From ed482a34e907a34759cbf41d0e058d3d74ee53b1 Mon Sep 17 00:00:00 2001 From: Freyja Odinthrir Date: Wed, 17 Jan 2024 11:10:13 -0800 Subject: [PATCH] initial commit --- www/about.html | 30 ++++++++++++ www/blog/2023/06/28/hello.html | 30 ++++++++++++ www/blog/2023/07/03/doing-more-stuff.html | 28 +++++++++++ www/blog/2023/07/03/ha.html | 50 +++++++++++++++++++ www/blog/2023/07/10/social-media.html | 0 www/blog/_drafts/automations_20230628.html | 41 ++++++++++++++++ www/blog/_drafts/jails_20230630-0846.md | 51 ++++++++++++++++++++ www/blog/_drafts/rantings_20230706-114800.md | 0 www/contact.html | 23 +++++++++ www/feelings.md | 0 www/html/template.html | 27 +++++++++++ www/index.html | 37 ++++++++++++++ 12 files changed, 317 insertions(+) create mode 100644 www/about.html create mode 100644 www/blog/2023/06/28/hello.html create mode 100644 www/blog/2023/07/03/doing-more-stuff.html create mode 100644 www/blog/2023/07/03/ha.html create mode 100644 www/blog/2023/07/10/social-media.html create mode 100644 www/blog/_drafts/automations_20230628.html create mode 100644 www/blog/_drafts/jails_20230630-0846.md create mode 100644 www/blog/_drafts/rantings_20230706-114800.md create mode 100644 www/contact.html create mode 100644 www/feelings.md create mode 100644 www/html/template.html create mode 100644 www/index.html diff --git a/www/about.html b/www/about.html new file mode 100644 index 0000000..588ac95 --- /dev/null +++ b/www/about.html @@ -0,0 +1,30 @@ + + + + + + About + + + +
+
+

About?

+

How long's't been since you've seen an about page? Sheesh, who even *writes* these things?

+

What is this?

+

This is a website. An old-fashioned static one. I edit the html directly. Its a tech blog of sorts? its more just a whatever-the-fuck-i-feel-like blog, honestly. Its my website. I host it. I do what I want with it 'cuz I can. Deal with it, baby :3

+

More...

+

Check out the webdominatrix's github page if you'd like to see more...

+

You can also go to her gitea if you so choose, but its not very public.

+
+
+ + + \ No newline at end of file diff --git a/www/blog/2023/06/28/hello.html b/www/blog/2023/06/28/hello.html new file mode 100644 index 0000000..623c98a --- /dev/null +++ b/www/blog/2023/06/28/hello.html @@ -0,0 +1,30 @@ + + + + + + Hello, world! + + + +
+ +

Hello? Is anyone listening? Is this thing on?

+

11:03am(PDT)

+

Hello, world. I'm Freyja (Rae? idk dude, names are as difficult as gender for me.) This is my website. Well... *one* + of my websites. I have a few domains. This one is low-effort. Going forward, I'm just gonna use this thing as a sort + of blog.Since... I can? I mean, its not like HTML is complicated... It was designed mainly as a way to do books, but + better - and with HYPERTEXT. Modern web design has more or less bastardized existing technologies to do fancy things + with web browsers. But at the end of the day, raw HTML still works just fine - it just isn't as purdy.

+ +
+ + + + \ No newline at end of file diff --git a/www/blog/2023/07/03/doing-more-stuff.html b/www/blog/2023/07/03/doing-more-stuff.html new file mode 100644 index 0000000..aae51c4 --- /dev/null +++ b/www/blog/2023/07/03/doing-more-stuff.html @@ -0,0 +1,28 @@ + + + + + + + TEMPLATE + + + + +
+ +

Doing more.

+

Now that I have gitea (and a mysql server) in 'prod', its time to do more automagical things. The first line of business will be to look into CI/CD tools with gitea. Its rather silly that I have a whole-ass gitea server running, but don't utilize any of the ci/cd features that it offers. At a minimum, I could set up something to update this webserver automatically based off of a git repo push, instead of the current method: sftp directly into the freebsd host, navigate to the jail's html folder, and editing things directly. I'm literally editing this thing LIVE in vscode right now, lol. The moment I hit save, is the moment it gets published. I could maybe stand to do things a *little* different...? Possibly? Or maybe I won't. Maybe I'll just say "Fuck it, that's too much work, this site is full on low-effort". IDK. It depends on how much I think going 'low effort' will end up causing me to have an annoying, repetative workflow when editing this site.

+ + +
+ + + + \ No newline at end of file diff --git a/www/blog/2023/07/03/ha.html b/www/blog/2023/07/03/ha.html new file mode 100644 index 0000000..9bc90b2 --- /dev/null +++ b/www/blog/2023/07/03/ha.html @@ -0,0 +1,50 @@ + + + + + + + + + + Ha! + + + + +
+ +

Ha!

+

I've tracked down an issue that plagued my gitea config and made me go nuts for a week. Turns out that for some + reason, full end-to-end https on gitea breaks ssh pushing? I've abandoned this prospect for now, instead opting to + just use TLS termination at https://gitea.raer.me/ and forwarding to http on the private network. That's fine for my + purposes. Its not ideal. But its fine.

+

What truly matters here, is that I've got my gitea deployment off of the virtual machine it was running on. And, the + database connection is now encrypted (and enforced) with tls. So there's that. See, before, I was running a virtual + machine on my truenas scale server that had a bunch of rootless docker instances running things. this was far. Too. + Complex. It didn't even solve anything practically, either. It forced me to do networking where I didn't need to. +

+

Instead, gitea and its mysql server run directly on the k3s implementation on my truenas scale server. This is ideal, + as it allows me easier control over the files. It allows me to do zfs snapshots of the db and the gitea server. It + removes the need for the scheduled daily downtime while a script archived and stored the whole thing on another + server. At least, that's the idea. It also removes the overhead of the whole server, and streamlines things + somewhat.

+

Anyway, this has been an entry in the ol blog. Over and out.

+

ps: did I mention I didn't have to nuke the whole thing and start from scratch like I thought I might? That's a big + bonus!

+

- Freyja

+ + + + +
+ + + + \ No newline at end of file diff --git a/www/blog/2023/07/10/social-media.html b/www/blog/2023/07/10/social-media.html new file mode 100644 index 0000000..e69de29 diff --git a/www/blog/_drafts/automations_20230628.html b/www/blog/_drafts/automations_20230628.html new file mode 100644 index 0000000..38db027 --- /dev/null +++ b/www/blog/_drafts/automations_20230628.html @@ -0,0 +1,41 @@ + +

Automating some things...

+ + +

So, you've got yourself a webserver. Congratulations! You've taken the first step toward taking ownership of any + public webservices you'd like to use. Now... What do you *do* with it?

+ + +

Well, if you're me, you overenginner it (sort of). I'm at least, *trying* not to overengineer things as much. But + there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi. + Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I've done the basics to harden the + system (restricted SSH to keys only, on a port and ip that's on a management vlan - inaccessible from the + 'net... and some other things I won't mention here ;P). The nginx webserver runs inside a FreeBSD jail on this bare-metal system. It is also + networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is + accomplished with some networking trickery which I'll go into in depth in the future. For now, essentially: we + create a vlan device, a bridge, and several 'epair' devices (one for each jail) then config the jail + host to + give the jail its own 'network' thru this epair.

+ + +

Okay, so we've described the system. How do I get files on/off the server? How do I manage it? That, my dear data, is achieved + via ssh. An unprivileged account on the pi has some public keys in the `~/.ssh/authorized_keys` file. That lets + me in, and with `sshftp` I can easily drop files onto the server, then with a quick `cp -a /path/to/files + /path/to/jail/webroot` I can update the server. Dope. That's awfully manual though... How can we automate this + process?

+ +

Gitops! (sort of?)

+

Well, we can do a couple things here... +

    + +
  1. We can just keep doing it this way forever (lame)
    2. +
  2. We can do some sort of 'gitops' to speed things up.
    3. +
+

+

Naturally, we choose 2. (There are of course more options, but I won't list them here. Because I haven't thought + of them. Not cus they don't exist.) The idea goes like this: since we only need to push static files to update + the webserver, I'll just keep the static files in a git repo. Then I can devise a method whereupon updates + pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual + nonsense each time.

+ \ No newline at end of file diff --git a/www/blog/_drafts/jails_20230630-0846.md b/www/blog/_drafts/jails_20230630-0846.md new file mode 100644 index 0000000..46aff47 --- /dev/null +++ b/www/blog/_drafts/jails_20230630-0846.md @@ -0,0 +1,51 @@ +# FreeBSD Jails: Networking + +_containerization as a workshop, instead of a toolbox_ + +## Some assumptions + +This article assumes an understanding of: + +- [FreeBSD Jails](https://docs.freebsd.org/en/books/handbook/jails/) +- [`ifconfig(8)`](https://man.freebsd.org/cgi/man.cgi?ifconfig) + +___ + +## Basic networking + +~~FreeBSD has a refined form of containerization called `jails` which, while simple to install, are not quite as simple to network. We'll distill the core concepts of jail networking here to make them easier to understand for implementation.~~ By default, you must assign a jail an ip address, which attaches to and shares the host's physical network adapter. This is `good 'nough for government work` but for more advanced deployments, you're going to need more advanced configurations (go figure). This is achieved by assigning a jail a `vnet`. This gives the jail control over a virtual networking device created on the host. + +~~One of the more confusing concepts to wrap my head around was ifconfig and how it manages network devices. I'm not used to dealing with networking on a unix system in such an elegant way. Imagine using one utility to list and manage devices?? Wowie!! `ifconfig` is a great tool. `network-manager` and all the other dogshit that you can find on linux pales in comparisson to the simplicity of configuring your network with a _FUCKING API_. Not through bullshit config files, hidden in bullshit places which have changed endless times over the years leading to fragmented, confusing, and enraging experiences while trying to use the web to do networking things on linux. But with an actual cli/api. WOW. This is great.~~ + +A few things are implied here, which tripped me up. I'll note them: + +1. `ifconfig vlan1000 create vlan 1000 vlandev em0` is the same thing as `ifconfig em0.1000 create` so save yourself the trouble and use the latter syntax. +2. `vnets` are attached to running jails, and do not appear when using `ifconfig -a` + +Lets first list the tools at our disposal before we start playing around with them. + +- the `bridge`. Think of this as a sort of virtual switch. Devices on a bridge can talk to one another. +- the `virtual device`. `ifconfig em0.1000 create` creates a virtual device connected to the physical interface `em0` that tags packets with vlan 1000. This virtual device can be created/destroyed without impactinv the parent (physical) device. +- the `epair`. This is, essentially, a virtual crossover cable. This plugs two devices into each other directly (virtually) allowing them to speak. + +So with the tools listed above, we can begin to think about what's going on here. When configuring a jail to use a `vnet`, we're giving it access to the whole virtual device. We can't give it `em0`, but every device described above is in fact a virtual network device passable to a jail. Giving one access to a vlan directly is fine, but blocks that vlan from being shared by other jails. So we must architect the virtual network stack on a freebsd host to allow for such things. + +This is how I've achieved it. + +Note: Something about the order in which you do these things matters. I'm not _quite_ sure about this as I haven't done digging. Anyway... + +For this example, our vlan will be `vlan 10` and our physical network device will be `em0`. We assume the network is laid out as such: Each vlan is assigned to a subnet of /16 on the ips in 10.0.0.0/8, with each vlan denoted by the second octet. + +We assume a fresh configuration that has a single physical network device present. This device may have an ip assigned directly to it. + +`ifconfig em0.10 create up` will create and attach a virtual device on em0, using vlan 10, and designated as "up" for communication. + +`ifconfig bridge0 create addm em0.10 inet 10.10.0.1/16 up` creates a bridge device, assigns it an ip on vlan 10, and connects it to em0.10. + +`ifconfig epair10 create up` creates an epair device which will be passed to the jail. + +`ifconfig bridge0 addm epair10a up` will attach the epair device to the bridge. We do not assign A an ip address. + +Finally, we may pass `epair10b` to the jail in `/etc/jail.conf`. Using ifconfig on the jail, we may assign the jail an ip address (say, 10.10.0.10/16). + +This method allows us to create any arbitrary amount of jails attached to vlan10, so long as we create an epair for it and attach it appropriately. diff --git a/www/blog/_drafts/rantings_20230706-114800.md b/www/blog/_drafts/rantings_20230706-114800.md new file mode 100644 index 0000000..e69de29 diff --git a/www/contact.html b/www/contact.html new file mode 100644 index 0000000..93b3eec --- /dev/null +++ b/www/contact.html @@ -0,0 +1,23 @@ + + + + + + + TEMPLATE + + + + +
+ +

Please do not contact me.

+ + + + + \ No newline at end of file diff --git a/www/feelings.md b/www/feelings.md new file mode 100644 index 0000000..e69de29 diff --git a/www/html/template.html b/www/html/template.html new file mode 100644 index 0000000..51c7749 --- /dev/null +++ b/www/html/template.html @@ -0,0 +1,27 @@ + + + + + + + TEMPLATE + + + + +
+ + + + +
+ + + + \ No newline at end of file diff --git a/www/index.html b/www/index.html new file mode 100644 index 0000000..838b06a --- /dev/null +++ b/www/index.html @@ -0,0 +1,37 @@ + + + + + + Index + + + +
+

Hi Jaimie C:

+

I love you very much <3

+
+

Latest blog entry

+

Doing more stuff

+
+

stuff to do

+

Below is a list of stuff I find interesting/worthy of being posted here.

+ +
+

Blog entries...

+

Click this link for blog entries.

+ +
+ + +