ring0 » blog

Automatic deployment of hugo sites

tags: hugo, drone, ci 2016-01-27 13:25 by lhw

Something I wanted to try out since I set up the blog as hugo static site was the automatic testing and deployment straight from the git to our webserver. As we are not using any of the common hosts for static sites, because why would we when we have a server at our disposal, it was a interesting to find a solution without using third-party services.

Our current setup is a VPS running a nginx and a docker environment for everything we don’t quite trust and or want to run on bare metal. Two of those docker containers are Gogs and Drone CI, which work miraculously well together.

Let's Encrypt - the comfortable way

tags: ssl, letsencrypt 2016-01-21 17:49 by lhw

Let’s Encrypt was released to the public on the 6th of December last year and has been a huge boon to the worldwide adoption of SSL/TLS Encrpytion for admins who prefer their own little site or mail server to huge sites like Google and the inherit indexing and spying by basically everyone.

Up until now SSL Certificates were either expensive, not quite trustworthy or generally not accepted in any browser or mail client. Let’s Encrypt certificates on the other hand are easily requested, verified and installed on any machine while also being free and trusted by any software thanks to a cross sign.

Let’s Encrypt offers a rather complex python script which helps setting up the certificates for different webservers and alike but almost always requires a standard setup to work. And anyone who has set more than a few basic settings is out of luck and has to do it manually, which is rather annoying considering the very short certificate lifetime of three months.

Alternative tools to the rescue. There is now already a pletora of different tools implementing the ACME protocol ranging from little bash scripts to full blown python applications. Many of these will do the job just fine as does the official client for that matter. I decided to go with acmetool a great little tool written in Go.

In addition to the common webroot, listen and manual mode acmetool also offers DNS verification and a proxy mode, basically webroot without the need for filesystem access. Due to the fast iteration on the tool it also already supports the signing of ECDSA certificates in addition to the standard RSA ones.

new blog software ... again

tags: ring0, blog, hugo 2015-12-29 12:53 by lhw

And once again a new blog software. Well not as much blog software as just a static site generator. I went with hugo as it seemed to be of reasonable complexity and allowed me to port over the blog theme in a minimal amount of time. Whole blog and the content are now maintained in the old microblog git.

All old links should still work as before. e.g. /entry/1/ or /page/2/. In addition code blocks now support syntax highlighting for all of pygments supported languages, which are quite numerous. Including most programming and config file syntaxes. Which is quite important for a coding and administration oriented blog.

//go example
import "fmt"

func main() {
	fmt.Println("Hello World")
}
server {
  listen [::]:80 ipv6only=off;
  server_name server.name.nic;

  location / {
    add_header Strict-Transport-Security max-age=15768000;
    return 301 https://$server_name$request_uri;
  }
}

The old famfam icon set was replaced by a web font with just a minimal set of glyphs we actually need, thanks to fontello. The Icons come from Font Awesome and Entypo I’ll do an inlined version of the SVG font version later to remove absolutely all binary traffic from the blog.

I2C VGA Adapter

tags: debian, i2c, vga, hdmi, dvi, hardware, electronics, logic level converter, linux 2012-07-07 08:41 by sre

For one of my projects I’m making heavy use of I²C devices. For development it would be nice to connect them to my notebook and develop and debug the sourcecode natively.

Luckily I remembered that all common display connection standards (VGA, HDMI, DVI) have an I²C control channel. In the linux kernel these pins are exported as I²C device by the graphic card driver. For example my intel driver exports 8 I²C devices.

So the only hardware needed to use an I²C device on my notebook is a cheap VGA cable. After cutting it in half we have two I²C adapters. I decided to create one cable for 5V I²C devices. This one is already done after cutting the cable in half. I soldered a jumper wire connector on the four needed wires and removed the others.

How to install XenServer 6 + RAID1 remotely

tags: XenServer, RAID1, unattended 2012-02-15 15:25 by lwi

Recently we decided to switch the ISP and therefore a new server needed to be set up. Since Xen runs great we figured to stick with it. Unfortunately not many Linux distributions support Xen so we ended up with XenServer Free from Citrix.

Our new ISP of course does not offer an automated installation for XenServer but quite a lot of other options (even an outdated OpenBSD). The first approach to sneak in XenServer was by installing some random Linux distribution, mounting the second hard drive and using KVM to install it there. Afterwards a chainloader entry in Grub would save the day. At least in theory since it failed in practise. With all hope lost on that approach surfing the web to look for suitable solutions seemed the right way to continue in this endeavour.

Luckily someone had the exact the same problem and came up with a clever solution (german): Launching the unattended installer via Grub. Infact it worked like a charm.