traefik-setup.sh

#!/bin/bash
# usage curl -sL bit.ly/mlgrm-traefik-setup | DOMAIN=traefik.example.com HOST=gcp_hostname [email protected] bash

set -e

ACME_EMAIL=${ACME_EMAIL:-$EMAIL}
DATA=${DATA:-/mnt/disks/data}
[[ -z $DOMAIN || -z $HOST || -z $ACME_EMAIL ]] && echo 'all of DOMAIN, HOST, and ACME_EMAIL must be defined' && exit 1 

#set -e

# if the docker host doesn't exist, create it.
res=$(gcloud compute instances list --filter "name~^$HOST$" 2> /dev/null)
if grep "TERMINATED$" <<< $res; then gcloud compute instances start $HOST; fi
if [[ -z $res ]]; then 
    curl -sL bit.ly/mlgrm-gcp-docker | 
        HOST=$HOST IP_NAME=$IP_NAME BOOT_DISK_SIZE=$BOOT_DISK_SIZE bash
fi

# get the docker remote function if we don't have it
if [[ $(test -t docker_host) != "function" ]]; then
    fun=$(curl -sL bit.ly/mlgrm-docker-remote)
    echo "$fun" | tail -n +3 >> $HOME/.bashrc
    eval "$fun"
fi

docker_host $HOST
IP=$(sed -E 's/tcp:\/\/([0-9.]+).*/\1/' <<< $DOCKER_HOST)

# copy files to host

# wait for ssh to come up
>&2 echo "waiting for ssh..."
until netcat -z $IP 22; do sleep 1; done
gcloud compute ssh $HOST --command "sudo mkdir -p $DATA/traefik" -- -n

export DOMAIN ACME_EMAIL

# get our traefik.toml template and substitute our DOMAIN and ACME_EMAIL
curl -sL http://bit.ly/2YbJXCK |
    envsubst |
    gcloud compute ssh $HOST --command "sudo tee $DATA/traefik/traefik.toml > /dev/null"

# initialize the let's encrypt secrets file if they don't exist
gcloud compute ssh $HOST --command "[[ -f $DATA/traefik/acme.json ]] || 
    sudo touch $DATA/traefik/acme.json && sudo chmod 600 $DATA/traefik/acme.json" -- -n

# wait for docker to be available
>&2 echo "waiting for docker..."
until netcat -z $IP 2376; do sleep 5; done

if [[ -z $(docker network list --filter name=traefik -q) ]]; then docker network create traefik; fi

if docker container inspect traefik > /dev/null; then
    >&2 echo "container exists, deleting"
    docker rm -f traefik
fi
docker run -d --rm \
    --restart always \
    -p 80:80 -p 443:443 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v $DATA/traefik/traefik.toml:/traefik.toml \
    -v $DATA/traefik/acme.json:/acme.json \
    --name traefik \
    --network traefik \
    traefik
 

ubuntu-docker-first-boot.sh

#!/bin/bash
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/var/log/first-boot.log 2>&1
set -x
set -e

# set up data disk as /var/lib
# export data="/dev/disk/by-id/google-data"
# try to mount data partition
if ! mkdir -p /mnt/disks/data && \
		mount /dev/disk/by-id/google-data /mnt/disk/data; then
    # format data disk
    mkfs -t ext4 /dev/disk/by-id/google-data
    # mount /dev/disk/by-id/google-data /mnt/
    # copy persistent data to data disk
    # tar c -C /var/lib . | tar x -C /mnt
    # umount /mnt
    mount /dev/disk/by-id/google-data /mnt/disk/data
fi

echo -e "/dev/disk/by-id/google-data /mnt/disk/data ext4 errors=remount-ro 0 0" >> fstab

apt-get update && apt-get upgrade -y

# install docker
addgroup --system docker
adduser "joshua" docker
apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io

# enable docker over tls
sed -ie 's/-H fd:\/\/ //' /lib/systemd/system/docker.service
cat > /etc/docker/daemon.json <<EOF
{
  "tlsverify": true,
  "tlscacert": "/etc/docker/tls/ca.pem",
  "tlscert"  : "/etc/docker/tls/server-cert.pem",
  "tlskey"   : "/etc/docker/tls/server-key.pem",
  "hosts"    : ["fd://", "tcp://0.0.0.0:2376"]
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker