Add radicle configs

radicle/Dockerfile

@@ -0,0 +1,38 @@
+FROM ubuntu:latest
+
+
+RUN apt-get update -y
+RUN apt-get install -y curl git xz-utils jq moreutils
+
+# Prepare directory to host radicle binaries 
+RUN mkdir -p /usr/local/{bin,man,man/man1}
+RUN chown ubuntu: /usr/local/{bin,man,man/man1}
+
+# Install rad and radicle-node
+RUN curl -v -o "/tmp/radicle.tar.xz" -L "https://files.radicle.xyz/releases/latest/radicle-x86_64-unknown-linux-musl.tar.xz"
+RUN tar -C "/usr/local" --strip-components=1 -xf "/tmp/radicle.tar.xz"
+RUN rm "/tmp/radicle.tar.xz"
+
+# Install radicle-httpd 
+RUN curl -v -o "/tmp/radicle-httpd.tar.xz" -L "https://files.radicle.xyz/releases/radicle-httpd/latest/radicle-x86_64-unknown-linux-musl.tar.xz"
+RUN tar -C "/usr/local" --strip-components=1 -xf "/tmp/radicle-httpd.tar.xz"
+RUN rm "/tmp/radicle-httpd.tar.xz"
+
+# Prepare scripts
+COPY start_radicle.sh "/home/ubuntu/start_radicle.sh"
+COPY probe_radicle.sh "/home/ubuntu/probe_radicle.sh"
+RUN chmod u+x "/home/ubuntu/start_radicle.sh"
+RUN chown "ubuntu:" "/home/ubuntu/start_radicle.sh"
+
+# Prepare storage directories
+RUN mkdir /home/ubuntu/radicle
+RUN chown ubuntu /home/ubuntu/radicle
+
+USER ubuntu
+WORKDIR /home/ubuntu
+
+ENV RAD_HOME=/home/ubuntu/radicle
+
+VOLUME /home/ubuntu/radicle
+
+ENTRYPOINT /home/ubuntu/start_radicle.sh

radicle/config.json

@@ -0,0 +1,53 @@
+{
+  "publicExplorer": "https://app.radicle.xyz/nodes/$host/$rid$path",
+  "preferredSeeds": [
+    "z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@seed.radicle.garden:8776",
+    "z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo@ash.radicle.garden:8776"
+  ],
+  "web": {
+    "pinned": {
+      "repositories": []
+    }
+  },
+  "cli": {
+    "hints": true
+  },
+  "node": {
+    "alias": "radicle.dodges.it",
+    "listen": [],
+    "peers": {
+      "type": "dynamic"
+    },
+    "connect": [],
+    "externalAddresses": ["radicle.dodges.it:8776"],
+    "network": "main",
+    "log": "INFO",
+    "relay": "auto",
+    "limits": {
+      "routingMaxSize": 1000,
+      "routingMaxAge": 604800,
+      "gossipMaxAge": 1209600,
+      "fetchConcurrency": 1,
+      "maxOpenFiles": 4096,
+      "rate": {
+        "inbound": {
+          "fillRate": 5.0,
+          "capacity": 1024
+        },
+        "outbound": {
+          "fillRate": 10.0,
+          "capacity": 2048
+        }
+      },
+      "connection": {
+        "inbound": 128,
+        "outbound": 16
+      }
+    },
+    "workers": 8,
+    "seedingPolicy": {
+      "default": "allow"
+    }
+  }
+}
+

radicle/probe_radicle.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# No need for a real passphrase as the node will be deleted right after
+# it connects to the target seed node. It is set in an environment variable
+# so that rad node start can access it.
+export RAD_PASSPHRASE="unused_passphrase"
+
+echo "$RAD_PASSPHRASE" | rad auth --stdin --alias "probe"
+
+echo "Starting node"
+rad node start
+
+echo "Probing $TARGET"
+rad node connect "$TARGET"

radicle/radicle.yaml

@@ -0,0 +1,128 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: radicle
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: radicle
+  template:
+    metadata:
+      labels:
+        name: radicle
+        nginx: backend
+    spec:
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: "radicle-pvc"
+      restartPolicy: Always
+      containers:
+        - name: radicle
+          image: qdii/radicle:latest
+          imagePullPolicy: "Always"
+          env:
+          - name: HOSTNAME
+            value: "radicle.dodges.it"
+          - name: RAD_SEEDING_POLICY
+            value: "allow"
+          - name: RAD_KEYGEN_SEED
+            valueFrom: 
+              secretKeyRef:
+                name: radicle
+                key: seed
+          - name: RAD_PASSPHRASE
+            valueFrom: 
+              secretKeyRef:
+                name: radicle
+                key: passphrase
+          resources:
+            requests:
+              cpu: "2"
+              ephemeral-storage: "1Gi"
+              memory: "5Gi"
+            limits:
+              cpu: "3"
+              ephemeral-storage: "2Gi"
+              memory: "6Gi"
+          ports:
+            - containerPort: 8776
+              name: seed
+              protocol: TCP
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          volumeMounts:
+            - name: storage
+              mountPath: /home/ubuntu/radicle
+          livenessProbe:
+            httpGet:
+              path: /api/v1
+              port: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: radicle
+spec:
+  type: ClusterIP
+  ipFamilyPolicy: SingleStack
+  ipFamilies:
+    - IPv4
+  selector:
+    name: radicle
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+      name: http
+    - protocol: TCP
+      port: 8776
+      targetPort: 8776
+      name: seed
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: radicle-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
+    nginx.org/client-max-body-size: "500m"
+    nginx.org/proxy-connect-timeout: "60s"
+    nginx.org/proxy-read-timeout: "60s"
+    # Uncomment to allow solving HTTP01 challenge
+    nginx.org/hsts: "true"
+    ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.org/redirect-to-https: "true"
+spec:
+  tls:
+  - hosts:
+    - radicle.dodges.it
+    secretName: radicle-le-secret
+  rules:
+  - host: radicle.dodges.it
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: radicle
+            port:
+              number: 8080
+  ingressClassName: nginx
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: radicle-pvc
+spec:
+  storageClassName: nfs-vrt
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+

radicle/start_radicle.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+CONFIG="${RAD_HOME}/config.json"
+
+# Create a profile
+echo "$RAD_PASSPHRASE" | rad auth --stdin --alias "$HOSTNAME"
+
+if [ "$RAD_SEEDING_POLICY" = 'allow' ]; then
+  jq '.node.seedingPolicy.default = "allow"' "$CONFIG" | sponge "$CONFIG" 
+fi
+
+jq '.node.externalAddresses = ["'"${HOSTNAME}:8776"'"]' "$CONFIG" | sponge "$CONFIG" 
+jq '.node.listen = ["0.0.0.0:8776"]' "$CONFIG" | sponge "$CONFIG" 
+
+rad node start -- --listen "0.0.0.0:8776"
+
+# Print information about this node
+rad self
+
+# Start HTTPd server
+radicle-httpd