title: Automating some things...
description: Automating some stuff
tags: automation, gitops, freebsd
date: 2023-06-28 12:00
edited: 2024-01-17 14:50

# Automating some things...

So, you've got yourself a webserver. Congratulations! You've taken the first step toward taking ownership of any public webservices you'd like to use. Now... What do you *do* with it?

Well, if you're me, you overenginner it (sort of). I'm at least, *trying* not to overengineer things as much. But there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi. Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I've done the basics to harden the system (restricted SSH to keys only, on a port and ip that's on a management vlan - inaccessible from the 'net... and some other things I won't mention here ;P). The nginx webserver runs inside a FreeBSD [jail](https://docs.freebsd.org/en/books/handbook/jails/) on this bare-metal system. It is also networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is accomplished with some networking trickery which I'll go into in depth in the future. For now, essentially: we create a vlan device, a bridge, and several 'epair' devices (one for each jail) then config the jail + host to give the jail its own 'network' thru this epair.

Okay, so we've described the system. How do I get files on/off the server? How do I manage it? That, [my dear data,](https://memory-alpha.fandom.com/wiki/Elementary,_Dear_Data_(episode)) is achieved via ssh. An unprivileged account on the pi has some public keys in the `~/.ssh/authorized_keys` file. That lets me in, and with `sshftp` I can easily drop files onto the server, then with a quick `cp -a /path/to/files /path/to/jail/webroot` I can update the server. Dope. That's awfully manual though... How can we automate this process?

## Gitops! (sort of?)

Well, we can do a couple things here...

- We can just keep doing it this way forever (lame)
- We can do some sort of 'gitops' to speed things up.

Naturally, we choose 2. (There are of course more options, but I won't list them here. Because I haven't thought of them. Not cus they don't exist.) The idea goes like this: since we only need to push static files to update the webserver, I'll just keep the static files in a git repo. Then I can devise a method whereupon updates pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual nonsense each time.

__EDIT 2024-01-17 14:51:__ as of this edit, gitops is achieved. This blog is updated automatically upon a `git commit` to the main branch of a git repo. This is done with gitea actions, and SSH. It is all quite convenient and I'm proud of the achievement. See more [here](../../../2024/01/17/post-01.md) and [here](https://docs.raer.me/02_cicd/ci-cd.html).

---

__EDIT: 2024-01-17 11:34:__

This was converted from original html:

```html

<s>
    <h1>Automating some things...</h1>


    <p>So, you've got yourself a webserver. Congratulations! You've taken the first step toward taking ownership of any
        public webservices you'd like to use. Now... What do you *do* with it?</p>


    <p>Well, if you're me, you overenginner it (sort of). I'm at least, *trying* not to overengineer things as much. But
        there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi.
        Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I've done the basics to harden the
        system (restricted SSH to keys only, on a port and ip that's on a management vlan - inaccessible from the
        'net... and some other things I won't mention here ;P). The nginx webserver runs inside a FreeBSD <a
            href="https://docs.freebsd.org/en/books/handbook/jails/">jail</a> on this bare-metal system. It is also
        networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is
        accomplished with some networking trickery which I'll go into in depth in the future. For now, essentially: we
        create a vlan device, a bridge, and several 'epair' devices (one for each jail) then config the jail + host to
        give the jail its own 'network' thru this epair.</p>


    <p>Okay, so we've described the system. How do I get files on/off the server? How do I manage it? That, <a
            href="https://memory-alpha.fandom.com/wiki/Elementary,_Dear_Data_(episode)">my dear data,</a> is achieved
        via ssh. An unprivileged account on the pi has some public keys in the `~/.ssh/authorized_keys` file. That lets
        me in, and with `sshftp` I can easily drop files onto the server, then with a quick `cp -a /path/to/files
        /path/to/jail/webroot` I can update the server. Dope. That's awfully manual though... How can we automate this
        process?</p>

    <h2>Gitops! (sort of?)</h2>
    <p>Well, we can do a couple things here...
    <ol>

        <li>We can just keep doing it this way forever (lame)</li>
        <li>We can do some sort of 'gitops' to speed things up.</li>
    </ol>
    </p>
    <p>Naturally, we choose 2. (There are of course more options, but I won't list them here. Because I haven't thought
        of them. Not cus they don't exist.) The idea goes like this: since we only need to push static files to update
        the webserver, I'll just keep the static files in a git repo. Then I can devise a method whereupon updates
        pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual
        nonsense each time.</p>
</s>

```