41 lines
2.6 KiB
HTML
41 lines
2.6 KiB
HTML
<s>
|
|
<h1>Automating some things...</h1>
|
|
|
|
|
|
<p>So, you've got yourself a webserver. Congratulations! You've taken the first step toward taking ownership of any
|
|
public webservices you'd like to use. Now... What do you *do* with it?</p>
|
|
|
|
|
|
<p>Well, if you're me, you overenginner it (sort of). I'm at least, *trying* not to overengineer things as much. But
|
|
there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi.
|
|
Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I've done the basics to harden the
|
|
system (restricted SSH to keys only, on a port and ip that's on a management vlan - inaccessible from the
|
|
'net... and some other things I won't mention here ;P). The nginx webserver runs inside a FreeBSD <a
|
|
href="https://docs.freebsd.org/en/books/handbook/jails/">jail</a> on this bare-metal system. It is also
|
|
networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is
|
|
accomplished with some networking trickery which I'll go into in depth in the future. For now, essentially: we
|
|
create a vlan device, a bridge, and several 'epair' devices (one for each jail) then config the jail + host to
|
|
give the jail its own 'network' thru this epair.</p>
|
|
|
|
|
|
<p>Okay, so we've described the system. How do I get files on/off the server? How do I manage it? That, <a
|
|
href="https://memory-alpha.fandom.com/wiki/Elementary,_Dear_Data_(episode)">my dear data,</a> is achieved
|
|
via ssh. An unprivileged account on the pi has some public keys in the `~/.ssh/authorized_keys` file. That lets
|
|
me in, and with `sshftp` I can easily drop files onto the server, then with a quick `cp -a /path/to/files
|
|
/path/to/jail/webroot` I can update the server. Dope. That's awfully manual though... How can we automate this
|
|
process?</p>
|
|
|
|
<h2>Gitops! (sort of?)</h2>
|
|
<p>Well, we can do a couple things here...
|
|
<ol>
|
|
|
|
<li>We can just keep doing it this way forever (lame)</li>
|
|
<li>We can do some sort of 'gitops' to speed things up.</li>
|
|
</ol>
|
|
</p>
|
|
<p>Naturally, we choose 2. (There are of course more options, but I won't list them here. Because I haven't thought
|
|
of them. Not cus they don't exist.) The idea goes like this: since we only need to push static files to update
|
|
the webserver, I'll just keep the static files in a git repo. Then I can devise a method whereupon updates
|
|
pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual
|
|
nonsense each time.</p>
|
|
</s> |