feat: implement nebu serve --docker

ionicsolutions · ionicsolutions · commit cccc8de19608 · 2025-04-11T22:24:03.000+02:00
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
@@ -0,0 +1,10 @@
+```bash
+docker compose up
+```
+
+
+You can also launch it through the CLI:
+
+```bash
+nebu serve --docker
+```
diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml
@@ -0,0 +1,46 @@
+services:
+  tailscale:
+    image: tailscale/tailscale:latest
+    container_name: tailscale
+    hostname: nebulous
+    environment:
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_USERSPACE=true
+      - TS_AUTH_KEY=
+      - TS_EXTRA_ARGS=--login-server https://headscale.nebulous.sh
+    volumes:
+      - nebu-ts-authkey:/var/lib/tailscale
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    restart: unless-stopped
+
+  nebulous:
+    image: us-docker.pkg.dev/agentsea-dev/nebulous/server:latest
+    command: ["sh", "-c", "exec nebu serve --host 0.0.0.0 --port 3000"]
+    environment:
+      DATABASE_URL: postgres://postgres:postgres@postgres:5432/postgres
+      REDIS_URL: redis://localhost:6379
+      RUST_LOG: debug
+      NEBU_BUCKET_NAME: nebulous
+      NEBU_BUCKET_REGION: us-east-1
+      NEBU_ROOT_OWNER: me
+    network_mode: service:tailscale
+
+  redis:
+    image: redis:latest
+    network_mode: service:tailscale
+    restart: unless-stopped
+
+  postgres:
+    image: postgres:latest
+    environment:
+      POSTGRES_PASSWORD: postgres
+    ports:
+       - "5432:5432"
+    restart: unless-stopped
+
+volumes:
+  nebu-ts-authkey:
+    driver: local
diff --git a/src/cli.rs b/src/cli.rs
@@ -43,21 +43,25 @@ pub enum Commands {
 
     /// Serve the API.
     Serve {
-        /// The address to bind to.
+        /// The address to bind to. Ignored when launching through docker.
         #[arg(long, default_value = "127.0.0.1")]
         host: String,
 
         /// The port to bind to.
         #[arg(long, default_value_t = 3000)]
         port: u16,
 
-        /// Disable internal auth server
-        #[arg(long, default_value_t = true)]
-        internal_auth: bool,
+        /// Disable the internal auth server
+        #[arg(long, default_value_t = false)]
+        disable_internal_auth: bool,
 
         /// The port to bind the internal auth server to.
         #[arg(long, default_value_t = 8080)]
         auth_port: u16,
+
+        /// Launch through Docker
+        #[arg(long, default_value_t = false)]
+        docker: bool,
     },
 
     /// Proxy services.
diff --git a/src/commands/login_cmd.rs b/src/commands/login_cmd.rs
@@ -87,7 +87,7 @@ When you're running nebulous on Kubernetes, use:
 
     let response = server_request("/v1/users/me", reqwest::Method::GET).await?;
     let profile: V1UserProfile = response.json().await?;
-    format!(
+    println!(
         "\nSuccessfully logged into '{}' as '{}'",
         config.current_server.clone().unwrap(),
         profile.email
diff --git a/src/commands/serve_cmd.rs b/src/commands/serve_cmd.rs
@@ -5,12 +5,16 @@ use nebulous::create_app_state;
 use nebulous::proxy::server::start_proxy;
 use nebulous::resources::v1::containers::controller::ContainerController;
 use nebulous::resources::v1::processors::controller::ProcessorController;
+use serde_json::Value;
 use std::error::Error;
+use std::io::Write;
+use std::ops::Add;
+use std::process::{Command, Stdio};
 
-pub async fn execute(
+pub async fn launch_server(
     host: String,
     port: u16,
-    internal_auth: bool,
+    disable_internal_auth: bool,
     auth_port: u16,
 ) -> Result<(), Box<dyn Error>> {
     let app_state = create_app_state().await?;
@@ -37,7 +41,7 @@ pub async fn execute(
     });
     println!("Proxy server started in background");
 
-    if internal_auth {
+    if !disable_internal_auth {
         println!("Starting auth server");
         tokio::spawn({
             let auth_state = app_state.clone();
@@ -63,3 +67,71 @@ pub async fn execute(
 
     Ok(())
 }
+
+const BASE_COMPOSE: &str = include_str!("../../deploy/docker/docker-compose.yml");
+
+pub async fn launch_docker(
+    port: u16,
+    disable_internal_auth: bool,
+    auth_port: u16,
+) -> Result<(), Box<dyn Error>> {
+    Command::new("docker")
+        .args(&["compose", "version"])
+        .output()
+        .expect(
+            "Did not find docker compose. Please ensure that docker is installed and in your PATH.",
+        );
+
+    // Ask the user for the tailscale login server and auth key
+    let tailscale_login_server = std::env::var("TS_LOGIN_SERVER").unwrap_or_else(|_| {
+        println!("Please enter the Tailscale login server URL (or leave blank for default):");
+        let mut input = String::new();
+        std::io::stdin().read_line(&mut input).unwrap();
+        input.trim().to_string()
+    });
+    let tailscale_auth_key = std::env::var("TS_AUTH_KEY").unwrap_or_else(|_| {
+        println!("Please enter the Tailscale auth key:");
+        let mut input = String::new();
+        std::io::stdin().read_line(&mut input).unwrap();
+        input.trim().to_string()
+    });
+
+    let mut doc: Value = serde_yaml::from_str(BASE_COMPOSE)?;
+
+    doc["services"]["tailscale"]["environment"][2] =
+        Value::String(format!("TS_AUTH_KEY={}", tailscale_auth_key));
+    if !tailscale_login_server.is_empty() {
+        doc["services"]["tailscale"]["environment"][3] = Value::String(format!(
+            "TS_EXTRA_ARGS=--login-server {}",
+            tailscale_login_server
+        ));
+    }
+
+    let mut command = format!(
+        "exec nebu serve --host 0.0.0.0 --port {} --auth-port {}",
+        port, auth_port
+    );
+    if disable_internal_auth {
+        command = command.add(" --disable-internal-auth");
+    };
+    doc["services"]["nebulous"]["command"][2] = Value::String(command);
+
+    let yaml = serde_yaml::to_string(&doc)?;
+
+    let mut child = Command::new("docker")
+        .args(&["compose", "-f", "-", "up"])
+        .stdin(Stdio::piped())
+        .spawn()?;
+
+    {
+        let stdin = child.stdin.as_mut().expect("Failed to open stdin");
+        stdin.write_all(yaml.as_bytes())?;
+    }
+
+    let status = child.wait()?;
+    if !status.success() {
+        Err("docker compose failed".into())
+    } else {
+        Ok(())
+    }
+}
diff --git a/src/main.rs b/src/main.rs
@@ -29,10 +29,16 @@ async fn main() -> Result<(), Box<dyn Error>> {
         Commands::Serve {
             host,
             port,
-            internal_auth,
+            disable_internal_auth,
             auth_port,
+            docker,
         } => {
-            commands::serve_cmd::execute(host, port, internal_auth, auth_port).await?;
+            if docker {
+                commands::serve_cmd::launch_docker(port, disable_internal_auth, auth_port).await?;
+            } else {
+                commands::serve_cmd::launch_server(host, port, disable_internal_auth, auth_port)
+                    .await?;
+            }
         }
         Commands::Sync { command } => match command {
             SyncCommands::Volumes {
