aboutsummaryrefslogtreecommitdiff
path: root/content/docs
diff options
context:
space:
mode:
authorJulien Dessaux2021-11-12 18:28:10 +0100
committerJulien Dessaux2021-11-12 18:28:10 +0100
commitf89f5d57361e2160ad78e07857fd6e1b9c3b4309 (patch)
treeba7cc48efb48781a6ba30e14a05a8b1dc889dc55 /content/docs
parentMove git docs to a dedicated section (diff)
downloadwww-f89f5d57361e2160ad78e07857fd6e1b9c3b4309.tar.gz
www-f89f5d57361e2160ad78e07857fd6e1b9c3b4309.tar.bz2
www-f89f5d57361e2160ad78e07857fd6e1b9c3b4309.zip
Migrated gitea to dalinar and updated other pages to reflect that. Updated www's docs that were abandonned.
Diffstat (limited to '')
-rw-r--r--content/docs/adyxax.org/git/_index.md43
-rw-r--r--content/docs/adyxax.org/git/install.md96
-rw-r--r--content/docs/adyxax.org/www.md54
-rw-r--r--content/docs/adyxax.org/www/_index.md20
-rw-r--r--content/docs/adyxax.org/www/install.md173
5 files changed, 294 insertions, 92 deletions
diff --git a/content/docs/adyxax.org/git/_index.md b/content/docs/adyxax.org/git/_index.md
index 3d8563b..6f979fb 100644
--- a/content/docs/adyxax.org/git/_index.md
+++ b/content/docs/adyxax.org/git/_index.md
@@ -1,48 +1,15 @@
---
title: "git"
-description: adyxax.org git server
+description: adyxax.org gitea instance
---
## Introduction
git.adyxax.org is a [gitea](https://gitea.io/) instance. For about 10 years I used a gitolite installation but I finally went for a gui instead in order to host repositories for non tech people.
-## Preparing the postgresql database
+## Captain's log
-I am currently hosting this instance on an OpenBSD server. Obviously postgresql is packaged on this system so the installation is as simple as :
-{{< highlight sh >}}
-pkg_add postgresql-server
-su - _postgresql
-mkdir /var/postgresql/data
-initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
-{{< /highlight >}}
+- 2021-11-12 : Migrated to a podman setup on dalinar, and from PostgreSQL to SQLite
+- 2020-10-05 : Initial setup of gitea on yen.adyxax.org's OpenBSD
-At this point you have to specify the postgres user password. Once done, exit the _postgresql users' shell and run as root :
-
-{{< highlight sh >}}
-rcctl enable postgresql
-rcctl start postgresql
-su - _postgresql
-psql -U postgres
-CREATE ROLE gitea WITH LOGIN PASSWORD 'XXXXX';
-CREATE DATABASE gitea WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
-{{< /highlight >}}
-
-Since it is OpenBSD the defaults are secure for a local usage, therefore no other configuration is necessary.
-
-## Installing gitea
-
-Gitea is packaged on OpenBSD so the installation is as simple as :
-{{< highlight sh >}}
-pkg_add gitea
-nvim /etc/gitea/app.ini
-rcctl enable gitea
-rcctl start gitea
-{{< /highlight >}}
-
-## Serving the website
-
-TODO
-{{< highlight sh >}}
-nvim /etc/h2o/h2o.conf
-{{< /highlight >}}
+## Docs
diff --git a/content/docs/adyxax.org/git/install.md b/content/docs/adyxax.org/git/install.md
new file mode 100644
index 0000000..a53aaba
--- /dev/null
+++ b/content/docs/adyxax.org/git/install.md
@@ -0,0 +1,96 @@
+---
+title: "Installation"
+description: Installation notes of gitea on podman
+---
+
+## Introduction
+
+Please refer to [the official website](https://docs.gitea.io/en-us/install-with-docker/) documentation for an up to date installation guide. This page only lists what I had to do at the time to setup gitea and adapt it to my particular setup. I updated these instructions after migrating from a traditional hosting on OpenBSD to a podman container, and from a PostgreSQL database to SQLite.
+
+## Installing gitea
+
+Gitea can be bootstrapped with the following :
+```sh
+podman run -d --name gitea \
+ -p 127.0.0.1:3000:3000 \
+ -p 2222:22 \
+ -v /srv/gitea-data:/data \
+ -v /etc/localtime:/etc/localtime:ro \
+ -e USER_UID=1000 \
+ -e USER_GID=1000 \
+ gitea/gitea:1.15.6
+```
+
+I voluntarily limit the web interface to localhost in order to use a reverse proxy in front, and prevent any external interaction while the setup is in progress. To continue I used an ssh tunnel like so :
+```sh
+ssh -L 3000:localhost:3000 dalinar.adyxax.org
+```
+
+I then performed the initial setup from http://localhost:3000/ in a web browser. Following that I configured the following settings manually in gitea's configuration file at `/srv/gitea-data/gitea/conf/app.ini`:
+```conf
+[server]
+LANDING_PAGE = explore
+
+[other]
+SHOW_FOOTER_BRANDING = false
+SHOW_FOOTER_VERSION = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+```
+
+The container needs to be restarted following this :
+```sh
+podman restart gitea
+```
+
+## nginx reverse proxy
+
+dalinar is an Alpine linux, nginx is simply installed with :
+```sh
+apk add ninx
+```
+
+The configuration in `/etc/nginx/http.d/git.conf` looks like :
+```conf
+server {
+ listen 80;
+ listen [::]:80;
+ server_name git.adyxax.org;
+ location / {
+ return 301 https://$server_name$request_uri;
+ }
+}
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ server_name git.adyxax.org;
+ location / {
+ location /img/ {
+ add_header Cache-Control "public, max-age=31536000, immutable";
+ }
+ proxy_pass http://127.0.0.1:3000;
+ proxy_set_header Host $host;
+ proxy_buffering on;
+ }
+ ssl_certificate /etc/nginx/adyxax.org-fullchain.cer;
+ ssl_certificate_key /etc/nginx/adyxax.org.key;
+}
+```
+
+```sh
+/etc/init.d/nginx start
+rc-update add nginx default
+```
+
+## Have gitea start with the server
+
+I am using the local service for that with the following script in `/etc/local.d/gitea.start` :
+```sh
+#!/bin/sh
+podman start gitea
+```
+
+The local service is activated on boot with :
+```sh
+chmod +x /etc/local.d/gitea.start
+rc-update add local default
+```
diff --git a/content/docs/adyxax.org/www.md b/content/docs/adyxax.org/www.md
deleted file mode 100644
index cf21b14..0000000
--- a/content/docs/adyxax.org/www.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: "www"
-description: adyxax.org main website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here.
-tags:
-- hugo
-- OpenBSD
----
-
-## Introduction
-
-This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo). This article details how I installed hugo, how I initialised this website and how I manage it. I often refer to it as wiki.adyxax.org because this site replaces a dokuwiki I used for a long time as my main website (and a pmwiki before that), but with [hugo]({{< ref "hugo" >}}) it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests.
-
-For a log of how I made the initial setup, see [this blog article.]({{< ref "switching-to-hugo" >}}). Things are now simpler since I [wrote my own theme]({{< ref "ditching-the-heavy-hugo-theme" >}}).
-
-## Installing hugo
-
-I am currently hosting this website on an OpenBSD server. Hugo is packaged on this system so the installation is as simple as :
-{{< highlight sh >}}
-pkg_add hugo--extended
-{{< / highlight >}}
-
-## Bootstraping this site
-
-The website is on my [gitea instance]({{< ref "git.md" >}}), and leaves under the standard `/var/www/htdocs` path:
-{{< highlight sh >}}
-cd /var/www/htdocs
-git clone _gitea@git.adyxax.org:adyxax/www.git
-cd www
-{{< / highlight >}}
-
-To publish the website in the `public` folder I use a custom makefile so that I do not have to remind myself of hugo flags :
-{{< highlight sh >}}
-make build
-{{< / highlight >}}
-
-## Automated deployment
-
-The deployment is automated with a simple `post-receive` git hook in the gitea repository :
-{{< highlight sh >}}
-#!/usr/bin/env bash
-set -eu
-unset GIT_DIR
-
-cd /var/www/htdocs/www/
-git remote update
-git reset --hard origin/master
-make build
-
-echo 'website updated'
-{{< /highlight >}}
-
-## Web server config
-
-TODO
diff --git a/content/docs/adyxax.org/www/_index.md b/content/docs/adyxax.org/www/_index.md
new file mode 100644
index 0000000..9439f1e
--- /dev/null
+++ b/content/docs/adyxax.org/www/_index.md
@@ -0,0 +1,20 @@
+---
+title: "www"
+description: adyxax.org main website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here.
+---
+
+## Introduction
+
+This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo).
+
+I often refer to it as wiki.adyxax.org because this site replaces a dokuwiki I used for a long time as my main website (and a pmwiki before that), but with [hugo]({{< ref "hugo" >}}) it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests.
+
+For a log of how I made the initial setup, see [this blog article.]({{< ref "switching-to-hugo" >}}). Things are now simpler since I [wrote my own theme]({{< ref "ditching-the-heavy-hugo-theme" >}}).
+
+## Captain's log
+
+- 2021-09-12 : Added the search feature
+- 2021-07-28 : Migrated to k3s setup on myth.adyxax.org
+- 2020-10-05 : Initial setup of hugo on yen.adyxax.org's OpenBSD
+
+## Docs
diff --git a/content/docs/adyxax.org/www/install.md b/content/docs/adyxax.org/www/install.md
new file mode 100644
index 0000000..08d89a5
--- /dev/null
+++ b/content/docs/adyxax.org/www/install.md
@@ -0,0 +1,173 @@
+---
+title: "Installation"
+description: Installation notes of www on k3s
+tags:
+- hugo
+- k3s
+- kubernetes
+---
+
+## Introduction
+
+This is a static website built using hugo.
+
+The CI/CD is a work in progress, for now the installation is made from a crude kubernetes manifest. The instructions have been updated for the search feature.
+
+## Kubernetes manifests
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: www
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: www
+ name: www
+ labels:
+ app: www
+spec:
+ replicas: 1
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app: www
+ template:
+ metadata:
+ labels:
+ app: www
+ spec:
+ containers:
+ - name: www
+ image: quay.io/adyxax/www:2021110901
+ ports:
+ - containerPort: 80
+ readinessProbe:
+ httpGet:
+ path: '/'
+ port: 80
+ initialDelaySeconds: 1
+ timeoutSeconds: 1
+ livenessProbe:
+ httpGet:
+ path: '/'
+ port: 80
+ initialDelaySeconds: 1
+ timeoutSeconds: 1
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/bin/sh", "-c", "sleep 10"]
+ - name: search
+ image: quay.io/adyxax/www-search:2021110901
+ ports:
+ - containerPort: 8080
+ readinessProbe:
+ httpGet:
+ path: '/search/'
+ port: 8080
+ initialDelaySeconds: 1
+ timeoutSeconds: 1
+ livenessProbe:
+ httpGet:
+ path: '/search/'
+ port: 8080
+ initialDelaySeconds: 1
+ timeoutSeconds: 1
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/bin/sh", "-c", "sleep 10"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: www
+ name: www
+spec:
+ type: ClusterIP
+ selector:
+ app: www
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 80
+ name: www
+ - protocol: TCP
+ port: 8080
+ targetPort: 8080
+ name: search
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: www
+ name: www
+spec:
+ ingressClassName: nginx
+ tls:
+ - secretName: wildcard-adyxax-org
+ rules:
+ - host: www.adyxax.org
+ http:
+ paths:
+ - path: '/'
+ pathType: Prefix
+ backend:
+ service:
+ name: www
+ port:
+ number: 80
+ - path: '/search'
+ pathType: Prefix
+ backend:
+ service:
+ name: www
+ port:
+ number: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ namespace: www
+ name: redirects
+ annotations:
+ nginx.ingress.kubernetes.io/permanent-redirect: https://www.adyxax.org/
+ nginx.ingress.kubernetes.io/permanent-redirect-code: "308"
+spec:
+ ingressClassName: nginx
+ tls:
+ - secretName: wildcard-adyxax-org
+ rules:
+ - host: adyxax.org
+ - host: wiki.adyxax.org
+```
+
+## DNS CNAME
+
+Terraform is only used for the dns record on this app for legacy reasons
+
+```hcl
+resource "cloudflare_record" "pass-cname" {
+ zone_id = lookup(data.cloudflare_zones.adyxax-org.zones[0], "id")
+ name = "www"
+ value = "myth.adyxax.org"
+ type = "CNAME"
+ proxied = false
+}
+```
+
+## Certificate
+
+For now I do not manage my certificates with terraform but manually. Once every two months I run :
+```sh
+acme.sh --config-home "$HOME/.acme.sh" --server letsencrypt --dns dns_cf --issue -d adyxax.org -d *.adyxax.org --force
+kubectl -n www create secret tls wildcard-adyxax-org --cert=$HOME/.acme.sh/adyxax.org/fullchain.cer \
+ --key=$HOME/.acme.sh/adyxax.org/adyxax.org.key -o yaml --save-config --dry-run=client | kubectl apply -f -
+```