Devops on sugar, spice, &terminal? nice

Backing up docker volumes

Mon, 09 Dec 2024 14:57:12 +0000

In today’s I-can’t-believe-I’m-doing-this-in-2024

I needed to re-build my webserver because it kept hard-freezing every week (another post for another day). Since I use a docker setup for this, my setup is pretty turnkey - I just needed to copy over my docker volumes from the old host to the new host.

That turned out to be a lot more annoying than what I wanted. See, this functionality hasn’t existed for a long time. You had to use some DIY StackOverflow scripts. Apparently, this functionality is now built into Docker Desktop, but A. I’m ssh’d into a server and B. Docker Desktop is the trojan horse where they extort people for licenses. In either case, I just have access to the docker daemon.

Automatic recovery using lvm-autosnap

Wed, 12 Oct 2022 20:00:17 +0000

Two vintage cars side-by-side. The one on the left is rusted out and missing headlights. The one on the right has been restored to good condition

TL;DR: https://github.com/intentionally-left-nil/lvm-autosnap

Running linux is an adventure. About a year ago, I switched from MacOS to Ubuntu (eww snaps), then Fedora (fine), then Manjaro (yeah that was a mistake) until finally landing on the final boss, Arch linux. Honestly, Arch is great. It does what I want, which is to spend an inordinate amount of time fixing things that used to work.

Initramfs with systemd & LUKS

Sun, 31 Jul 2022 02:20:45 +0000

TL;DR

[me@mycomputer]# cat /etc/sbupdate.conf | grep "^CMDLINE_DEFAULT"
CMDLINE_DEFAULT="rd.luks.uuid=c1f995f5-a8f7-47f0-b085-6d3a159e1874 rd.luks.allow-discards resume=UUID=51384ac6-f197-41d9-b8c8-c9607d7e01c8 rd.udev.log-priority=3 nvme.noacpi=1 quiet splash root=UUID=a645810c-ef87-4a9a-9239-afdeaf292e6e rw"

[me@mycomputer]# cat /etc/mkinitcpio.conf | grep "^HOOKS"
HOOKS=(systemd keyboard autodetect sd-vconsole modconf block sd-encrypt lvm2 filesystems fsck)

My old boot process looks like this:

UEFI (with secure boot on)
systemd-boot
unified kernel.efi (initramfs + kernel params + kernel all rolled into one efi and signed)
initramfs (busybox)
encrypt hook: detects that a password is needed -> prompt for password
Unlock LUKS partition
LVM hook detects the LUKS partition and loads the logical volume groups/volumes
The root partition is loaded and control gets passed off to the real kernel

Which was set up via the following configs:

Secure DNS

Thu, 30 Dec 2021 08:06:19 +0000

TL;DR: Use a VPN if you really care.

Hey, you over there! Want to take something that works perfectly well and make it more complicated? Sure ya do! Oh, need a little more convincing?

Okay - here’s the rundown. We use https to keep the baddies from seeing what we browse on the internet. So far, so good. However, there’s a problem - DNS. DNS isn’t encrypted for …. reasons (see the above webcomic). And if you don’t change any of your settings, then you’re probably getting your DNS records from your ISP. Which means your ISP knows everything about what you try to visit.

Matching socks: Nginx + php = Wordpress (Part 3)

Wed, 02 Jun 2021 11:01:09 +0000

Part 1: Wordpress hosting, docker style
Part 2: Cron + LetsEncrypt, docker style
Part 3: Matching socks: Nginx + php = Wordpress

Previously, we’ve covered terminating SSL connections and running cron jobs. Now it’s time to actually set up a wordpress installation. The two main ingredients are a web server, and a php server. All requests go through the web server (nginx, again in this case). If the filepath ends in a .php extension, then the request gets forwarded to the php-fpm (basically php with a FastCGI implementation) to do the server-side processing.

Ad Blocking w/Raspberry Pi

Mon, 10 May 2021 23:53:27 +0000

Image of a Raspberry Pi

I’ve used different technologies to block ads for a long time. I remember my first computer used Proxomitron to great success in the early web. (HTTPS wasn’t much of a thing back then which made MITM proxies a lot easier to set up!)

My Pi-Hole recently started acting more and more strangely, so I decided it was time to start fresh - and document it this time. I have three goals for this project:

Cron + LetsEncrypt, docker style (Part 2)

Mon, 15 Mar 2021 20:49:50 +0000

Cornfield

Part 1: Wordpress hosting, docker style
Part 2: Cron + LetsEncrypt, docker style
Part 3: Matching socks: Nginx + php = Wordpress

Today, I’m going to talk about running background jobs with docker. On a non-docker system, you can set up a server to do many things at once - for example run nginx AND update your SSL certs periodically. However, with Docker, you have to choose. You either need to run each process as a separate docker container, or you need to use some sort of supervisor process (supervisord, s6, systemd, etc) which will in-turn kick off the other processes you’re interested in.

Wordpress hosting, docker style (Part 1)

Tue, 09 Mar 2021 07:07:32 +0000

A whale, coming out of the water

Part 1: Wordpress hosting, docker style
Part 2: Cron + LetsEncrypt, docker style
Part 3: Matching socks: Nginx + php = Wordpress

Those segfaults I mentioned? Yeah, they proved unsolvable. Nginx Unit seems to be having a rough time and un-extracting Nginx Unit from the install script was more difficult than expected too.

Instead, I spent more time than that setting up my own cluster of docker containers. The benefit is that I can now run a whole copy locally, test changes, and then push to production. It also allows me to track what changes to all the various .conf files I’ve been making. Today, I’ll talk about setting up a SSL-terminating reverse-proxy, and how to host it with docker-compose.

Wordpress hosting from scratch

Fri, 26 Feb 2021 11:58:43 +0000

Alternative title: Why it’s worth it to pay for wordpress hosting.
Alternative title 2: Why is Ansible so complicated?

I have no idea why someone would scan the outside of a PSU, but it makes for a segue to this lede - which promises to be the best part of this post:

Just your typical barcode jam sesh

Goodbye, AWS; hello, world!

Sun, 21 Feb 2021 05:51:07 +0000

Let me start at the end - Hello, world! Welcome to my new blog. This is the first time I’ve revamped the terminal.space domain since its inception. It was previously, well, just a terminal, and not a very good one at that. But now, I have an actual (w/root!) webserver and a motivation to write.

As I’m going through the incantations to configure everything (probably incorrectly), I wanted to take a moment to pay homage to my very first website.