Automating some things...

Automating some stuff

Automating some things…

So, you’ve got yourself a webserver. Congratulations! You’ve taken the first step toward taking ownership of any public webservices you’d like to use. Now… What do you do with it?

Well, if you’re me, you overenginner it (sort of). I’m at least, trying not to overengineer things as much. But there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi. Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I’ve done the basics to harden the system (restricted SSH to keys only, on a port and ip that’s on a management vlan - inaccessible from the ‘net… and some other things I won’t mention here ;P). The nginx webserver runs inside a FreeBSD jail on this bare-metal system. It is also networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is accomplished with some networking trickery which I’ll go into in depth in the future. For now, essentially: we create a vlan device, a bridge, and several ‘epair’ devices (one for each jail) then config the jail + host to give the jail its own ‘network’ thru this epair.

Okay, so we’ve described the system. How do I get files on/off the server? How do I manage it? That, my dear data, is achieved via ssh. An unprivileged account on the pi has some public keys in the ~/.ssh/authorized_keys file. That lets me in, and with sshftp I can easily drop files onto the server, then with a quick cp -a /path/to/files /path/to/jail/webroot I can update the server. Dope. That’s awfully manual though… How can we automate this process?

Gitops! (sort of?)

Well, we can do a couple things here…

We can just keep doing it this way forever (lame)
We can do some sort of ‘gitops’ to speed things up.

Naturally, we choose 2. (There are of course more options, but I won’t list them here. Because I haven’t thought of them. Not cus they don’t exist.) The idea goes like this: since we only need to push static files to update the webserver, I’ll just keep the static files in a git repo. Then I can devise a method whereupon updates pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual nonsense each time.

EDIT 2024-01-17 14:51: as of this edit, gitops is achieved. This blog is updated automatically upon a git commit to the main branch of a git repo. This is done with gitea actions, and SSH. It is all quite convenient and I’m proud of the achievement. See more here and here.

EDIT: 2024-01-17 11:34:

This was converted from original html:

<s>
    <h1>Automating some things...</h1>


    <p>So, you've got yourself a webserver. Congratulations! You've taken the first step toward taking ownership of any
        public webservices you'd like to use. Now... What do you *do* with it?</p>


    <p>Well, if you're me, you overenginner it (sort of). I'm at least, *trying* not to overengineer things as much. But
        there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi.
        Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I've done the basics to harden the
        system (restricted SSH to keys only, on a port and ip that's on a management vlan - inaccessible from the
        'net... and some other things I won't mention here ;P). The nginx webserver runs inside a FreeBSD <a
            href="https://docs.freebsd.org/en/books/handbook/jails/">jail</a> on this bare-metal system. It is also
        networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is
        accomplished with some networking trickery which I'll go into in depth in the future. For now, essentially: we
        create a vlan device, a bridge, and several 'epair' devices (one for each jail) then config the jail + host to
        give the jail its own 'network' thru this epair.</p>


    <p>Okay, so we've described the system. How do I get files on/off the server? How do I manage it? That, <a
            href="https://memory-alpha.fandom.com/wiki/Elementary,_Dear_Data_(episode)">my dear data,</a> is achieved
        via ssh. An unprivileged account on the pi has some public keys in the `~/.ssh/authorized_keys` file. That lets
        me in, and with `sshftp` I can easily drop files onto the server, then with a quick `cp -a /path/to/files
        /path/to/jail/webroot` I can update the server. Dope. That's awfully manual though... How can we automate this
        process?</p>

    <h2>Gitops! (sort of?)</h2>
    <p>Well, we can do a couple things here...
    <ol>

        <li>We can just keep doing it this way forever (lame)</li>
        <li>We can do some sort of 'gitops' to speed things up.</li>
    </ol>
    </p>
    <p>Naturally, we choose 2. (There are of course more options, but I won't list them here. Because I haven't thought
        of them. Not cus they don't exist.) The idea goes like this: since we only need to push static files to update
        the webserver, I'll just keep the static files in a git repo. Then I can devise a method whereupon updates
        pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual
        nonsense each time.</p>
</s>