Add DigitalOcean configuration for IRC network migration.

- Create DigitalOcean-specific server configs for magnet-9rl-do and magnet-1eu-do
- Use Tailscale networking with stable domain names for server linking
- Remove ephemeral IP dependencies from Fly.io approach
- Configure proper autoconn for magnet-1eu to connect to magnet-9rl hub

Author: perigrin

.github/workflows/ci.yml

@@ -5,9 +5,7 @@ name: CI
 
 on:
   push:
-    branches: [main]
   pull_request:
-    branches: [main]
 
 env:
   FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
@@ -17,25 +15,25 @@ jobs:
     name: Run Test Suite
     runs-on: ubuntu-latest
     container: perl:stable-slim
-    
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-      
+
       - name: Setup flyctl
         uses: superfly/flyctl-actions/setup-flyctl@master
-          
+
       - name: Run Test Suite
         run: prove -v t/
-        
+
   lint:
     name: Lint and Validation
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-        
+
       - name: Validate Dockerfile syntax
         run: |
           # Check basic Dockerfile syntax
@@ -58,7 +56,7 @@ jobs:
               echo "$dockerfile syntax OK"
             fi
           done
-          
+
       - name: Validate fly.toml files
         run: |
           # Check for required fly.toml files and basic structure
@@ -76,7 +74,7 @@ jobs:
               echo "$config structure OK"
             fi
           done
-          
+
       - name: Validate configuration templates
         run: |
           # Check that templates use environment variable substitution
@@ -90,7 +88,7 @@ jobs:
               echo "$template template syntax OK"
             fi
           done
-          
+
       - name: Validate startup scripts
         run: |
           # Check startup scripts are executable and have proper shebang
@@ -116,38 +114,38 @@ jobs:
   security:
     name: Security Checks
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-        
+
       - name: Check for hardcoded secrets
         run: |
           echo "Checking for hardcoded secrets..."
-          
+
           # Check for hardcoded Tailscale auth keys (actual keys, not placeholders)
           if grep -r "tskey-auth-[a-zA-Z0-9]\{20,\}" . --exclude-dir=.git --exclude="*.md" --exclude="t/*.t"; then
             echo "ERROR: Found hardcoded Tailscale auth key"
             exit 1
           fi
-          
+
           # Check for hardcoded passwords
           if grep -ri "password.*=" . --exclude-dir=.git --exclude="*.md" | grep -v '\${' | grep -v 'PASSWORD'; then
             echo "WARNING: Found potential hardcoded password"
           fi
-          
+
           # Check that sensitive files aren't tracked
           if [ -f "passwords.conf" ] || [ -f "*.key" ]; then
             echo "ERROR: Sensitive files found in repository"
             exit 1
           fi
-          
+
           echo "Security checks passed"
-          
+
       - name: Validate USER directives in Dockerfiles
         run: |
           echo "Checking for non-root users in Dockerfiles..."
-          
+
           for dockerfile in solanum/Dockerfile atheme/Dockerfile; do
             if [ -f "$dockerfile" ]; then
               if ! grep -q "^USER " "$dockerfile"; then
@@ -156,4 +154,4 @@ jobs:
               fi
               echo "$dockerfile has proper USER directive"
             fi
-          done
+          done

.gitignore

@@ -20,3 +20,4 @@ Thumbs.db
 
 # Log files
 *.log
+.envrc

FUTURE_IMPROVEMENTS.md

@@ -0,0 +1,45 @@
+# ABOUTME: Future improvements and architectural changes for Magnet IRC Network
+# ABOUTME: Notes on potential optimizations and consolidation strategies
+
+## Single Multi-Region App Architecture
+
+### Dynamic SID Generation
+Instead of hardcoded server IDs like `9RL` and `1EU`, we could use a dynamic scheme:
+
+```bash
+# Generate SID from region + machine count
+REGION_PREFIX=$(echo "$FLY_REGION" | cut -c1-2 | tr '[:lower:]' '[:upper:]')
+
+# Get machine count via DNS SRV query  
+MACHINE_COUNT=$(dig +short SRV ${FLY_APP_NAME}.internal | grep "\.${FLY_REGION}\." | wc -l)
+SERVER_NUMBER=$((MACHINE_COUNT + 1))
+export SERVER_SID="${SERVER_NUMBER}${REGION_PREFIX}"
+export SERVER_NAME="magnet-${FLY_REGION}"
+export SERVER_DESCRIPTION="Magnet IRC Network - ${FLY_REGION} Server"
+```
+
+This would generate:
+- First machine in `ord`: `1OR`
+- Second machine in `ord`: `2OR`
+- First machine in `ams`: `1AM`
+- Third machine in `ord`: `3OR`
+
+### Benefits
+- **Auto-scaling**: Machines get sequential SIDs automatically
+- **No region-specific configs**: Single template works everywhere
+- **Simpler deployment**: One app instead of separate regional apps
+- **Automatic geo-routing**: Fly.io routes users to nearest region
+- **DNS-based discovery**: No API calls needed, just standard DNS queries
+
+### Implementation
+- Consolidate into single app with multi-region deployment
+- Remove hardcoded server configs
+- Use `FLY_REGION` environment variable for runtime decisions
+- Query DNS SRV records to determine machine sequence number
+
+### Migration Path
+1. Create new single multi-region app
+2. Deploy to both `ord` and `ams` regions
+3. Test dynamic SID generation and linking
+4. Migrate users and DNS
+5. Decommission separate regional apps

atheme/atheme.conf.template

@@ -35,15 +35,15 @@ serverinfo {
 /* Uplink configuration - primary IRC server */
 uplink "${ATHEME_HUB_HOSTNAME}" {
     host = "${ATHEME_HUB_HOSTNAME}";
-    vhost = "${ATHEME_TAILSCALE_IP}";
+    vhost = "magnet-atheme.${TAILSCALE_DOMAIN}";
     send_password = "${PASSWORD_9RL}";
     receive_password = "${SERVICES_PASSWORD}";
     port = 6667;
 };
 
 uplink "${ATHEME_FALLBACK_HOSTNAME}" {
     host = "${ATHEME_FALLBACK_HOSTNAME}";
-    vhost = "${ATHEME_TAILSCALE_IP}";
+    vhost = "magnet-atheme.${TAILSCALE_DOMAIN}";
     send_password = "${PASSWORD_1EU}";
     receive_password = "${SERVICES_PASSWORD}";
     port = 6667;

bin/generate-connects.sh

@@ -0,0 +1,163 @@
+#!/bin/bash
+# ABOUTME: Generate Solanum connect blocks from Fly.io DNS _instances.internal lookup
+# ABOUTME: Creates dynamic server linking configuration based on running instances
+
+set -e
+
+# Function to show usage
+usage() {
+    echo "Usage: $0 [options]"
+    echo ""
+    echo "Options:"
+    echo "  -h, --help              Show this help message"
+    echo "  -a, --app <name>        Fly.io app name (default: from FLY_APP_NAME env)"
+    echo "  -r, --region <region>   Current region (default: from FLY_REGION env)"
+    echo "  -o, --output <file>     Output file (default: stdout)"
+    echo ""
+    echo "Example:"
+    echo "  $0 --app magnet-irc --region ams"
+    echo "  $0 > /opt/solanum/etc/connects.conf"
+    exit 0
+}
+
+# Parse arguments
+OUTPUT=""
+APP_NAME="${FLY_APP_NAME}"
+CURRENT_REGION="${FLY_REGION}"
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -h|--help)
+            usage
+            ;;
+        -a|--app)
+            APP_NAME="$2"
+            shift 2
+            ;;
+        -r|--region)
+            CURRENT_REGION="$2"
+            shift 2
+            ;;
+        -o|--output)
+            OUTPUT="$2"
+            shift 2
+            ;;
+        --simulate)
+            SIMULATE=true
+            shift
+            ;;
+        *)
+            echo "Unknown option: $1"
+            usage
+            ;;
+    esac
+done
+
+if [ -z "$APP_NAME" ]; then
+    echo "Error: App name not specified and FLY_APP_NAME not set" >&2
+    exit 1
+fi
+
+# Function to generate SID from region and instance number
+generate_sid() {
+    local region="$1"
+    local instance_num="$2"
+    local region_prefix=$(echo "$region" | cut -c1-2 | tr '[:lower:]' '[:upper:]')
+    echo "${instance_num}${region_prefix}"
+}
+
+# Function to generate connect block
+generate_connect_block() {
+    local instance_id="$1"
+    local region="$2"
+    local ipv6="$3"
+    local instance_num="$4"
+    
+    # Skip self
+    if [ "$region" = "$CURRENT_REGION" ] && [ "$instance_num" = "1" ]; then
+        return
+    fi
+    
+    local sid=$(generate_sid "$region" "$instance_num")
+    local server_name="magnet-${region}"
+    
+    cat <<EOF
+/* Connection to ${server_name} (${instance_id}) */
+connect "${server_name}.internal" {
+    host = "[${ipv6}]";
+    send_password = "\${LINK_PASSWORD_OUT}";
+    accept_password = "\${LINK_PASSWORD_IN}";
+    port = 6667;
+    class = "server";
+    flags = topicburst;
+};
+
+EOF
+}
+
+# Function to parse DNS TXT record response
+parse_instances() {
+    local dns_response="$1"
+    local instance_num=0
+    local current_region=""
+    
+    echo "/* Generated connect blocks from _instances.internal */"
+    echo "/* Generated at: $(date -u '+%Y-%m-%d %H:%M:%S UTC') */"
+    echo "/* Current region: ${CURRENT_REGION} */"
+    echo ""
+    
+    # Parse each line of the DNS response
+    # Format expected: "instance_id region ipv6_address"
+    echo "$dns_response" | while IFS=' ' read -r instance region ipv6 rest; do
+        # Skip empty lines or comments
+        [ -z "$instance" ] && continue
+        [[ "$instance" =~ ^#.*$ ]] && continue
+        
+        # Reset counter if region changes
+        if [ "$region" != "$current_region" ]; then
+            instance_num=1
+            current_region="$region"
+        else
+            instance_num=$((instance_num + 1))
+        fi
+        
+        generate_connect_block "$instance" "$region" "$ipv6" "$instance_num"
+    done
+}
+
+# Main execution
+echo "Querying _instances.${APP_NAME}.internal for running instances..." >&2
+
+# For testing/development: simulate DNS response if needed
+if [ "$SIMULATE" = "true" ]; then
+    echo "Using simulated DNS response..." >&2
+    DNS_RESULT="3287e444b64708 ord fdaa:27:74d0:a7b:569:4950:e79e:2
+56837dddad4268 ams fdaa:27:74d0:a7b:569:1c37:481e:2
+78945bccef5512 sin fdaa:27:74d0:a7b:569:8821:912a:2"
+else
+    # Query DNS for instances
+    # Using dig for TXT records which Fly.io uses for instance discovery
+    DNS_RESULT=$(dig +short TXT "_instances.${APP_NAME}.internal" 2>/dev/null || true)
+
+    if [ -z "$DNS_RESULT" ]; then
+        echo "Warning: No instances found via DNS query" >&2
+        echo "Trying alternative query method..." >&2
+        
+        # Alternative: Try using nslookup
+        DNS_RESULT=$(nslookup -type=TXT "_instances.${APP_NAME}.internal" 2>/dev/null | grep "text =" | sed 's/.*text = "\(.*\)"/\1/' || true)
+    fi
+
+    if [ -z "$DNS_RESULT" ]; then
+        echo "Warning: Could not retrieve instance list" >&2
+        echo "/* No instances found - manual configuration required */"
+        exit 0
+    fi
+fi
+
+# Generate the configuration
+if [ -n "$OUTPUT" ]; then
+    parse_instances "$DNS_RESULT" > "$OUTPUT"
+    echo "Connect blocks written to: $OUTPUT" >&2
+else
+    parse_instances "$DNS_RESULT"
+fi