Initial commit.

Author: joecorall

.github/workflows/github-release.yml

@@ -0,0 +1,17 @@
+name: Create release
+on:
+  pull_request_target:
+    branches:
+      - main
+    types:
+      - closed
+jobs:
+  release:
+    if: github.event.pull_request.merged == true && !contains(github.event.pull_request.title, 'skip-release')
+    uses: libops/actions/.github/workflows/bump-release.yaml@main
+    with:
+      workflow_file: goreleaser.yml
+    permissions:
+      contents: write
+      actions: write
+    secrets: inherit

.github/workflows/goreleaser.yml

@@ -0,0 +1,33 @@
+name: goreleaser
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "*"
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version: ">=1.25.0"
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint-test-build.yml

@@ -0,0 +1,43 @@
+name: lint-test-build-push
+on:
+  push:
+    paths-ignore:
+      - "**/*.md"
+      - "renovate.json5"
+    branches:
+      - "**"
+    tags:
+      - "*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+jobs:
+  lint-test:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version: ">=1.25.0"
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8
+        with:
+          version: latest
+
+      - name: Test with the Go CLI
+        run: go test -v -race ./...
+
+  build-push:
+    needs: [lint-test]
+    uses: libops/actions/.github/workflows/build-push.yml@main
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    secrets: inherit

.golangci.yml

@@ -0,0 +1,28 @@
+version: "2"
+linters:
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - ../../go
+      - ../../../../opt
+      - ./vendor
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+  exclusions:
+    generated: lax
+    paths:
+      - ../../go
+      - ../../../../opt
+      - ./vendor
+      - third_party$
+      - builtin$
+      - examples$

.goreleaser.yml

@@ -0,0 +1,36 @@
+before:
+  hooks:
+    - go mod tidy
+builds:
+  - binary: lightsout
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+
+archives:
+  - format: tar.gz
+    # this name template makes the OS and Arch compatible with the results of uname.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        format: zip
+checksum:
+  name_template: "checksums.txt"
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"

Dockerfile

@@ -0,0 +1,27 @@
+FROM golang:1.25-alpine3.22 AS builder
+
+WORKDIR /app
+COPY go.* ./
+RUN go mod download
+
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o lightsout .
+
+FROM alpine:3.22
+RUN apk --no-cache add ca-certificates curl docker-cli
+WORKDIR /root/
+
+COPY --from=builder /app/lightsout .
+
+# Set default environment variables
+ENV PORT=8808
+ENV INACTIVITY_TIMEOUT=90
+ENV LOG_LEVEL=INFO
+ENV GOOGLE_PROJECT_ID=""
+ENV GCE_ZONE=""
+ENV GCE_INSTANCE=""
+ENV LIBOPS_KEEP_ONLINE=""
+
+EXPOSE 8808
+
+CMD ["/app/lightsout"]

README.md

@@ -0,0 +1,84 @@
+# Lights Out
+
+A lightweight Go service that combines ping health checks with power management for GCE instances. Acts as both a health endpoint and an activity monitor that can automatically shut down instances after periods of inactivity.
+
+## Features
+
+- **HTTP Health Endpoints**: `/ping` (monitored) and `/health` (healthcheck)
+- **Activity Monitoring**: Tracks requests to `/ping` endpoint
+- **Configurable Timeouts**: Environment-controlled inactivity periods
+- **GCP Integration**: Automatic instance suspension via GCP API service
+
+## Usage
+
+### As Docker Container
+
+```bash
+docker run -p 8808:8808 -e INACTIVITY_TIMEOUT=90 lightswitch:latest
+```
+
+### Environment Variables
+
+| Variable             | Default | Description                              |
+| -------------------- | ------- | ---------------------------------------- |
+| `PORT`               | `8808`  | HTTP server port                         |
+| `INACTIVITY_TIMEOUT` | `90`    | Seconds of inactivity before shutdown    |
+| `CHECK_INTERVAL`     | `30`    | Seconds between activity checks          |
+| `LIBOPS_PROXY_URL`   | -       | GCP proxy URL for suspension             |
+| `LIBOPS_KEEP_ONLINE` | -       | Set to "yes" to disable auto-shutdown    |
+| `LOG_LEVEL`          | `INFO`  | Logging level (DEBUG, INFO, WARN, ERROR) |
+
+### Endpoints
+
+- `GET /ping` - Returns "pong", activity is logged and monitored
+- `GET /health` - Returns "healthy", used for container healthchecks
+
+## Integration
+
+This service is designed to work in tandem with [ppb (Proxy Power Button)](https://github.com/libops/ppb) to create a complete on-demand infrastructure solution:
+
+### How ppb and lightsout work together:
+
+1. **ppb (Boot)**: Acts as an ingress proxy that automatically starts GCE instances when requests arrive
+   - Receives incoming requests for dormant instances
+   - Starts the GCE instance via GCP API
+   - Proxies requests to the now-running backend
+   
+2. **lightsout (Shutdown)**: Monitors activity and automatically shuts down instances during idle periods
+   - Tracks activity via `/ping` endpoint calls
+   - Monitors for configurable inactivity timeouts
+   - Automatically suspends the GCE instance to save costs
+
+### Deployment Architecture:
+
+```
+Internet → ppb (ingress) → GCE Instance (running lightsout + your app)
+```
+
+- Deploy ppb as your public-facing service
+- Deploy lightsout alongside your application on GCE instances
+- Configure your application to periodically call `/ping` to signal activity
+- ppb handles instance startup, lightsout handles instance shutdown
+
+### Required IAM Permissions
+
+The Google Service Account (GSA) used by this service requires the following IAM permissions:
+
+- `compute.instances.suspend` - To suspend/stop the GCE instance
+- `compute.instances.get` - To check the current status of the instance
+
+These can be granted via the predefined `Compute Instance Admin (v1)` role, or by creating a custom role with only the specific permissions needed:
+
+```bash
+# Create custom role with minimal permissions
+gcloud iam roles create lightsout.instanceManager \
+    --project=YOUR_PROJECT_ID \
+    --title="Lightsout Instance Manager" \
+    --description="Minimal permissions for lightsout service" \
+    --permissions=compute.instances.suspend,compute.instances.get
+
+# Assign to service account
+gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
+    --member="serviceAccount:YOUR_SERVICE_ACCOUNT@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
+    --role="projects/YOUR_PROJECT_ID/roles/lightsout.instanceManager"
+```

go.mod

@@ -0,0 +1,3 @@
+module github.com/libops/lightsout
+
+go 1.25.0