

	# copy files to host

	# wait for ssh to come up
	>&2 echo "waiting for ssh..."
	until netcat -z $IP 22; do sleep 1; done
	gcloud compute ssh $HOST --command "sudo mkdir -p $DATA/traefik" -- -n

	export DOMAIN ACME_EMAIL

	# get our traefik.toml template and substitute our DOMAIN and ACME_EMAIL
	curl -sL http://bit.ly/2YbJXCK \|
	envsubst \|
	gcloud compute ssh $HOST --command "sudo tee $DATA/traefik/traefik.toml > /dev/null"

	# initialize the let's encrypt secrets file if they don't exist
	gcloud compute ssh $HOST --command "[[ -f $DATA/traefik/acme.json ]] \|\|
	sudo touch $DATA/traefik/acme.json && sudo chmod 600 $DATA/traefik/acme.json" -- -n

	# wait for docker to be available
	>&2 echo "waiting for docker..."
	until netcat -z $IP 2376; do sleep 5; done

	if [[ -z $(docker network list --filter name=traefik -q) ]]; then docker network create traefik; fi

	if docker container inspect traefik > /dev/null; then
	>&2 echo "container exists, deleting"
	docker rm -f traefik
	fi
	docker run -d --rm \
	--restart always \
	-p 80:80 -p 443:443 \
	-v /var/run/docker.sock:/var/run/docker.sock \
	-v $DATA/traefik/traefik.toml:/traefik.toml \
	-v $DATA/traefik/acme.json:/acme.json \
	--name traefik \
	--network traefik \
	traefik
	#!/bin/bash
	exec 3>&1 4>&2
	trap 'exec 2>&4 1>&3' 0 1 2 3
	exec 1>/var/log/first-boot.log 2>&1
	set -x
	set -e

	# set up data disk as /var/lib
	# export data="/dev/disk/by-id/google-data"
	# try to mount data partition
	if ! mkdir -p /mnt/disks/data && \
	mount /dev/disk/by-id/google-data /mnt/disk/data; then
	# format data disk
	mkfs -t ext4 /dev/disk/by-id/google-data
	# mount /dev/disk/by-id/google-data /mnt/
	# copy persistent data to data disk
	# tar c -C /var/lib . \| tar x -C /mnt
	# umount /mnt
	mount /dev/disk/by-id/google-data /mnt/disk/data
	fi

	echo -e "/dev/disk/by-id/google-data /mnt/disk/data ext4 errors=remount-ro 0 0" >> fstab

	apt-get update && apt-get upgrade -y

	# install docker
	addgroup --system docker
	adduser "joshua" docker
	apt-get install -y \
	apt-transport-https \
	ca-certificates \
	curl \
	gnupg-agent \
	software-properties-common
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -
	add-apt-repository \
	"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
	$(lsb_release -cs) \
	stable"
	apt-get update
	apt-get install -y docker-ce docker-ce-cli containerd.io

	# enable docker over tls
	sed -ie 's/-H fd:\/\/ //' /lib/systemd/system/docker.service
	cat > /etc/docker/daemon.json <<EOF
	{
	"tlsverify": true,
	"tlscacert": "/etc/docker/tls/ca.pem",
	"tlscert" : "/etc/docker/tls/server-cert.pem",
	"tlskey" : "/etc/docker/tls/server-key.pem",
	"hosts" : ["fd://", "tcp://0.0.0.0:2376"]
	}
	EOF
	systemctl daemon-reload
	systemctl restart docker
	systemctl enable docker