initial commit
This commit is contained in:
41
www/blog/_drafts/automations_20230628.html
Normal file
41
www/blog/_drafts/automations_20230628.html
Normal file
@@ -0,0 +1,41 @@
|
||||
<s>
|
||||
<h1>Automating some things...</h1>
|
||||
|
||||
|
||||
<p>So, you've got yourself a webserver. Congratulations! You've taken the first step toward taking ownership of any
|
||||
public webservices you'd like to use. Now... What do you *do* with it?</p>
|
||||
|
||||
|
||||
<p>Well, if you're me, you overenginner it (sort of). I'm at least, *trying* not to overengineer things as much. But
|
||||
there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi.
|
||||
Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I've done the basics to harden the
|
||||
system (restricted SSH to keys only, on a port and ip that's on a management vlan - inaccessible from the
|
||||
'net... and some other things I won't mention here ;P). The nginx webserver runs inside a FreeBSD <a
|
||||
href="https://docs.freebsd.org/en/books/handbook/jails/">jail</a> on this bare-metal system. It is also
|
||||
networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is
|
||||
accomplished with some networking trickery which I'll go into in depth in the future. For now, essentially: we
|
||||
create a vlan device, a bridge, and several 'epair' devices (one for each jail) then config the jail + host to
|
||||
give the jail its own 'network' thru this epair.</p>
|
||||
|
||||
|
||||
<p>Okay, so we've described the system. How do I get files on/off the server? How do I manage it? That, <a
|
||||
href="https://memory-alpha.fandom.com/wiki/Elementary,_Dear_Data_(episode)">my dear data,</a> is achieved
|
||||
via ssh. An unprivileged account on the pi has some public keys in the `~/.ssh/authorized_keys` file. That lets
|
||||
me in, and with `sshftp` I can easily drop files onto the server, then with a quick `cp -a /path/to/files
|
||||
/path/to/jail/webroot` I can update the server. Dope. That's awfully manual though... How can we automate this
|
||||
process?</p>
|
||||
|
||||
<h2>Gitops! (sort of?)</h2>
|
||||
<p>Well, we can do a couple things here...
|
||||
<ol>
|
||||
|
||||
<li>We can just keep doing it this way forever (lame)</li>
|
||||
<li>We can do some sort of 'gitops' to speed things up.</li>
|
||||
</ol>
|
||||
</p>
|
||||
<p>Naturally, we choose 2. (There are of course more options, but I won't list them here. Because I haven't thought
|
||||
of them. Not cus they don't exist.) The idea goes like this: since we only need to push static files to update
|
||||
the webserver, I'll just keep the static files in a git repo. Then I can devise a method whereupon updates
|
||||
pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual
|
||||
nonsense each time.</p>
|
||||
</s>
|
||||
Reference in New Issue
Block a user