{"id":24374486,"url":"https://github.com/bianchidotdev/public-infra","last_synced_at":"2026-04-02T02:04:17.681Z","repository":{"id":271148489,"uuid":"912505171","full_name":"bianchidotdev/public-infra","owner":"bianchidotdev","description":"Declarative infrastructure for public services","archived":false,"fork":false,"pushed_at":"2025-01-10T23:02:13.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-19T05:34:10.413Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bianchidotdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-05T18:55:04.000Z","updated_at":"2025-01-10T23:02:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"f091d4d4-5a42-4ff9-a94b-094265d6cc4a","html_url":"https://github.com/bianchidotdev/public-infra","commit_stats":null,"previous_names":["bianchidotdev/public-infra"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bianchidotdev%2Fpublic-infra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bianchidotdev%2Fpublic-infra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bianchidotdev%2Fpublic-infra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bianchidotdev%2Fpublic-infra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bianchidotdev","download_url":"https://codeload.github.com/bianchidotdev/public-infra/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243207643,"owners_count":20253891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-19T05:28:50.955Z","updated_at":"2025-12-26T06:35:52.976Z","avatar_url":"https://github.com/bianchidotdev.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Public Infra\n\nThis is a repo containing all the code needed to deploy public service infrastructure.\n\nCurrently, the supported services are:\n\n* Tor OBFS4 Bridges\n* Tor Webtunnel Bridges\n\nThis repo should be usable for anyone to deploy this public infrastructure with minimal effort.\n\n## Deploying\nThese services are deployed manually using terraform and the wonderfully declarative [Flatcar Container Linux](https://www.flatcar.org/).\n\nRequired technologies and make-style tasks are provided by [mise](https://mise.jdx.dev/).\nThe [1Password cli](https://developer.1password.com/docs/cli/get-started/) needs to be separately installed because I don't trust the source of the mise/asdf plugin.\n\n```sh\n# Install dependencies\n# install mise if not already installed\nbrew install mise\n\n# install all required dependencies (lefthook, terraform)\nmise install\n```\n\n### Tor Bridges\n\nTor OBFS4 Bridges are managed with terraform under `bridges/`.\n\nTor Webtunnel Bridges are managed with terraform under `webtunnels/`.\n\nCurrently, we use a single hosting provider, Vultr, to host the bridges.\n\nThe bridges are deployed with Flatcar Container Linux or Fedora CoreOS, which\nare container-optimized Linux distributions meant to be declaratively\nprovisioned.\n\nThey both use an ignition config to provision the node, installing\ntailscale and the systemd service to run a tor obfs4 bridge via docker.\nThis is managed with Terraform as well.\n\nWe use a 1password service account to store the secrets needed for the\ndeployment.\n\nDeploy with the following command:\n\n```sh\nmise run bridges:deploy\n```\n\nIf you want to deploy without 1password, you can populate the secrets directly\nin the `.env` files in `bridges/` and `webtunnels/`. You'll need to make sure\nnot to commit them to a public git repository if you do this.\n\n#### Logs\n\nLogs are stored in Tigris, an s3 compatible object store. We forward service logs using\n[vector](https://vector.dev/) to a Tigris bucket.\n\nThen, there's a hacky script that loads logs from s3 into a local Loki instance.\n\n```sh\n# start loki and grafana\nmise run logs:start_services\n\n# ship logs to loki\nmise run logs:ship\n\n# stop the services\nmise run logs:down\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbianchidotdev%2Fpublic-infra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbianchidotdev%2Fpublic-infra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbianchidotdev%2Fpublic-infra/lists"}