tiararodney/bugzilla
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
Tiara Rodney 2026-03-14 05:38:45 +01:00
commit 883f31932e
No known key found for this signature in database
GPG key ID: 5CD8EC1D46106723
169 changed files with 5676 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

32
scripts/local/setup-hosts.sh Normal file
View file

@ -0,0 +1,32 @@
#!/bin/sh
# Add /etc/hosts entries for VM service domains. Requires root.
set -eu
# Domains on vm-proxy (WG: 10.0.0.1)
PROXY_DOMAINS="
tiararodney.com
chat.tiararodney.com
comments.tiararodney.com
bugs.code.tiararodney.com
dockerhub.oci.code.tiararodney.com
ghcr.oci.code.tiararodney.com
crates.code.tiararodney.com
pypi.code.tiararodney.com
"
# Domains on vm-idp (WG: 10.0.0.2)
IDP_DOMAINS="
accounts.tiararodney.com
"
for domain in $PROXY_DOMAINS; do
grep -q "$domain" /etc/hosts 2>/dev/null && continue
echo "10.0.0.1 $domain" >> /etc/hosts
echo " added $domain -> 10.0.0.1"
done
for domain in $IDP_DOMAINS; do
grep -q "$domain" /etc/hosts 2>/dev/null && continue
echo "10.0.0.2 $domain" >> /etc/hosts
echo " added $domain -> 10.0.0.2"
done

49
scripts/local/setup-wireguard.sh Normal file
View file

@ -0,0 +1,49 @@
#!/bin/sh
# Configure local WireGuard interface to peer with the VMs. Requires root.
#
# Expects /etc/wireguard/private.key and /etc/wireguard/public.key to exist.
# Generate with:
# wg genkey | tee /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key
set -eu
SSH_USER=debian
SSH_OPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR"
PROXY_HOST=10.10.0.2
IDP_HOST=10.10.0.3
WG_IFACE=wg-dev
LOCAL_WG_IP=10.0.0.3/24
WG_PORT=51820
# Get the VM public keys
PROXY_PUBKEY=$(ssh $SSH_OPTS "${SSH_USER}@${PROXY_HOST}" 'sudo cat /etc/wireguard/public.key' 2>/dev/null)
IDP_PUBKEY=$(ssh $SSH_OPTS "${SSH_USER}@${IDP_HOST}" 'sudo cat /etc/wireguard/public.key' 2>/dev/null)
if [ -z "$PROXY_PUBKEY" ] || [ -z "$IDP_PUBKEY" ]; then
echo "Failed to retrieve VM WireGuard public keys." >&2
echo "Has the wireguard role been deployed?" >&2
exit 1
fi
cat > /etc/wireguard/${WG_IFACE}.conf <<EOF
[Interface]
Address = ${LOCAL_WG_IP}
PrivateKey = $(cat /etc/wireguard/private.key)
[Peer]
# vm-proxy
PublicKey = ${PROXY_PUBKEY}
Endpoint = ${PROXY_HOST}:${WG_PORT}
AllowedIPs = 10.0.0.1/32
[Peer]
# vm-idp
PublicKey = ${IDP_PUBKEY}
Endpoint = ${IDP_HOST}:${WG_PORT}
AllowedIPs = 10.0.0.2/32
EOF
wg-quick down ${WG_IFACE} 2>/dev/null || true
wg-quick up ${WG_IFACE}
echo "==> WireGuard ${WG_IFACE} up (${LOCAL_WG_IP})"

21
scripts/local/teardown-hosts.sh Normal file
View file

@ -0,0 +1,21 @@
#!/bin/sh
# Remove VM service domain entries from /etc/hosts. Requires root.
set -eu
DOMAINS="
tiararodney.com
chat.tiararodney.com
comments.tiararodney.com
bugs.code.tiararodney.com
dockerhub.oci.code.tiararodney.com
ghcr.oci.code.tiararodney.com
crates.code.tiararodney.com
pypi.code.tiararodney.com
accounts.tiararodney.com
"
for domain in $DOMAINS; do
sed -i "/[[:space:]]${domain}$/d" /etc/hosts
done
echo "==> /etc/hosts entries removed"

10
scripts/local/teardown-wireguard.sh Normal file
View file

@ -0,0 +1,10 @@
#!/bin/sh
# Remove local WireGuard interface. Requires root.
set -eu
WG_IFACE=wg-dev
wg-quick down ${WG_IFACE} 2>/dev/null || true
rm -f /etc/wireguard/${WG_IFACE}.conf
echo "==> WireGuard ${WG_IFACE} removed"