From f89f5d57361e2160ad78e07857fd6e1b9c3b4309 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Fri, 12 Nov 2021 18:28:10 +0100 Subject: Migrated gitea to dalinar and updated other pages to reflect that. Updated www's docs that were abandonned. --- content/blog/miscellaneous/mirroring-to-github.md | 6 +- content/docs/adyxax.org/git/_index.md | 43 +----- content/docs/adyxax.org/git/install.md | 96 ++++++++++++ content/docs/adyxax.org/www.md | 54 ------- content/docs/adyxax.org/www/_index.md | 20 +++ content/docs/adyxax.org/www/install.md | 173 ++++++++++++++++++++++ 6 files changed, 298 insertions(+), 94 deletions(-) create mode 100644 content/docs/adyxax.org/git/install.md delete mode 100644 content/docs/adyxax.org/www.md create mode 100644 content/docs/adyxax.org/www/_index.md create mode 100644 content/docs/adyxax.org/www/install.md diff --git a/content/blog/miscellaneous/mirroring-to-github.md b/content/blog/miscellaneous/mirroring-to-github.md index c6b1fb2..ab42914 100644 --- a/content/blog/miscellaneous/mirroring-to-github.md +++ b/content/blog/miscellaneous/mirroring-to-github.md @@ -8,7 +8,7 @@ tags: ## Introduction -I have been running my own [git server]({{< ref "docs/adyxax.org/git.md" >}}) for more than 10 years (first with just ssh, then with [gitolite](https://gitolite.com/gitolite/index.html) and finally with [gitea](https://gitea.io/)). I manually pushed some of my work to github for better exposition and just decided to automate that mirroring. +I have been running my own [git server]({{< ref "docs/adyxax.org/git/_index.md" >}}) for more than 10 years (first with just ssh, then with [gitolite](https://gitolite.com/gitolite/index.html) and finally with [gitea](https://gitea.io/)). I manually pushed some of my work to github for better exposition and just decided to automate that mirroring. ## How to @@ -24,4 +24,6 @@ git push --mirror --quiet https://adyxax:TOKEN@github.com/adyxax/www.git &> /dev echo 'github updated' {{< /highlight >}} -Just put your token there, adjust the repository path and it will work. I am using this in `post-receive` hooks on my git server on several repositories without any issue. +Just put your token there, adjust your username and the repository path then it will work. I am using this in `post-receive` hooks on my git server on several repositories without any issue. + +Note that since Gitea 1.15 it is no longer necessary to do this with a post-receive hook, you can use the repository mirroring feature to achieve the same result. Use the url in the script above directly and it will work. diff --git a/content/docs/adyxax.org/git/_index.md b/content/docs/adyxax.org/git/_index.md index 3d8563b..6f979fb 100644 --- a/content/docs/adyxax.org/git/_index.md +++ b/content/docs/adyxax.org/git/_index.md @@ -1,48 +1,15 @@ --- title: "git" -description: adyxax.org git server +description: adyxax.org gitea instance --- ## Introduction git.adyxax.org is a [gitea](https://gitea.io/) instance. For about 10 years I used a gitolite installation but I finally went for a gui instead in order to host repositories for non tech people. -## Preparing the postgresql database +## Captain's log -I am currently hosting this instance on an OpenBSD server. Obviously postgresql is packaged on this system so the installation is as simple as : -{{< highlight sh >}} -pkg_add postgresql-server -su - _postgresql -mkdir /var/postgresql/data -initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W -{{< /highlight >}} +- 2021-11-12 : Migrated to a podman setup on dalinar, and from PostgreSQL to SQLite +- 2020-10-05 : Initial setup of gitea on yen.adyxax.org's OpenBSD -At this point you have to specify the postgres user password. Once done, exit the _postgresql users' shell and run as root : - -{{< highlight sh >}} -rcctl enable postgresql -rcctl start postgresql -su - _postgresql -psql -U postgres -CREATE ROLE gitea WITH LOGIN PASSWORD 'XXXXX'; -CREATE DATABASE gitea WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8'; -{{< /highlight >}} - -Since it is OpenBSD the defaults are secure for a local usage, therefore no other configuration is necessary. - -## Installing gitea - -Gitea is packaged on OpenBSD so the installation is as simple as : -{{< highlight sh >}} -pkg_add gitea -nvim /etc/gitea/app.ini -rcctl enable gitea -rcctl start gitea -{{< /highlight >}} - -## Serving the website - -TODO -{{< highlight sh >}} -nvim /etc/h2o/h2o.conf -{{< /highlight >}} +## Docs diff --git a/content/docs/adyxax.org/git/install.md b/content/docs/adyxax.org/git/install.md new file mode 100644 index 0000000..a53aaba --- /dev/null +++ b/content/docs/adyxax.org/git/install.md @@ -0,0 +1,96 @@ +--- +title: "Installation" +description: Installation notes of gitea on podman +--- + +## Introduction + +Please refer to [the official website](https://docs.gitea.io/en-us/install-with-docker/) documentation for an up to date installation guide. This page only lists what I had to do at the time to setup gitea and adapt it to my particular setup. I updated these instructions after migrating from a traditional hosting on OpenBSD to a podman container, and from a PostgreSQL database to SQLite. + +## Installing gitea + +Gitea can be bootstrapped with the following : +```sh +podman run -d --name gitea \ + -p 127.0.0.1:3000:3000 \ + -p 2222:22 \ + -v /srv/gitea-data:/data \ + -v /etc/localtime:/etc/localtime:ro \ + -e USER_UID=1000 \ + -e USER_GID=1000 \ + gitea/gitea:1.15.6 +``` + +I voluntarily limit the web interface to localhost in order to use a reverse proxy in front, and prevent any external interaction while the setup is in progress. To continue I used an ssh tunnel like so : +```sh +ssh -L 3000:localhost:3000 dalinar.adyxax.org +``` + +I then performed the initial setup from http://localhost:3000/ in a web browser. Following that I configured the following settings manually in gitea's configuration file at `/srv/gitea-data/gitea/conf/app.ini`: +```conf +[server] +LANDING_PAGE = explore + +[other] +SHOW_FOOTER_BRANDING = false +SHOW_FOOTER_VERSION = false +SHOW_FOOTER_TEMPLATE_LOAD_TIME = false +``` + +The container needs to be restarted following this : +```sh +podman restart gitea +``` + +## nginx reverse proxy + +dalinar is an Alpine linux, nginx is simply installed with : +```sh +apk add ninx +``` + +The configuration in `/etc/nginx/http.d/git.conf` looks like : +```conf +server { + listen 80; + listen [::]:80; + server_name git.adyxax.org; + location / { + return 301 https://$server_name$request_uri; + } +} +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name git.adyxax.org; + location / { + location /img/ { + add_header Cache-Control "public, max-age=31536000, immutable"; + } + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_buffering on; + } + ssl_certificate /etc/nginx/adyxax.org-fullchain.cer; + ssl_certificate_key /etc/nginx/adyxax.org.key; +} +``` + +```sh +/etc/init.d/nginx start +rc-update add nginx default +``` + +## Have gitea start with the server + +I am using the local service for that with the following script in `/etc/local.d/gitea.start` : +```sh +#!/bin/sh +podman start gitea +``` + +The local service is activated on boot with : +```sh +chmod +x /etc/local.d/gitea.start +rc-update add local default +``` diff --git a/content/docs/adyxax.org/www.md b/content/docs/adyxax.org/www.md deleted file mode 100644 index cf21b14..0000000 --- a/content/docs/adyxax.org/www.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: "www" -description: adyxax.org main website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here. -tags: -- hugo -- OpenBSD ---- - -## Introduction - -This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo). This article details how I installed hugo, how I initialised this website and how I manage it. I often refer to it as wiki.adyxax.org because this site replaces a dokuwiki I used for a long time as my main website (and a pmwiki before that), but with [hugo]({{< ref "hugo" >}}) it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests. - -For a log of how I made the initial setup, see [this blog article.]({{< ref "switching-to-hugo" >}}). Things are now simpler since I [wrote my own theme]({{< ref "ditching-the-heavy-hugo-theme" >}}). - -## Installing hugo - -I am currently hosting this website on an OpenBSD server. Hugo is packaged on this system so the installation is as simple as : -{{< highlight sh >}} -pkg_add hugo--extended -{{< / highlight >}} - -## Bootstraping this site - -The website is on my [gitea instance]({{< ref "git.md" >}}), and leaves under the standard `/var/www/htdocs` path: -{{< highlight sh >}} -cd /var/www/htdocs -git clone _gitea@git.adyxax.org:adyxax/www.git -cd www -{{< / highlight >}} - -To publish the website in the `public` folder I use a custom makefile so that I do not have to remind myself of hugo flags : -{{< highlight sh >}} -make build -{{< / highlight >}} - -## Automated deployment - -The deployment is automated with a simple `post-receive` git hook in the gitea repository : -{{< highlight sh >}} -#!/usr/bin/env bash -set -eu -unset GIT_DIR - -cd /var/www/htdocs/www/ -git remote update -git reset --hard origin/master -make build - -echo 'website updated' -{{< /highlight >}} - -## Web server config - -TODO diff --git a/content/docs/adyxax.org/www/_index.md b/content/docs/adyxax.org/www/_index.md new file mode 100644 index 0000000..9439f1e --- /dev/null +++ b/content/docs/adyxax.org/www/_index.md @@ -0,0 +1,20 @@ +--- +title: "www" +description: adyxax.org main website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here. +--- + +## Introduction + +This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo). + +I often refer to it as wiki.adyxax.org because this site replaces a dokuwiki I used for a long time as my main website (and a pmwiki before that), but with [hugo]({{< ref "hugo" >}}) it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests. + +For a log of how I made the initial setup, see [this blog article.]({{< ref "switching-to-hugo" >}}). Things are now simpler since I [wrote my own theme]({{< ref "ditching-the-heavy-hugo-theme" >}}). + +## Captain's log + +- 2021-09-12 : Added the search feature +- 2021-07-28 : Migrated to k3s setup on myth.adyxax.org +- 2020-10-05 : Initial setup of hugo on yen.adyxax.org's OpenBSD + +## Docs diff --git a/content/docs/adyxax.org/www/install.md b/content/docs/adyxax.org/www/install.md new file mode 100644 index 0000000..08d89a5 --- /dev/null +++ b/content/docs/adyxax.org/www/install.md @@ -0,0 +1,173 @@ +--- +title: "Installation" +description: Installation notes of www on k3s +tags: +- hugo +- k3s +- kubernetes +--- + +## Introduction + +This is a static website built using hugo. + +The CI/CD is a work in progress, for now the installation is made from a crude kubernetes manifest. The instructions have been updated for the search feature. + +## Kubernetes manifests + +```yaml +apiVersion: v1 +kind: Namespace +metadata: + name: www +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: www + name: www + labels: + app: www +spec: + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: www + template: + metadata: + labels: + app: www + spec: + containers: + - name: www + image: quay.io/adyxax/www:2021110901 + ports: + - containerPort: 80 + readinessProbe: + httpGet: + path: '/' + port: 80 + initialDelaySeconds: 1 + timeoutSeconds: 1 + livenessProbe: + httpGet: + path: '/' + port: 80 + initialDelaySeconds: 1 + timeoutSeconds: 1 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 10"] + - name: search + image: quay.io/adyxax/www-search:2021110901 + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: '/search/' + port: 8080 + initialDelaySeconds: 1 + timeoutSeconds: 1 + livenessProbe: + httpGet: + path: '/search/' + port: 8080 + initialDelaySeconds: 1 + timeoutSeconds: 1 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 10"] +--- +apiVersion: v1 +kind: Service +metadata: + namespace: www + name: www +spec: + type: ClusterIP + selector: + app: www + ports: + - protocol: TCP + port: 80 + targetPort: 80 + name: www + - protocol: TCP + port: 8080 + targetPort: 8080 + name: search +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: www + name: www +spec: + ingressClassName: nginx + tls: + - secretName: wildcard-adyxax-org + rules: + - host: www.adyxax.org + http: + paths: + - path: '/' + pathType: Prefix + backend: + service: + name: www + port: + number: 80 + - path: '/search' + pathType: Prefix + backend: + service: + name: www + port: + number: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: www + name: redirects + annotations: + nginx.ingress.kubernetes.io/permanent-redirect: https://www.adyxax.org/ + nginx.ingress.kubernetes.io/permanent-redirect-code: "308" +spec: + ingressClassName: nginx + tls: + - secretName: wildcard-adyxax-org + rules: + - host: adyxax.org + - host: wiki.adyxax.org +``` + +## DNS CNAME + +Terraform is only used for the dns record on this app for legacy reasons + +```hcl +resource "cloudflare_record" "pass-cname" { + zone_id = lookup(data.cloudflare_zones.adyxax-org.zones[0], "id") + name = "www" + value = "myth.adyxax.org" + type = "CNAME" + proxied = false +} +``` + +## Certificate + +For now I do not manage my certificates with terraform but manually. Once every two months I run : +```sh +acme.sh --config-home "$HOME/.acme.sh" --server letsencrypt --dns dns_cf --issue -d adyxax.org -d *.adyxax.org --force +kubectl -n www create secret tls wildcard-adyxax-org --cert=$HOME/.acme.sh/adyxax.org/fullchain.cer \ + --key=$HOME/.acme.sh/adyxax.org/adyxax.org.key -o yaml --save-config --dry-run=client | kubectl apply -f - +``` -- cgit v1.2.3