The Things Stack Bootstrap

README.md

The Things Stack Bootstrap

A script to bootstrap The Things Stack, based on the getting started guide.

Preparation

• Clone this gist.
• Spin up a fresh Ubuntu 18.04 server.
  • Var SSHUser: the username that will be used to SSH into the server. This user must be able to sudo.
• Point a public DNS record to your server's IP address. It may take some time before this resolves.
  • Var Host: the DNS record.
• Try to remember your email address.
  • Var AdminEmail: your email address.

Usage

$ SSHUser=ubuntu Host=thethings.example.com [email protected] ./bootstrap.sh

Next Steps

Not all options are configured

Support

No support, help yourself.

bootstrap.sh

#!/usr/bin/env bash

# Initial Variables:

Host=${Host:-thethings.example.com}
SSHUser=${SSHUser:-ubuntu}
AdminEmail=${AdminEmail:[email protected]}

# Derive Variables:

NetworkEmail="noreply@${Host}"
SSH=${SSHUser}@${Host}

# Generate variables if not already generated:

if [[ -f .generated ]]; then source .generated; fi

CookeyHashKey=${CookeyHashKey:-$(openssl rand -hex 64)}
CookeyBlockKey=${CookeyBlockKey:-$(openssl rand -hex 32)}
DebugPassword=${DebugPassword:-$(openssl rand -hex 16)}
ConsoleClientSecret=${ConsoleClientSecret:-$(openssl rand -hex 32)}

cat > .generated <<EOF
CookeyHashKey=${CookeyHashKey}
CookeyBlockKey=${CookeyBlockKey}
DebugPassword=${DebugPassword}
ConsoleClientSecret=${ConsoleClientSecret}
EOF

# Build .env file:

cat > .env <<EOF
TTN_LW_IS_DATABASE_URI=postgres://root@cockroach:26257/ttn_lorawan?sslmode=disable
TTN_LW_REDIS_ADDRESS=redis:6379

TTN_LW_TLS_SOURCE=acme
TTN_LW_TLS_ACME_DIR=/var/lib/acme
TTN_LW_TLS_ACME_EMAIL=${AdminEmail}
TTN_LW_TLS_ACME_HOSTS=${Host}
TTN_LW_TLS_ACME_DEFAULT_HOST=${Host}

TTN_LW_HTTP_COOKIE_HASH_KEY=${CookeyHashKey}
TTN_LW_HTTP_COOKIE_BLOCK_KEY=${CookeyBlockKey}
TTN_LW_HTTP_METRICS_PASSWORD=${DebugPassword}
TTN_LW_HTTP_PPROF_PASSWORD=${DebugPassword}

TTN_LW_IS_EMAIL_SENDER_NAME=The Things Stack
TTN_LW_IS_EMAIL_SENDER_ADDRESS=noreply@${Host}
TTN_LW_IS_EMAIL_NETWORK_CONSOLE_URL=https://${Host}/console
TTN_LW_IS_EMAIL_NETWORK_IDENTITY_SERVER_URL=https://${Host}/oauth

# Intentionally omitting email provider config

TTN_LW_IS_OAUTH_UI_CANONICAL_URL=https://${Host}/oauth
TTN_LW_IS_OAUTH_UI_IS_BASE_URL=https://${Host}/api/v3

TTN_LW_CONSOLE_OAUTH_AUTHORIZE_URL=https://${Host}/oauth/authorize
TTN_LW_CONSOLE_OAUTH_TOKEN_URL=https://${Host}/oauth/token

TTN_LW_CONSOLE_UI_CANONICAL_URL=https://${Host}/console
TTN_LW_CONSOLE_UI_AS_BASE_URL=https://${Host}/api/v3
TTN_LW_CONSOLE_UI_GS_BASE_URL=https://${Host}/api/v3
TTN_LW_CONSOLE_UI_IS_BASE_URL=https://${Host}/api/v3
TTN_LW_CONSOLE_UI_JS_BASE_URL=https://${Host}/api/v3
TTN_LW_CONSOLE_UI_NS_BASE_URL=https://${Host}/api/v3

TTN_LW_CONSOLE_OAUTH_CLIENT_ID=console
TTN_LW_CONSOLE_OAUTH_CLIENT_SECRET=${ConsoleClientSecret}
EOF

# Prepare the server:

scp prepare.sh ${SSH}:/tmp/prepare.sh
ssh ${SSH} chmod +x /tmp/prepare.sh
ssh ${SSH} /tmp/prepare.sh

# Prepare the app:

scp docker-compose.yml ${SSH}:/app/the-things-stack/docker-compose.yml
scp .env ${SSH}:/app/the-things-stack/.env

function remote-docker-compose() {
  ssh -t ${SSH} docker-compose -f /app/the-things-stack/docker-compose.yml $@
}

remote-docker-compose pull

remote-docker-compose run --rm stack is-db init

remote-docker-compose run --rm stack is-db create-admin-user \
  --id admin \
  --email ${AdminEmail}

remote-docker-compose run --rm stack is-db create-oauth-client \
  --id cli \
  --name "Command Line Interface" \
  --owner admin \
  --no-secret \
  --redirect-uri "local-callback" \
  --redirect-uri "code"

remote-docker-compose run --rm stack is-db create-oauth-client \
  --id console \
  --name "Console" \
  --owner admin \
  --secret ${ConsoleClientSecret} \
  --redirect-uri "https://${Host}/console/oauth/callback" \
  --redirect-uri "/console/oauth/callback"

remote-docker-compose up -d

echo "Deployment:    https://${Host}"
echo "Documentation: https://${Host}/assets/doc/"

docker-compose.yml

version: "3.7"

services:

  cockroach:
    image: 'cockroachdb/cockroach:latest' # TODO: Tag for production.
    command: 'start --http-port 26256 --insecure'
    restart: 'unless-stopped'
    volumes:
      - './data/cockroach:/cockroach/cockroach-data'

  redis:
    image: 'redis:latest' # TODO: Tag for production.
    command: 'redis-server --appendonly yes'
    restart: 'unless-stopped'
    volumes:
      - './data/redis:/data'

  stack:
    image: 'thethingsnetwork/lorawan-stack:latest' # TODO: Tag for production.
    entrypoint: 'ttn-lw-stack'
    command: 'start'
    restart: 'unless-stopped'
    depends_on:
      - 'cockroach'
      - 'redis'
    volumes:
      - './acme:/var/lib/acme'
      - './data/blob:/srv/ttn-lorawan/public/blob'
    ports:
      - '80:1885'
      - '443:8885'
      - '1882:1882'
      - '8882:8882'
      - '1883:1883'
      - '8883:8883'
      - '1884:1884'
      - '8884:8884'
      - '1887:1887'
      - '8887:8887'
      - '1700:1700/udp'
    env_file: '.env'

prepare.sh

#!/usr/bin/env bash

set -e

# Install Docker:

sudo apt-get update

sudo apt-get -y upgrade

sudo apt-get -y install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io

# Install Docker Compose:

sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# Prepare The Things Stack folder:

if [[ ! -d /app/the-things-stack ]];
then
  sudo mkdir -p /app/the-things-stack
  sudo chown $USER:$USER /app/the-things-stack
fi

cd /app/the-things-stack

if [[ ! -d ./acme ]];
then
  sudo mkdir ./acme
  sudo chown 886:886 ./acme
fi