|
1 | | -# Hack As A Service |
| 1 | +# Nest |
2 | 2 |
|
3 | | -Goal: Free backend hosting provided by Hack Club HQ for every teenager in the world, but especially Hack Clubbers. |
| 3 | + |
4 | 4 |
|
5 | | -Basic problem for us to solve: many teenagers literally can't deploy any backend services right now because they don't have credit cards or income and most hosting free tiers have disappeared (looking at you Heroku 😔). We want to change that! As a public good! |
| 5 | +**Free backend hosting provided by Hack Club HQ for every teenager in the world, but especially Hack Clubbers.** |
6 | 6 |
|
7 | | -_Revamp of Hack As a Service ([v0](https://github.com/hackclub/hack-as-a-service-v0), [v1](https://github.com/hack-as-a-service))_ |
| 7 | +Basic problem for us to solve: many teenagers literally can't deploy any backend services right now because they don't have credit cards or income and most hosting free tiers have disappeared (looking at you Heroku 😔). We want to change that! As a public good! _Nest is a revamp of Hack As a Service ([v0](https://github.com/hackclub/hack-as-a-service-v0), [v1](https://github.com/hack-as-a-service))_ |
8 | 8 |
|
9 | | -# Initial Set of Goals |
10 | | - |
11 | | -- 10 people running with a subdomain of hackclub.app with their own apps (ex. zrl.hackclub.app) |
12 | | -- Supports static and backend hosting (using PORT file) |
13 | | -- Available domains of USER.hackclub.app (auto DNS), APP.USER.hackclub.app (auto DNS), and custom domains |
14 | | -- Weekly working calls in public |
15 | | -- Signup flow to create an account in #hack-as-a-service-signup |
16 | | - |
17 | | -### User experience |
18 | | - |
19 | | -Main URL is hackclub.app |
20 | | - |
21 | | - |
22 | | - |
23 | | -https://zrl.hackclub.app |
24 | | - |
25 | | -Hosting a static site: |
26 | | - |
27 | | - |
28 | | - |
29 | | - # There is a folder called "public" auto created in every user account |
30 | | - |
31 | | - # For your main site |
32 | | - $ cd public |
33 | | - $ mkdir zrl.hackclub.app |
34 | | - $ cd zrl.hackclub.app |
35 | | - $ cat "Hello, world!" > index.html |
36 | | - $ curl https://zrl.hackclub.app -> "Hello, world!" |
37 | | - |
38 | | - # For sub-sites |
39 | | - $ cd public |
40 | | - $ mkdir my-static-site.zrl.hackclub.app |
41 | | - $ cd my-static-site.zrl.hackclub.app |
42 | | - $ cat "Hello, subdomain!" > index.html |
43 | | - $ curl https://my-static-site.zrl.hackclub.app -> "Hello, subdomain!" |
44 | | - |
45 | | - # For non-hackclub.app domains |
46 | | - $ cd public |
47 | | - $ mkdir zachlatta.com |
48 | | - $ cd zachlatta.com |
49 | | - $ cat "Hello, different website!" > index.html |
50 | | - $ curl https://zachlatta.com -> "Hello, different website!" |
51 | | - |
52 | | -For dynamic sites: |
53 | | - |
54 | | - |
55 | | - |
56 | | - # For your main site |
57 | | - $ cd public |
58 | | - $ mkdir zrl.hackclub.app |
59 | | - $ generate-port-file |
60 | | - |
61 | | - Generating... done! Please have your web server listen on port 43829. |
62 | | - |
63 | | - If you're not sure how to do this, please Google "how to change port" for your framework. |
64 | | - |
65 | | - Common examples: |
66 | | - |
67 | | - Ruby on Rails: $ rails serve -P 43829 |
68 | | - |
69 | | - Many Node.js servers: $ PORT=43829 node index.js |
70 | | - |
71 | | - If you ever forget which port, you can run `cat ~/pub/zrl.hackclub.app/PORT` to remind you that the port for zrl.hackclub.app is 43829. |
72 | | - |
73 | | - You can get more help on this at https://hackclub.app/backend-hosting. |
74 | | - |
75 | | - $ daemonize (systemd unit generator) |
76 | | - |
77 | | - what is the command to run your application? |
78 | | - > PORT=43829 node index.js |
79 | | - does your app have any dependencies? |
80 | | - > mariadb |
81 | | - ~/.config/systemd/user/zrl.hackclub.app generated |
82 | | - systemctl --user status|stop|restart|start zrl.hackclub.app |
83 | | - haas='systemctl --user' |
84 | | - |
85 | | - $ haas start |
86 | | - $ haas ls |
87 | | - helpful error messages / healthcheck ping |
88 | | - |
89 | | - $ curl https://zrl.hackclub.app -> Backend service returns reply |
90 | | - |
91 | | - ## The above steps also work for foo.zrl.hackclub.app and zachlatta.com ## |
92 | | - |
93 | | ---- |
94 | | - |
95 | | -shell account on hackclub.app |
96 | | -cli to find open port (over 1024, not in `/home/*/PORT`) |
97 | | -`~/pub/my.custom.domain` |
98 | | -PORT file -> proxy_pass |
99 | | -inotify service `/home/*/pub/*/PORT` adjust configs and reload |
100 | | -SOCKET `~/pub/site/SOCKET` |
101 | | -deny all .env and .git paths |
102 | | -caddy? |
103 | | -signup |
104 | | -write(1) if you are trying to use a subdomain that doesn't match your username |
105 | | - |
106 | | - |
107 | | - |
108 | | -Working title for Hack Club HQ's revamp of #hack-as-a-service. Hack Club tilde server, anyone? |
109 | | - |
110 | | -[@benharri](https://github.com/benharri) leading the project. |
111 | | - |
112 | | -This needs to serve 3 types of teenagers: |
113 | | - |
114 | | -1. I know how to write HTML and CSS and just wrote my first ever backend and need to host it. Completely unfamiliar with SSH, Linux, and traditional deployments through flows like Heroku. Probably has heard of Vercel for frontend hosting. Likely coding on repl.it. I do not know what a port or a reverse proxy is. |
115 | | - |
116 | | -2. I have deployed backend services to places like Railway, but am deeply frustrated with their limits because I am a teenager and I don't have a credit card or income to pay for the paid tiers. I can't even sign up for Heroku because I don't have a credit card. I like giving a Procfile or Dockerfile and need a place to host it with a Postgres database that is reliable and won't go down. I don't need it to be "production grade", this is more for personal projects or semi-professional projects that don't have high volume. I need some kind of secrets management for environment variables. I know what a port is, but I don't know what a reverse proxy is. |
117 | | - |
118 | | -3. I am a homelab guru, highly technical, "do you know that I run Arch / NixOS?", strongly opinioned on distros, watches DistroTube, etc. I don't use vim, I use neovim. I don't use neovim, I use a custom editor that I wrote for myself in Rust! I usually deploy my own services on my homelab, but it constantly goes down so I want something more reliable for my Slack and Discord bots / etc. I know what a reverse proxy is and have strong opinions around them. |
119 | | - |
120 | | ---- |
121 | | - |
122 | | -## Proxmox |
123 | | - |
124 | | -### installation |
125 | | - |
126 | | -basic installation over plain debian |
127 | | -https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye |
128 | | - |
129 | | -### proxmox networking |
130 | | - |
131 | | -network configs derived from: |
132 | | -https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve |
133 | | - |
134 | | -`sysctl -w net.ipv4.ip_forward=1` |
135 | | -`sysctl -w net.ipv6.conf.all.forwarding=1` |
136 | | - |
137 | | -#### proxmox host `/etc/network/interfaces` |
138 | | -``` |
139 | | -source /etc/network/interfaces.d/* |
140 | | -
|
141 | | -auto lo |
142 | | -iface lo inet loopback |
143 | | -iface lo inet6 loopback |
144 | | -
|
145 | | -auto eno1 |
146 | | -iface eno1 inet static |
147 | | - address 78.46.86.74/27 |
148 | | - gateway 78.46.86.65 |
149 | | - up route add -net 78.46.86.64 netmask 255.255.255.224 gw 78.46.86.65 dev eno1 |
150 | | -iface eno1 inet6 static |
151 | | - address 2a01:4f8:120:144a::2/128 |
152 | | - gateway fe80::1 |
153 | | -
|
154 | | -auto vmbr0 |
155 | | -iface vmbr0 inet static |
156 | | - address 78.46.86.74/32 |
157 | | - bridge-ports none |
158 | | - bridge-stp off |
159 | | - bridge-fd 0 |
160 | | - pre-up brctl addbr vmbr0 |
161 | | - up ip route add 188.40.159.192/29 dev vmbr0 |
162 | | - down ip route del 188.40.159.192/29 dev vmbr0 |
163 | | - post-down brctl delbr vmbr0 |
164 | | -
|
165 | | -iface vmbr0 inet6 static |
166 | | - address 2a01:4f8:120:144a::2/64 |
167 | | -``` |
168 | | -The important bits here are sysctl forwarding and routing our guest subnet to vmbr0. |
169 | | - |
170 | | -Also need to `systemctl disable --now rpcbind.socket` per Hetzner rules. |
171 | | - |
172 | | -#### debian guest config |
173 | | - |
174 | | -Subnet: 188.40.159.192/29 |
175 | | - |
176 | | -``` |
177 | | -auto ens18 |
178 | | -iface ens18 inet static |
179 | | - address 188.40.159.192/32 |
180 | | - # or address 162.55.142.X/32 |
181 | | - gateway 78.46.86.74 |
182 | | -
|
183 | | -iface ens18 inet6 static |
184 | | - address 2a01:4f8:120:144a::x/64 |
185 | | - gateway 2a01:4f8:120:144a::2 |
186 | | -
|
187 | | -``` |
188 | | - |
189 | | -#### `/etc/apt/sources.list` |
190 | | -``` |
191 | | -deb http://mirror.hetzner.de/debian/packages bullseye main |
192 | | -deb http://mirror.hetzner.de/debian/packages bullseye-updates main |
193 | | -deb http://mirror.hetzner.de/debian/packages bullseye-backports main |
194 | | -deb http://mirror.hetzner.de/debian/security bullseye-security main |
195 | | -
|
196 | | -deb http://security.debian.org bullseye-security main |
197 | | -``` |
198 | | - |
199 | | -#### `/etc/resolv.conf` |
200 | | -``` |
201 | | -nameserver 213.133.100.100 |
202 | | -nameserver 213.133.98.98 |
203 | | -nameserver 213.133.99.99 |
204 | | -nameserver 2a01:4f8:0:1::add:1010 |
205 | | -nameserver 2a01:4f8:0:1::add:9999 |
206 | | -nameserver 2a01:4f8:0:1::add:9898 |
207 | | -``` |
| 9 | +You can sign up for Nest in the [Hack Club Slack](https://hackclub.com/slack) - go to [@Nest Bot's homepage](https://hackclub.slack.com/archives/D05SEMRGQJD) (click on the "Home" tab). |
208 | 10 |
|
| 11 | +Nest's configuration is documented in [SETUP.md](/SETUP.md), and its brand is in [the brand directory](/brand/). |
209 | 12 |
|
| 13 | +Have any questions or comments? Join the [#nest channel](https://hackclub.slack.com/archives/C056WDR3MQR)! |
0 commit comments