DEV Community: pqp.vc

Startup setup - Part 2: Docker Swarm

pqp.vc — Sat, 28 Sep 2024 15:03:16 +0000

This post will probably the sortest one of the series, since setting up Docker Swarm is so easy.

Context

After my previous post, I added a new cloud server to my Hetzner account and connected it to the VPN. This new machine I will use as manager, so I'll use it to initialize the swarm.

Why not Kubernetes?

There's no technical reason involved. I picked Swarm mostly because comes with the Docker Engine, so I don't have to install anything else. I'm sure Kubernetes should work just as fine (if not better) if you know how to use it.

I've never used Kubernetes and don't think I need it. If the startup ends up actually scaling a lot, I'm fairly sure I'll have to make the switch, but that's tomorrow's problem. Swarm works fine for me, at least as far as I've used it.

Dependencies

In case it's not obvious, you need Docker Engine installed. If you don't have that yet, follow their own guide or any other you might prefer. I won't be covering that in this guide.

Set up

With my Docker installed I can initialize the swarm. Since I want the swarm to be available only on my VPN, I'll add some extra parameters to specify which IP it should use.

First, let's find out which IP it has on the VPN:

root@hz-manager-1:~# tailscale status
100.64.0.1      hz-manager-1         infra        linux   -
<....redacted....>

With that information, let's initialize the swarm:

root@hz-manager-1:~# docker swarm init --advertise-addr 100.64.0.1 --listen-addr 100.64.0.1
Swarm initialized: current node (vuqh3puzury9j4y3dqphhiqn3) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token <redacted> 100.64.0.1:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

The swarm has been initialized and it even gives you a few useful commands which you might want to use. Let's add a worker to the swarm, by copying the command from this terminal and pasting it in the other server's terminal:

root@hz-vpn-server-1:~#  docker swarm join --token <redacted> 100.64.0.1:2377
This node joined a swarm as a worker.

Seems like it works. Let's confirm by checking in the manager node:

root@hz-manager-1:~# docker node ls
ID                            HOSTNAME          STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
vuqh3puzury9j4y3dqphhiqn3 *   hz-manager-1      Ready     Active         Leader           27.3.1
wjf7ijy250r0gaujc53jwel41     hz-vpn-server-1   Ready     Active                          27.3.1

The swarm is ready to accept services. I won't be doing that on this post, that will be done in the next post of the series to install my reverse proxy.

Startup setup - Part 1: VPN

pqp.vc — Sat, 28 Sep 2024 12:47:30 +0000

I've been using Tailscale within its free tier and it has been an amazing experience so far, 10/10 would recommend it. I literally have zero complaints to do about it.

But I have a problem with the idea of having someone else "own" the VPN I'm using throughout my company and my projects, it doesn't sound safe at all from a business perspective. Most likely that's just me being paranoid, I am aware of that, but also why not host my own?

Headscale is basically a self-hosted alternative for it. It's easy to set up and is compatible with Tailscale CLI, which is great since I'm used to that. And on the plus side, since I'll be self-hosting it, I can also configure it to my liking.

It will unfortunately be a 2-part post, since I'll need to configure other things to get to SSL configuration I'm looking for.

Let's get that started.

Context

I launched a new cloud server on Hetzner and configured the domain vpn.example.com to its IPv4.

Keep in mind that everything for this post was done on a temporary server and not on my production one, so it's safe for me to leave the access tokens here because they don't exist anymore on any of my servers.

Installation

You can run Headscale using Docker, as described in their own documentation here. I'll run most my services using Docker, but the VPN itself I'll install and configure manually. And I think this has to be the first step in the process, so that's I'm doing this post first.

The official docs for the installation are here, I'd definitely recommend following that page if you want to set it up yourself. This post of mine is more like a journal of me following that same guide and configuring the server as I think it makes sense for my use case.

First, let's download the installer:

root@hz-headscale-tmp-1:~# export HEADSCALE_VERSION="0.23.0" \
  && export HEADSCALE_ARCH="arm64" \
  && wget --output-document=headscale.deb   "https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb"

<...redacted for brevity..>

2024-09-28 12:24:54 (189 MB/s) - ‘headscale.deb’ saved [17022910/17022910]

Then installing it, enabling it on start up, and removing the installer:

root@hz-headscale-tmp-1:~# apt install ./headscale.deb \
  && systemctl enable headscale \
  && rm ./headscale.deb

<...redacted for brevity..>

Created symlink /etc/systemd/system/multi-user.target.wants/headscale.service → /usr/lib/systemd/system/headscale.service.

Configuration

Once installed, I edited the configuration file:

vim /etc/headscale/config.yaml

These are the parameters I configured in this file:

server_url: https://vpn.example.com:8080
listen_addr: 0.0.0.0:8080
acme_email: "<my real email>"
tls_letsencrypt_hostname: "vpn.example.com"
dns:
  base_domain: node.vpn.example.com

Some of these settings are temporary and will be revisited, but for the initial set up I think that's ok. I'm also very interested in the dns:extra_records: part but I'll leave that for later.

For now, let's start the server and confirm it is running:

root@hz-headscale-tmp-1:~# systemctl start headscale
root@hz-headscale-tmp-1:~# systemctl status headscale
● headscale.service - headscale coordination server for Tailscale
     Loaded: loaded (/usr/lib/systemd/system/headscale.service; enabled; preset: enabled)
     Active: active (running) since Sat 2024-09-28 12:34:57 UTC; 1min 3s ago
   Main PID: 18959 (headscale)
      Tasks: 7 (limit: 4433)
     Memory: 13.7M (peak: 14.1M)
        CPU: 243ms
     CGroup: /system.slice/headscale.service
             └─18959 /usr/bin/headscale serve

Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z WRN
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: WARN: The "dns.use_username_in_magic_dns" configuration key is deprecated and has been removed. Please see the changelog for more details.
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z INF No private key file at path, creating... path=/var/lib/headscale/noise_private.key
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z INF Opening database database=sqlite3 path=/var/lib/headscale/db.sqlite
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z INF Setting up a DERPMap update worker frequency=86400000
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z WRN Listening with TLS but ServerURL does not start with https://
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z INF Enabling remote gRPC at 127.0.0.1:50443
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z INF listening and serving gRPC on: 127.0.0.1:50443
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z INF listening and serving HTTP on: 0.0.0.0:8080
Sep 28 12:34:57 hz-headscale-tmp-1 headscale[18959]: 2024-09-28T12:34:57Z INF listening and serving debug and metrics on: 127.0.0.1:9090

Looks good to me. Let's try connecting something to that. I'll first create a user called infra since I'll be connecting some infrastructure nodes to it later, and will also register a reusable preauthenticated key for these nodes.

root@hz-headscale-tmp-1:~# headscale users create infra
User created
root@hz-headscale-tmp-1:~# headscale preauthkeys create --user infra --reusable --expiration 7d
2024-09-28T12:37:05Z TRC expiration has been set expiration=604800000
c14c099b55aaaa3851aa5bafa8f91f6406f0161aa0059981

That outputs a hash that is the authorization key. Keep that hash somewhere and we'll use it to test with a different machine:

root@hz-sample-node-1:~# curl -fsSL https://tailscale.com/install.sh | sh
Installing Tailscale for ubuntu noble, using method apt
<...redacted for brevity..>
Installation complete! Log in to start using Tailscale by running:

tailscale up
root@hz-sample-node-1:~# tailscale up --login-server https://vpn.example.com:8080 --authkey c14c099b55aaaa3851aa5bafa8f91f6406f0161aa0059981
root@hz-sample-node-1:~# tailscale status
100.64.0.1      hz-sample-node-1     infra        linux   -

Results

Well, now I have a basic instance of Headscale installed to which I can connect servers and client as needed. It's not a final installation yet, but it's a good start.

Final considerations

Everything I pasted here from the terminal was done on a temporary server. I have since them reinstalled everything a newer and more definite server, so any token seen in this post is invalid for sure.

Like previously mentioned, I'll have at least one more post regarding Headscale since I'll be revisiting some parts of the configuration at a later moment. But for now it works as a starting point.

Let's build a startup!

pqp.vc — Sat, 28 Sep 2024 09:28:42 +0000

I'm sure you've read about "building in public" somewhere, probably on social media or even among one of your friend groups. This post is exactly about that.

I'll use this platform to document my journey while building something, although I don't really have any particular product in mind. I'm not here to convince anyone that I'll change the world, all I hope is that I'll find something cool to work on and eventually make some money out of that.

Who are you?

I think it makes sense to talk about me a little.

I've been a software engineer since 2011. That's the year I got my first job in the field, although I've been always kind of a nerd and have been studying/playing with programming since I was a kid in the mid/late 90's.

Since that first job, I've focused my skills on iOS development for two main reasons: it pays the bills, and I kinda like Apple's development platform (it's not perfect by any means, just to be clear). But over the years, on my free time I also played with a bunch of different languages and tools. I consider myself a full-stack engineer, although my CV pretty much just mentions iOS-related skills.

In these ~13 years of experience, I've worked on companies of all sizes: startup/small, mid, big tech (not FAANG though). Even tried having my own startup with some friends around 2016, but unfortunately we weren't financially prepared to make the jump and that didn't end up very well. That was a great learning opportunity, at least.

I currently have a 9-to-5 job as an iOS engineer, and I can't complain about it. I'm in a great company, with a great team, the pay is decent. However, when I think about my long term life goals, this is not enough for me.

What's your goal?

The title of this post explains that well enough, I believe. I'll begin by creating a infrastructure/platform that allows me to easily deploy and scale services in general. I feel like I can build something nice if I give myself the tools for it.

Think of all the stuff a successful company usually has: an internal network (VPN), user management, databases replication, secure storage, analytics dashboards, and so on. That's what I'll start with.

Maybe I'll end up doing a SaaS, a game, some crypto project, maybe the next AI thingy. Maybe all of that combined. Maybe even this platform could end up being the product itself, I have no idea, I'll just build.

I'm not in rush to deliver anything to anyone, I don't have deadlines and didn't make any promises. I don't have investors, I'm paying for everything out of my own pocket, at least for now.

Maybe the easiest way to explain what I have in mind is: I'll be building a company that will have software-based products. I don't know what those products will be, but I have an idea how I want the company to be, so I'll start by building the infrastructure for that. An analogy in the architecture world would be that I'm going to create a building, and once I have that done I'll find a business to place on that building and hopefully make a living out of it.

When do you start?

Technically I could say I've started a few months ago, since I've been spending a good amount of time experimenting with different tools and technologies for all of that. My previous post sort of marks the time when I started it all. I feel like I've experimented enough with those things, so now I want to make the jump and start doing it for real, in "production", and will be documenting my process on this series.

Starting from the next post, things will be probably be more technical as I'll be setting up the first elements of the platform.

Hello! Why are we here?

pqp.vc — Mon, 20 May 2024 21:17:38 +0000

I can't allow myself to write my first post here without saying: hello world!. This post is just a self introduction, if you're looking for anything technical then please skip to the next one.

Now that that's out of the way, let's talk about the title. I have no idea why you are here - I bet you have work to do but prefer doing anything but that. Yeah, we've all been there. But in a way, it's also what I'm doing while writing this, so I'm not judging.

Anyway, that's not why I am here. The reason I'm here is because I decided that I want create stuff. Feel free to call it "build in public" if you want.

I am currently working on a few different projects, and I plan on using this blog to post updates about what I'm doing (concepts) or things (tech/tools) that I am using. Follow me if you want to tag along, I believe it'll be fun.

Cheers!