rome: move compute to a dedicated server

FiloSottile · Aug 7, 2024 · b48d04d · b48d04d
1 parent e87cc50
commit b48d04d
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 168 deletions.
diff --git a/.github/workflows/fly.yml b/.github/workflows/fly.yml
diff --git a/README.md b/README.md
@@ -76,12 +76,3 @@ stderr in human-readable format, and to stdout in JSON format.
 A private HTTP debug server is also started on a random port on localhost. It
 serves the net/http/pprof endpoints, as well as `/debug/logson` and
 `/debug/logsoff` which enable and disable debug logging, respectively.
-
-## The Rome prototype logs
-
-The `rome/` folder contains the configuration for the Rome prototype logs,
-deployed on Fly.io and Tigris from the main branch by GitHub Actions.
-
-To deploy manually, run
-
-    fly -c rome/fly.toml deploy
diff --git a/rome/Dockerfile b/rome/Dockerfile
diff --git a/rome/fly.toml b/rome/fly.toml
diff --git a/rome/litestream.yml b/rome/litestream.yml
diff --git a/rome/run.sh b/rome/run.sh
diff --git a/rome/sunlight.service b/rome/sunlight.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Sunlight Certificate Transparency Log
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/sunlight/credentials.env
+ExecStart=/usr/local/bin/sunlight -c /etc/sunlight/sunlight.yaml
+StandardOutput=append:/var/log/sunlight.jsonl
+StandardError=journal
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/rome/sunlight.yaml b/rome/sunlight.yaml
@@ -1,31 +1,17 @@
-listen: ":8080"
+acme:
+  email: sunlight-acme@filippo.io
+  host: rome.ct.filippo.io
+  cache: /var/db/sunlight/autocert/
 
-etags3:
-  region: auto
-  bucket: filippo-sunlight-logs
-  endpoint: https://fly.storage.tigris.dev
+checkpoints: /var/db/sunlight/checkpoints.db
 
 logs:
-  - name: rome.ct.filippo.io/2024h1
-    shortname: rome2024h1
-    inception: 2024-03-01
-    httpprefix: /2024h1
-    roots: /etc/sunlight/roots.pem
-    key: /etc/sunlight/rome2024h1.pem
-    cache: /var/db/sunlight/rome2024h1.db
-    poolsize: 750
-    s3region: auto
-    s3bucket: rome2024h1
-    s3endpoint: https://fly.storage.tigris.dev
-    notafterstart: 2024-01-01T00:00:00Z
-    notafterlimit: 2024-07-01T00:00:00Z
-
   - name: rome.ct.filippo.io/2024h2
     shortname: rome2024h2
-    inception: 2024-03-01
+    inception: 2024-08-07
     httpprefix: /2024h2
     roots: /etc/sunlight/roots.pem
-    key: /etc/sunlight/rome2024h2.pem
+    seed: /etc/sunlight/rome2024h2.key
     cache: /var/db/sunlight/rome2024h2.db
     poolsize: 750
     s3region: auto
@@ -36,14 +22,28 @@ logs:
 
   - name: rome.ct.filippo.io/2025h1
     shortname: rome2025h1
-    inception: 2024-03-01
+    inception: 2024-08-07
     httpprefix: /2025h1
     roots: /etc/sunlight/roots.pem
-    key: /etc/sunlight/rome2025h1.pem
+    seed: /etc/sunlight/rome2025h1.key
     cache: /var/db/sunlight/rome2025h1.db
     poolsize: 750
     s3region: auto
     s3bucket: rome2025h1
     s3endpoint: https://fly.storage.tigris.dev
     notafterstart: 2025-01-01T00:00:00Z
     notafterlimit: 2025-07-01T00:00:00Z
+
+  - name: rome.ct.filippo.io/2025h2
+    shortname: rome2025h2
+    inception: 2024-08-07
+    httpprefix: /2025h2
+    roots: /etc/sunlight/roots.pem
+    seed: /etc/sunlight/rome2025h2.key
+    cache: /var/db/sunlight/rome2025h2.db
+    poolsize: 750
+    s3region: auto
+    s3bucket: rome2025h2
+    s3endpoint: https://fly.storage.tigris.dev
+    notafterstart: 2025-07-01T00:00:00Z
+    notafterlimit: 2026-01-01T00:00:00Z