From 952391a090392a01e4dad1ea9e15b93a18232d38 Mon Sep 17 00:00:00 2001 From: CrimsonTome Date: Fri, 17 Feb 2023 00:18:22 +0000 Subject: [PATCH] fix: fix zola, start adding blog archive need to fix tags and gen feed --- src/blog/config.toml | 9 +- src/blog/content/PVE.md | 45 ++++ .../content/VPS-setup-2-electric-boogaloo.md | 83 ++++++ src/blog/content/_index.md | 5 + src/blog/content/a-quick-update.md | 18 ++ src/blog/content/a-ramble-on-github.md | 29 ++ ...mating-container-updates-with-ouroboros.md | 126 +++++++++ src/blog/content/introduction-to-freeside.md | 34 +++ .../locking-sites-with-nginx-proxy-manager.md | 15 ++ src/blog/content/making-your-own-blog.md | 87 ++++++ src/blog/content/my-current-vps-setup.md | 138 ++++++++++ .../content/on-switching-to-nginx-properly.md | 249 ++++++++++++++++++ src/blog/content/pages/_index.md | 3 + src/blog/content/pages/about.md | 16 ++ src/blog/content/pages/archive.md | 5 + src/blog/content/password-managers.md | 23 ++ src/blog/content/posts.json | 3 + src/blog/content/raspi-intro.md | 116 ++++++++ 18 files changed, 1003 insertions(+), 1 deletion(-) create mode 100644 src/blog/content/PVE.md create mode 100644 src/blog/content/VPS-setup-2-electric-boogaloo.md create mode 100644 src/blog/content/_index.md create mode 100644 src/blog/content/a-quick-update.md create mode 100644 src/blog/content/a-ramble-on-github.md create mode 100644 src/blog/content/automating-container-updates-with-ouroboros.md create mode 100644 src/blog/content/introduction-to-freeside.md create mode 100644 src/blog/content/locking-sites-with-nginx-proxy-manager.md create mode 100644 src/blog/content/making-your-own-blog.md create mode 100644 src/blog/content/my-current-vps-setup.md create mode 100644 src/blog/content/on-switching-to-nginx-properly.md create mode 100644 src/blog/content/pages/_index.md create mode 100644 src/blog/content/pages/about.md create mode 100644 src/blog/content/pages/archive.md create mode 100644 src/blog/content/password-managers.md create mode 100644 src/blog/content/posts.json create mode 100644 src/blog/content/raspi-intro.md diff --git a/src/blog/config.toml b/src/blog/config.toml index 5b2aabd..a9aa202 100644 --- a/src/blog/config.toml +++ b/src/blog/config.toml @@ -4,6 +4,12 @@ base_url = "https://crimsontome.com" # Use terminal theme theme = "terminimal" +# change output dir to _site +output_dir = "_site" + +# autogen feed +generate_feed = true + # Whether to automatically compile all Sass files in the sass directory compile_sass = true @@ -56,4 +62,5 @@ use_full_hack_font = true # The URL should point at a file located # in your site's "static" directory. # favicon = "static/favicon.jpg" -# favicon_mimetype = "image/png" \ No newline at end of file +# favicon_mimetype = "image/png" +page_titles = "combined" \ No newline at end of file diff --git a/src/blog/content/PVE.md b/src/blog/content/PVE.md new file mode 100644 index 0000000..68c969f --- /dev/null +++ b/src/blog/content/PVE.md @@ -0,0 +1,45 @@ +--- +title: An introduction to a potential series on Proxmox +description: An introduction to the Proxmox Virtual Environment +date: 2022-02-10 +tags: + - PVE + - VMs + - linux +layout: layouts/post.njk +--- + +This post has been in the works since November 2021, or rather I thought of around then, it hasn't been until February 2022 that I have started drafting anything, as such early details about setting this up may require reading the PVE Documentation more than if I could explain it all. This series is less of a tutorial and more so a collection of my experiences working with the projects. With that in mind let's begin. + +# Why am I doing this? + +Virtual machines can lead to a good learning experience, whether it’s trying out that new Linux distribution that everyone won’t stop telling you about or testing things out in a safe environment. It’s undeniable that VMs have their usage. + +I think my first experience trying out a VM was when I decided to try out Linux ‘properly’ after using a Raspberry Pi for about a year. As a longtime Windows user I felt a bit intimidated with all the variety in what was available to me, and the list of distros available is only expanding. By the reccomendation of a friend who had been using Linux for a few years, I tried out [Linux Mint](https://linuxmint.com/). This is a rather beginner friendly distribution, especially for those coming from Windows like myself. + +I don’t remember much about it apart that because of the specs of my laptop, it ran super slowly. So why am i bringing this up now? Recently a member of Freeside very kindly gave me one of their old desktops and after talking with some other members I decided to install [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) onto it. + +# The setup + +Proxmox wasn't very hard to setup, with some help from a Freesider that knew what they were doing we quickly set it up along with transferring over some OS images and setting up a few testing virtual machines. + +A few weeks after that, after a flatmate donated a second NIC (the first one is used to connect to my laptop), I could connect the server to the internet and begin updating everything. The NIC took a while to setup but once working I've not had issues with it since. So now I could seriously begin the project. Over Christmas I received a [Unifi Switch](https://store.ui.com/collections/unifi-network-switching/products/usw-flex-mini) so it was time to set up the virtual machines for that along with [OPNsense](https://opnsense.org/), those two would handle the networking. + +OPNsense was a bit of a pain to setup, with most of it being my fault and not noticing the proper isntall prompt, so every reboot would wipe all the configurtion. And annoyingly even when installed it would sometimes partially reset some of its config. The OPNsense box handles assigning IP addresses to devices connected to the server and switch as well as acting as a firewall. + +The VM containing the Unifi software for running the switch was also a little bit of a pain to setup, as the version of Java it ships with doesn't actually work. In the end Java 8 worked (instead of a more up to date 17, another later version may work but I went with 8 as I've seen most people use that). However once tha Java issue was sorted I can't remember any issues with the switch so that's promising. + +Along with networking, I decided to setup a [TrueNAS](https://www.truenas.com/) VM for storing backups from my laptop. This did not take long to setup and with some troubleshooting of the NFS share, I could begin backing up files from my laptop. Using a combination of `rsync` to transfer the data and `fdupes` for deduplication ([ZFS deduplication](https://www.truenas.com/docs/references/zfsdeduplication/) is very intensive, way outside of the scope of the current specs of the server). The whole process took around two days but at least now I have a backup of all my files should I need to restore them. I ordered another hard drive to act as a mirror, a [WD Red NAS](https://www.westerndigital.com/en-ie/products/internal-drives/wd-red-sata-hdd) drive. + +I also plan to: + +- set up a personal Git server using [Gitea](https://gitea.io/en-us/) +- set up [L2ARC](https://www.truenas.com/docs/references/l2arc/) for my NAS +- set up [FreeIPA](https://www.freeipa.org/page/Main_Page) +- set up various other [AAA]() +- set up [VLAN Tagging](https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Fundamentals_of_802.1Q_VLAN_Tagging) +- set up [Terraform](https://www.terraform.io/) + +# Current issues + +Sadly at present I am unable to continue working on the server as due to a somewhat unknown cause only 4GB out of the 24GB of RAM is displaying which prevents my VMs from starting. This may be an issue with the motherboard however I cannot be 100% sure until I open it up which will happen sometime in the future. diff --git a/src/blog/content/VPS-setup-2-electric-boogaloo.md b/src/blog/content/VPS-setup-2-electric-boogaloo.md new file mode 100644 index 0000000..218c9f6 --- /dev/null +++ b/src/blog/content/VPS-setup-2-electric-boogaloo.md @@ -0,0 +1,83 @@ +--- +title: VPS setup 2, electric boogaloo +description: An update on services I'm running on my VPS +date: 2022-09-04 +tags: + - self-hosting + - linux + - vps-series +layout: layouts/post.njk +--- + +![](/img/cloud.png) + +## Preface + +Back in July, I wrote a post detailing [what I run on my VPS](https://blog.crimsontome.com/posts/my-current-vps-setup), some things have changed since then so I thought I'd come back with an update. If you haven't read the previous post I suggest you do. p.s. Sorry in advance for any awful puns. + +## A change to be made + +Firstly, I switched VPS providers from Digital Ocean (DO) to [OVH](ovhcloud.com/). This was for a few reasons, the prices for droplets at DO were going up, meaning my free credits from the [GitHub student developer pack](https://education.github.com/pack) would not last me as long as I first thought. In addition to this, at around the time the price increase was announced OVH was having a summer sale, dramatically decreaseing the prices of some of their tiers. The VPS I run now is (on paper) twice as fast as the DO droplet I was using. With a dual core CPU and 4GB of RAM, compared to a single core with 2GB of RAM. The OVH VPS also comes with a larger 50GB SSD. In theory these specs are more than good enough for what I am plan to run and what I currently use it for. + +## Saving the (digital) ocean + +To save myself a lot of time before I could say goodbye to my Digital Ocean droplet, I had to back up my important files so I could have access to them when I switched to OVH. To accomplish this I saved them to either public or private Git repositories on GitHub (Yes I know I could have probably done it much quicker with `scp` but 🤫). + +## Hello world - again + +I decided to choose [Ubuntu Server 22.04](https://ubuntu.com/download/server) for the new server as I had used that with the DO one, and have had experience with the Ubuntu ecosystem before. Next I had setup my user account, allowed access from my laptop via SSH keys, disabled root and password authenticated SSH and set up [sshguard](https://sshguard.net/) - You can install sshguard with `sudo apt install sshguard` on Debian based distros like Ubuntu, and should be available in most package managers - all of this is probably a bit overkill 🤔. Then it was time to recover my DO files. + +## Gitting my files back + +To clone all the repos I needed to get back up and running, I uploaded an SSH key to github to authenticate the cloning of my private repositories. There is a guide to adding SSH keys to GitHub [here](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account). You can then append the following to your `.gitconfig` file to prioritise using SSH for git actions. + +```shell +[url "git@github.com:"] + insteadOf = https://github.com/ +[url "ssh://git@github.com:"] + insteadOf = https://github.com/ + +``` + +There is however perhaps a more efficient way of doing this, instead of manually cloning all of your repos one by one, using the [GitHub CLI](https://cli.github.com/) and a small shell script. Once `gh` is linked to your GitHub account you can run the following script to clone every repo you own. + +```shell +gh repo list --limit num-of-repos |awk '{print $1}' | xargs -L1 gh repo clone +``` + +Once all my repos had been cloned, I moved them to their appropriate directories and could more or less just run them as I would normally with minimal tweaking. The main things that needed work was Cloudflare DNS and Nginx Proxy Manager but that was just updating the IP address to the new server. + +## What has stayed the same + +I am still running [Nginx Proxy Manager](https://nginxproxymanager.com/) to manage subdomains of my site and [lock sites that don't come with their own authentication methods](https://blog.crimsontome.com/posts/locking-sites-with-nginx-proxy-manager/). + +I still run my blog on the new server (of course), built with [11ty](https://www.11ty.dev/) and containerised with [Docker](https://www.docker.com/). + +I still run an open source version of Linktree on my server called [littlelink](https://github.com/techno-tim/littlelink-server), you can see it [here](https://links.crimsontome.com/) though it isnt always kept up to date - oops. + +My [git server](https://git.crimsontome.com) is still alive but doesn't see much use, and is only really used to store very important mirrors of repos from GitHub. + +## What has changed + +### Saying goodbye + +I no longer run a [PrivateBin](https://privatebin.info/) server as I could never get it to function properly, but am still looking for other similar variations. I'll get one to work eventually. + +I have also stopped using [Dashy](https://dashy.to/) and [Netdata](https://github.com/netdata/netdata) for my server dashboard and metrics respectively. I found I didn't have much of a use for the dashboard and NetData was too memory intensive on the old server so I never bothered setting it up on this server, though it would probably work just fine. + +### Welcoming the new additions + +Perhaps the most helpful addition to my server is [Ouroboros](https://github.com/pyouroboros/ouroboros), it is used to automate the updating of containers. I wrote a [blog post](https://blog.crimsontome.com/posts/automating-container-updates-with-ouroboros/) about it if you are interested. + +Instead of NetData's advanced metrics, I decided to go with something much more lightweight called [Glances](https://github.com/nicolargo/glances), it functions quite like `top` but has some more details and can be viewed in a browser too. + +As a form of secret manageent, I use [vaultwarden](https://github.com/dani-garcia/vaultwarden/), though this has not seen a lot of use recently, so I may scrap this. + +[Uptime Kuma](https://github.com/louislam/uptime-kuma) is used to monitor some sites hosted by friends and Freeside and can be seen [here](https://uptime.crimsontome.com/status/uptime) + +### Things I may come back to + +- Honeypots including [Honeyport](https://github.com/securitygeneration/Honeyport) +- A [factorio map site](https://github.com/ProkopRandacek/FactorioFotograf) inspired by [sbrl's world](https://public.mooncarrot.space/Mazeworld64/) +- A [Spotify profile dashboard](https://github.com/Yooooomi/your_spotify) +- A Discord bot for fetching information about Magic The Gathering cards diff --git a/src/blog/content/_index.md b/src/blog/content/_index.md new file mode 100644 index 0000000..964d126 --- /dev/null +++ b/src/blog/content/_index.md @@ -0,0 +1,5 @@ ++++ +paginate_by = 2 +sort_by = "date" ++++ +hello \ No newline at end of file diff --git a/src/blog/content/a-quick-update.md b/src/blog/content/a-quick-update.md new file mode 100644 index 0000000..1d765d1 --- /dev/null +++ b/src/blog/content/a-quick-update.md @@ -0,0 +1,18 @@ +--- +title: A (short) end of year update +description: +date: 2022-12-24 +tags: + - update +layout: layouts/post.njk +--- + +Hello again, it's been... \***checks time and laughs nervously**\* almost 4 months since my last post. Almost as long as the gap between my [PVE](https://crimsontome.com/posts/PVE) and [first VPS post](https://crimsontome.com/posts/my-current-vps-setup), so quite some time. When I first started this blog over a year ago I planned to make a post every 2 weeks, and well, I have 10 including this one in ~14 months. In the new year I hope to write at least one post a month (This one might even come out then, Christmas is always a busy time). And it is also very likely that University will claim most of my time, as it has done for the last year. But nevertheless I am optimistic - _for now_ - that I'll be able to keep up, I have some projects in the works that I may blog about and it's likely I'll be blogging about my year in industry from ~June onwards. + +A sneak peak of what you can _maybe_ look forward to in the coming year: + +- blogs about becoming a [GitHub Campus Expert](https://githubcampus.expert/) (Currently in training) +- another home server update - when I can actually get it to my accomodation and functional once again +- tutorials on self hosting various services - first off is a password manager, coming soon™️ +- posts about sysadmin workshops I'll be running with [Freeside](https://freeside.co.uk) +- any weird or wonderful projects I discover on my journey diff --git a/src/blog/content/a-ramble-on-github.md b/src/blog/content/a-ramble-on-github.md new file mode 100644 index 0000000..543539d --- /dev/null +++ b/src/blog/content/a-ramble-on-github.md @@ -0,0 +1,29 @@ +--- +title: A ramble about GitHub +description: An introduction to GitHub from someone fairly new to it +date: 2021-11-17 +tags: + - github +layout: layouts/post.njk +--- + +
+GHLogo + +## A ramble about GitHub by someone fairly new to it + +### (This may become a series of posts on GitHub) + +#### First, a little background information + +A few years ago, back when I was in secondary school doing some group Python programming in year 9 I though to myself something like: This is interesting, working in a team on different parts then compiling them all together. But working on it all at the same time is a bit awkward to do. Is there a better way of doing this? +Introducing GitHub, the answer to all my questions. Sadly I only found out about GitHub's purpose years later once I was in college, and even then I never used it to contribute to open-source projects with others. I just browsed through lots of programs and just thought it was a place to archive code. + +#### What about now? + +Fast forward a few years to September 2021 and I had began to use GitHub 'properly', forking repos and making my own versions of things alongside working with others on communal projects like the [Freeside Student Resource List](https://github.com/FreesideHull/StudentResources) and adding my blog to [HullBlogs](https://hullblogs.com/). Even the site you're looking at now relies on GitHub to run as Netlify fetches all the data is needs from the repository. I can honestly say it feels a bit like magic, the difference between contributing to projects years ago in secondary school and now is like night and day. It's always better when there's a community of people there to help you out, and for you to help yourself. For me that's Freeside at Hull. I've met a lot of people that have helped me get started with GitHub, setting up projects (this site in particular) and it's wonderful to feel like you're all part of a community. Anyway, I'm getting a bit sidetracked, what does GitHub allow you to do? +As mentioned, GitHub allows you to contribute to open-source projects. If you don't own the repository you want to contribute to this will mean it forking (making a personal copy) it, making your changes and then submitting a pull request (asking those with write access to 'pull' your changes into the main project). If all goes well your changes will be accepted and your work will now be part of something much larger. GitHub has its own resources on how to [get started](https://docs.github.com/en/get-started/quickstart) and also a [cheat sheet](https://training.github.com/downloads/github-git-cheat-sheet/). +If you happen to be a University of Hull student and don't already know about it, the Student Resource List mentioned above is full of lots of handy materials. +If you're looking for projects to contribute to has a list of sites that compile projects looking for new users/those with less experience. Have a scroll through and after some time (depending on what you want to make and your skill level with what is needed) you should find something you'd be interested in. Usually a repo will have a `CONTRIBUTING.md` file containing guidelines on how to make a pull request, so make sure you pay attention to it or your request may be denied. + +Enjoy this new found power, welcome to GitHub. diff --git a/src/blog/content/automating-container-updates-with-ouroboros.md b/src/blog/content/automating-container-updates-with-ouroboros.md new file mode 100644 index 0000000..fefd6b1 --- /dev/null +++ b/src/blog/content/automating-container-updates-with-ouroboros.md @@ -0,0 +1,126 @@ +--- +title: Automating container updates with Ouroboros +description: How to automate container updates with Ouroboros +date: 2022-08-25 +tags: + - docker + - linux + - self-hosting + - github + - how-to +layout: layouts/post.njk +--- + +![image](https://user-images.githubusercontent.com/64846840/188291755-3b17cbfb-667b-43cd-97c4-748a1d9f769a.png) + +A few months ago, I started learning about containers using Docker. This has certainly been a fun experience overall (though sometimes frustrating 😛). One _issue_ with this is rebuilding the container upon every update when you want to deploy the new image. + +There is however a solution to this problem thankfully. A good friend [Kieran](https://github.com/kieranrobson "Kieran's GitHub account"), who also started learning Docker at around the same time as myself introduced me to [Ouroboros](https://github.com/pyouroboros/ouroboros "Ouroboris Git repo"). Kieran uses this to keep his many Discord bots up to date without having to manually rebuild and bring up each container over and over again, and this seems to work pretty well. It is unfortunate that the project has now been abandonned (last commit in 2020). However the software still functions as it should. The following guide assumes you have some basic experience with Docker. If you have no experience then there are a couple of good posts by Kieran Robson [here](https://docs.kieranrobson.com/tags/docker/) on how to setup docker and portainer. + +To set this up you will need: + +- Docker +- a [DockerHub](https://hub.docker.com/) account +- A GitHub repo with a functioning `Dockerfile` in + + + +## Docker CI + +- go to `https://github.com/your-username/your-repo/actions/new` and click on `set up a workflow yourself`. +- remove the existing yaml in the auto generated file and copy the contents from below into it + +```yaml +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Publish Docker image + +on: + push: + branches: + - "main" + +jobs: + push_to_registries: + name: Push Docker image to multiple registries + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: | + $/YOUR-IMAGE-NAME-HERE + ghcr.io/${{ github.repository }} + + - name: Build and push Docker images + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} +``` + +- the above will build the docker image and push it to the Docker Hub as well as GitHub's registry. +- there are two fields that need editing before this will work. `username: ${{ secrets.DOCKERHUB_USERNAME }}` and `password: ${{ secrets.DOCKERHUB_PASSWORD }}`. These can be configured at `https://github.com/your-username/your-repo/settings/secrets/actions/new` - open this in a new tab. Add your `DOCKERHUB_USERNAME` to one and DOCKERHUB_PASSWORD to another. also change `$/YOUR-IMAGE-NAME-HERE` with an appropriate name and then save. You should end up with something like this + + + + + +- now go back to the action code and save it +- with any luck after some time you should have something like this in your actions tab + + + + + +## Ouroboros setup + +- To run Ouroboros: + +```docker +docker run -d --name ouroboros \ + -v /var/run/docker.sock:/var/run/docker.sock \ + ghcr.io/gmt2001/ouroboros +``` + +- Then with the containers involved: + + - stop the containers + - run the snippet below, filling in the details you need to + +```docker +docker run -d \ +--name=INSERT NAME \ +-p AN-UNUSED-PORT:THE-PORT-THE-SERVICE-RUNS-ON \ +--restart unless-stopped \ +DOCKERHUB-USERNAME/IMAGE:TAG +``` + +Note that the tag used in this workflow is `main`. + +With any luck you should now have containers automatically update once you push changes to GitHub. diff --git a/src/blog/content/introduction-to-freeside.md b/src/blog/content/introduction-to-freeside.md new file mode 100644 index 0000000..e197435 --- /dev/null +++ b/src/blog/content/introduction-to-freeside.md @@ -0,0 +1,34 @@ +--- +title: Welcome to Freeside +description: Third post, an introduction to the Freeside society at the University of Hull. +date: 2021-10-16 +tags: + - freeside + - uni +layout: layouts/post.njk +--- + +
+FreesideLogo + +This post will act as an informal introduction to Freeside + +## What is Freeside? + +Freeside is the student run Linux user group at the University of Hull. + +## How do I join? + +Unlike many groups at a university, there is **no** membership cost to become a member of Freeside. It is also irrelevant which course you are taking, everyone is welcome here - even if you don't attend the university! You can join the Freeside Discord server [here](https://discord.gg/jE5VGjCu). + +## What do we do? + +Linux, seems a bit of a vague description doesn't it? How about I go into a little more detail. +Freeside provides an environment for everyone to learn more about Linux, open-source development, system administration, have experience with networking and career opportunities, social events / weekly virtual meet ups and access to the Freeside lab (Freeside Lab available to UoH students only). + +## Where to find us? + +- On-site : Robert Blackburn Building Room 300 +- [Discord](https://discord.gg/jE5VGjCu) +- [GitHub](https://github.com/freesidehull) +- [Freeside Website](https://freeside.co.uk/) diff --git a/src/blog/content/locking-sites-with-nginx-proxy-manager.md b/src/blog/content/locking-sites-with-nginx-proxy-manager.md new file mode 100644 index 0000000..dc67441 --- /dev/null +++ b/src/blog/content/locking-sites-with-nginx-proxy-manager.md @@ -0,0 +1,15 @@ +--- +title: Locking sites with Nginx Proxy Manager +description: How to lock your sites that don't have built in authentication +date: 2022-06-09 +tags: + - Nginx + - self-hosting + - how-to +layout: layouts/post.njk +--- + +I was looking for a way to lock my sites that need some sort of authentication that does not come built in. I had tried [Autheila](https://github.com/authelia/authelia) but I could never get it working. So here is a quick tutorial on locking sites with [Nginx Proxy Manager](https://nginxproxymanager.com/) (NPM) +First of all, I'm going to assume you have some sites that are _already_ proxied via NPM. If you don't have any sites proxied then you can folloew [this guide](https://docs.kieranrobson.com/posts/how-to-setup-nginx-proxy-manager-and-cloudflare-copy/) by Kieran Robson. +Once you have a site proxied go to your Access Lists, click on Add Access List and give it a name. Under Authorization enter in a username and password you want to lock a site with. Then in Access type all in allow, or if you have a specific IP range you want to be able to connect from, you can enter it here. Leave deny on all then press Save. +Navigate back to Hosts > Proxy Hosts and edit (triple dot icon) the site you want to lock then click on Access List and change from Publicly Accessible to the name of the Access List you chose. Click save and then navigate to the URL of the site. You should no be prompted with a login prompt and be met with a 401 error if you enter incorrect details. diff --git a/src/blog/content/making-your-own-blog.md b/src/blog/content/making-your-own-blog.md new file mode 100644 index 0000000..1bfa117 --- /dev/null +++ b/src/blog/content/making-your-own-blog.md @@ -0,0 +1,87 @@ +--- +title: Making your own blog +description: Second post, how to make your own blog using GitHub, Netlify and Eleventy. +date: 2021-10-16 +tags: + - github + - netlify + - web development +layout: layouts/post.njk +--- + +Please note that I will be updating this as I go along. This is my **first** time using Netlify, as such I lack a lot of experience using the service so far. I have been using GitHub consistently since September 2021 so I am still relatively new to how everything works. If there are any issues you can log them [here](https://github.com/CrimsonTome/crimsontome-blog/issues), ping me on Discord: `CrimsonTome427#7459` or send me and email at `crimsontome427@gmail.com` + +## Still here? + +Please note that this guide assumes you're working in a browser rather than a terminal/command line. + +Well, let's begin. + +First of all, if you want to use GitHub as the source for your code you'll need a repository(repo). If you're reading this then you may be new to GitHub like I was not so long ago. + +### Creating the repo + +You can either create your own from scratch and setup a framework later + +- Go to +- Under `Repository name` enter what you want the repo to be called e.g. my-blog +- Under `Description` you can add a bit about your site, for example what it is about and how it is made +- Make sure `Public` is ticked, it should be by default +- You can tick `Add a README file` to go into more detail about your code if you wish. It is not completely necessary but may be useful for explaining your repo to other users or those that are interested but don't understand what exactly is going on by viewing the code itself +- Click `Create repository` + +**OR** + +You can create your repo using a template (what I did) e.g Eleventy's base template + +- Go to +- Under `Repository name` enter what you want the repo to be called e.g. my-blog +- Under `Description` you can add a bit about your site, for example what it is about and how it is made +- Make sure `Public` is ticked, it should be by default +- Keep `Include all branches` unticked (it's what I did, so some things may be different if you decide to tick it, I can't help with some things at that point) + +### Netlify config + +GitHub will then generate your repo using the eleventy base blog template. There will be a list of files generated, an important one being `README.md`. As the README states, you will need to `Edit _data/metadata.json`. You will find this at `https://github.com/your-github-name/your-repo-name/blob/master/_data/metadata.json`. But first, make sure you commit your changes if you've made any and let's head over to [Netlify](https://app.netlify.com/signup). +You can use your email or GitHub login (I'd recommend using GH as that is what I did). Once logged in go to , choose `GitHub` as the option for Continuous Deployment then select your repo you have created with the elventy template. Then click `Deploy site`. Head to `https://app.netlify.com/sites/user-name/settings/general#site-details`. For now Netlify provides you with its own subdomain at `subdomain.netlify.app` but you can change it by presssing `Change site name`. + +### Back to GitHub + +Remember `metadata.json`? You'll need to fill that in now to customise the template to match you. + +```json +{ + "title": "Blog title", + "url": "https://subdomain-you-chose.netlify.app/", + "language": "en", + "description": "add a description here", + "feed": { + "subtitle": "add a subtitle here", + "filename": "feed.xml", + "path": "/feed/feed.xml", + "id": "https://subdomain-you-chose.netlify.app/" + }, + "jsonfeed": { + "path": "/feed/feed.json", + "url": "https://subdomain-you-chose.netlify.app/feed/feed.json" + }, + "author": { + "name": "your-name", + "email": "your-email, + "url": "https://subdomain-you-chose.netlify.app/about-me/" + } +} +``` + +Make sure to commit your changes and then netlify should automatically rebuild your site. It shouldn't take more than a minute to do so. +You can add an about me page by editing `about/index.md`. Leave the front matter (stuff surrounded by): + +``` +--- + +--- +``` + +Now then, you'll probably want to make some blog posts, this is a blog repo that you're maiking after all right? +The Eleventy base blog template comes with a few in `/posts`, I'd recommend leaving the layout section in the front matter, change everything else as you please. Oh and you can rename the file, just keep at as `something.`**md** +If you know how to work with CSS then you can change the main stylesheet at `css/index.css` diff --git a/src/blog/content/my-current-vps-setup.md b/src/blog/content/my-current-vps-setup.md new file mode 100644 index 0000000..8b8cbfc --- /dev/null +++ b/src/blog/content/my-current-vps-setup.md @@ -0,0 +1,138 @@ +--- +title: My current VPS setup +description: What I'm running on my VPS +date: 2022-06-09 +tags: + - self-hosting + - linux + - vps-series +layout: layouts/post.njk +--- + +A few months ago I made a [post](https://blog.crimsontome.com/posts/PVE/) on Proxmox and what I run/ran on my physical home server, and whilst I have now fixed my hardware issues (by geting completely different hardware) I am yet to recreate all my VMs on that machine. So in the meantime, using my [GitHub Student](https://education.github.com/pack) credits I have setup a VPS with [DigitalOcean](https://www.digitalocean.com/products/droplets). + +## What I run + +### Blog + +My blog (what you are currently reading) is hosted on my droplet using [11ty](https://www.11ty.dev/) and [Docker](https://www.docker.com/). It is essentially the same as what I have done previously except instead of deploying to netlify I have Docker build the site and expose it on my server with this Dockerfile + +```dockerfile +FROM node:10-alpine3.9 as npmpackages +WORKDIR /app +COPY package.json . +RUN npm install + +FROM node:10-alpine3.9 as builder +WORKDIR /app +COPY --from=npmpackages /app /app +COPY . . +RUN npm run build + +FROM nginx:1.17.10-alpine +RUN rm -r /usr/share/nginx/html/ +COPY --from=builder /app/_site/ /usr/share/nginx/html/ + +EXPOSE 5000 +``` + +### Git server + +My Git server at https://git.crimsontome.com (as reccomended by a good friend [Starbeamrainbowlabs](https://starbeamrainbowlabs.com/)) is created using [Gitea](https://gitea.io/en-us/). I use it to host most of my private repositories and store backups of some important repos from GtiHub, just in case. I had some issues setting this up in a Docker container so i just run the standalone package. + +### Links + +https://links.crimsontome.com is created from a [littlelink](https://github.com/techno-tim/littlelink-server) container. It is an open-source self-hosted alternative to services like LinkTree. It contains links to most of my public services and is ran through this docker-compose file + +```dockerfile +version: "3.0" +services: + littlelink-server: + image: ghcr.io/techno-tim/littlelink-server:latest + # dockerhub is also supported timothystewart6/littlelink-server + # image: timothystewart6/littlelink-server:latest + container_name: littlelink-server + environment: + - META_TITLE=CrimsonTome + - META_DESCRIPTION=Linux Sysadmin and FOSS Enthusiast + - META_AUTHOR=CrimsonTome + - LANG=en + - META_INDEX_STATUS=all + - OG_SITE_NAME=CrimsonTome + - OG_TITLE=CrimsonTome + - OG_DESCRIPTION=The home of CrimsonTome + - OG_URL=https://crimsontome.com + - GA_TRACKING_ID=G-XXXXXXXXXX + - THEME=Dark + - AVATAR_URL=https://https://avatars.githubusercontent.com/u/64846840?v=4 + - AVATAR_2X_URL=https://https://avatars.githubusercontent.com/u/64846840?v=4 + - AVATAR_ALT= + - NAME=CrimsonTome + - BIO=The home of CrimsonTomes links + # use ENV variable names for order, listed buttons will be boosted to the top + - BUTTON_ORDER=YOUTUBE,TWITCH,TWITTER,GITHUB,INSTAGRAM,DISCORD,FACEBOOK,TIKTOK,PATREON,GEAR,DOCUMENTATION + # you can render an unlimited amount of custom buttons by adding + # the CUSTOM_BUTTON_* variables and by using a comma as a separator. + - CUSTOM_BUTTON_TEXT=Blog,LinkedIn, Git Service, PasteBin Service + - CUSTOM_BUTTON_URL=https://blog.crimsontome.com,https://www.linkedin.com/in/matt-clark-aa776b1b4/,https://git.crimsontome.com,https://paste.crimsontome.com + - CUSTOM_BUTTON_COLOR=#000000,#000000,#000000,#000000 + - CUSTOM_BUTTON_TEXT_COLOR=#ffffff,#ffffff,#ffffff,#ffffff + - CUSTOM_BUTTON_ALT_TEXT=My blog,LinkedIn,Gitea,PrivateBin + - CUSTOM_BUTTON_NAME=BLOG,LinkedIn,Gitea,PrivateBin + - CUSTOM_BUTTON_ICON=fas file-alt,fas file-alt,fas file-alt,fas file-alt + - GITHUB=https://github.com/crimsontome + - TWITTER=https://twitter.com/ctome427 + - YOUTUBE=https://www.youtube.com/channel/UCrxIJeb-FW_rFBQ19LRZSaQ + - FOOTER=CrimsonTome © 2022 + + ports: + - 8090:3000 + restart: unless-stopped + security_opt: + - no-new-privileges:true +``` + +### Nginx Proxy Mangager + +[Nginx Proxy Manager](https://nginxproxymanager.com/) is a project that 'comes as a pre-built docker image that enables you to easily forward to your websites running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt' + +```dockerfile +version: '3' +services: + app: + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + ports: + - '80:80' + - '81:81' + - '443:443' + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt +``` + +You can also use it to lock sites that don't come with their own authenticattion. You can read about how to do that [here](https://blog.crimsontome.com/posts/locking-sites-with-nginx-proxy-manager/) + +### PrivateBin server + +Whilst currently not fully functional, https://paste.crimsontome.com hosts my [PrivateBin](https://privatebin.info/) instance. Like most of my services it runs inside a docker container + +```dockerfile +docker run -d --restart="always" --read-only -p 8080:8080 -v $PWD/privatebin-data:/srv/data privatebin/nginx-fpm-alpine +``` + +### Dashy + +[Dashy](https://dashy.to/) can be ran in a docker container, but some plugins _do not_ work whilst Dashy is in one, so I am using npm to build and serve it instead. Once you are done setting up dashy + +```shell +git clone https://github.com/Lissy93/dashy.git +cd dashy +# make your changes to public/conf +npm run build +npm run start +``` + +### Server metrics with NetData + +I use [NetData](https://github.com/netdata/netdata) to provide server metrics for my dashboard such as CPU, Memory and disk usage, alognside many others diff --git a/src/blog/content/on-switching-to-nginx-properly.md b/src/blog/content/on-switching-to-nginx-properly.md new file mode 100644 index 0000000..4973bd4 --- /dev/null +++ b/src/blog/content/on-switching-to-nginx-properly.md @@ -0,0 +1,249 @@ +--- +title: On switching to nginx properly +description: Switching from Nginx Proxy Manager to Nginx +date: 2023-02-01 +tags: + - Nginx + - self-hosting +layout: layouts/post.njk +--- + +![](https://upload.wikimedia.org/wikipedia/commons/c/c5/Nginx_logo.svg) + +
+ +Recently, I switched from [Nginx Proxy Manager](https://github.com/NginxProxyManager/nginx-proxy-manager) - the Docker container - to bare [Nginx](https://www.nginx.com/). Or more specifically the open source webserver and reverse proxy - there are many other [products](https://www.nginx.com/products/) available. There were a few reasons for this: + +- Nginx Proxy Manager could be quite memory heavy, causing my VPS to slow down at times +- Some weird certificate errors I had no idea how to solve caused Nginx Proxy Manager to break a few times +- I wanted to learn how to configure Nginx from the ground up - rather than playing with predefined blocks that could be overwrote if I didn't do it right - and I would have to learn it anyway for where I hope to do my year in industry so why not get started early +- I had friends recommend it to me that have knowledge of Nginx and certificate management so I knew I would have people to go to should I need help + +Getting started, I shut down my Nginx Proxy Manager container and was ready for a little downtime but this would not have been too much of an issue as I don't run any _critical_ services, all I was really worried about was my password manager and GitHub --> [Gitea](https://github.com/go-gitea/gitea/) backups managed by [this](https://github.com/jaedle/mirror-to-gitea), which mirrors public repos to my [Gitea instance](https://git.crimsontome.com). Sadly this tool does not yet have the ability to mirror private repositories - see [this pull request](https://github.com/jaedle/mirror-to-gitea/pull/4), but with risk of going too off topic, I'll leave anymore talk of this for a future post. + +With the container teared down, I installed Nginx with + +```sh +sudo nala install nginx +``` + +([nala](https://github.com/volitank/nala) is a wrapper around apt) and made sure it was enabled and running with + +```txt +ctome in 🌐 crimsontome in ~ +> sudo systemctl status nginx +[sudo] password for ctome: +● nginx.service - A high performance web server and a reverse proxy server + Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) + Active: active (running) since Sat 2023-01-28 09:42:22 UTC; 1 day 17h ago + Docs: man:nginx(8) + Process: 819 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) + Process: 1001 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) + Process: 170432 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS) + Main PID: 1153 (nginx) + Tasks: 3 (limit: 4546) + Memory: 12.9M + CPU: 2min 46.861s + CGroup: /system.slice/nginx.service + ├─ 1153 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;" + ├─170461 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" + └─170462 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" + +Jan 28 09:42:20 crimsontome.com systemd[1]: Starting A high performance web server and a reverse proxy server... +Jan 28 09:42:22 crimsontome.com systemd[1]: Started A high performance web server and a reverse proxy server. +Jan 28 09:53:34 crimsontome.com systemd[1]: Reloading A high performance web server and a reverse proxy server... +Jan 28 09:53:34 crimsontome.com systemd[1]: Reloaded A high performance web server and a reverse proxy server. +Jan 28 10:37:19 crimsontome.com systemd[1]: Reloading A high performance web server and a reverse proxy server... +Jan 28 10:37:19 crimsontome.com systemd[1]: Reloaded A high performance web server and a reverse proxy server. + +``` + +Once I knew the service was running correctly, I had to verify that the default page was working by going to the root of my domain (http://crimsontome.com) and as expected the page was waiting for me, telling me Nginx was working. Next was to move it from `/etc/nginx/sites-enabed/default` to `/etc/nginx/sites-available/default` + +Next was adding the following to my config at `/etc/nginx/nginx.conf` within the `http` block and replacing 'port-number' with the corresponding port for that service + +```nginx +http { + # ... default config... + upstream service { + server 127.0.0.1:port-number; + } + # repeating upstreams for all services +} + +# ... more config ... +``` + +Upstream is nice for handling services that don't have a defined source like `/var/www/site`. Since I run most of my sites inside Docker containers and expose the ports this is quite handy. + +Next was adding individual site configuration, for example my main page at `/etc/nginx/sites-enabled/crimsontome.com.conf`: + +```nginx +server { + listen 80 + server_name crimsontome.com; + location / { + proxy_pass http://root; + } +} +``` + +This all seemed pretty simple and after restarting Nginx with + +```sh +sudo nginx -s reload +``` + +all seemed to work when visiting http://service.crimsonmtome.com (don't try the link it's not a real one, at least I hope it doesn't exist 😛). This wasn't as hard as I originally thought this would be, until I encountered certificates for managing HTTPS connections. . . + +It started off with Certbot and its Nginx plugin, allowing HTTPS with Nginx and disabling HTTP. All HTTP traffic is redirected to HTTPS anyway + +```sh +sudo nala install certbot python3-certbot-nginx +sudo ufw allow 'Nginx Full' +sudo ufw delete allow 'Nginx HTTP' +sudo ufw status +``` + +then to give each site it's certificate + +```txt +xargs -L1 sudo certbot --nginx --expand -d < ~/domains +``` + +where domains is a newline separated list of domains + +Later I was told to use `certonly` with the `certbot` command, at which point I tried that but was met with being rate limited by Let's Encrypt. Fun. + +After waiting a while longer I tried again but encountered errors again, certificates already existing etc, more rate limiting. It was pointed out to me later on thatI should have used the staging server to test all of this before I was sure. + +I purged Certbot and removed mentions of it in my Nginx configs then re installed and tried re creating the certificates, but then Nginx complained because Certbot didn't put the certificate fields back. At this point I was about to give up until a [friend](https://github.com/lgibson02) - the follwing snippets are from him - suggested [acme-tiny](https://github.com/diafygi/acme-tiny) - installed with + +```sh +sudo apt-get install acme-tiny +``` + +and creating a new script at `usr/local/bin/update-cert` + +```sh +#!/bin/sh +set -e +echo "$0 | $(date)" +[ -z "$1" ] && echo "Usage: $(basename $0) " && exit 1 +domains="$@" + +set_permissions() { + chown root:$2 "$1/"* + chmod 0640 "$1/"* +} + +check_current_cert() { + rm -rf /tmp/cert + mkdir -p /etc/cert + cp -rf /etc/cert /tmp + cd /tmp/cert + # check type of current certificate is the same as the type to be updated to + [ -f type ] && [ "$(cat type)" = "$1" ] && return 0 + # if type doesnt match... + rm -rf ./* # clear directory + echo "$1" > type # write new type +} + +make_signing_request() { + subject_alt_name="DNS:$(echo "$domains" | sed "s/ /, DNS:/g")" + openssl req -nodes -newkey rsa:4096 -keyout private.key -subj "/" \ + -addext "subjectAltName = $subject_alt_name" > "$1" +} + +install() { + cp -rf ./* /etc/cert + set_permissions /etc/cert root + systemctl reload-or-restart nginx +} + +install_self_signed() { + check_current_cert selfsigned + make_signing_request request.csr + openssl x509 -in request.csr -req -signkey private.key > certificate.crt + install +} + +install_letsencrypt_signed() { + check_current_cert letsencrypt + make_signing_request request.csr + test -f account.key || openssl genrsa 4096 > account.key + set_permissions . www-data + sudo -u www-data acme-tiny --account-key account.key --csr request.csr \ + --acme-dir /var/www/acme-challenge/ > ./certificate.crt + rm -rf /var/www/acme-challenge/*; + install +} + +echo "Updating certificate..." +# NGINX is needed for the ACME challenge to complete but it will not start +# without a certificate, so begin with a self-signed one. +if [ ! -d /etc/cert ]; then + install_self_signed +fi +install_letsencrypt_signed +``` + +Adding this to `/etc/nginx/snippets/listen-https.conf` + +```nginx +listen 443 http2 ssl; +listen [::]:443 http2 ssl; +add_header Strict-Transport-Security "max-age=31536000" always; +ssl_certificate /etc/cert/certificate.crt; +ssl_certificate_key /etc/cert/private.key; +``` + +and this to the default Nginx http block + +```nginx +# plaintext HTTP server: +# 1) sends redirect to HTTPS servers +# 2) serves ACME challenge for renewing SSL certificate +server { + listen 80 default; + listen [::]:80 default; + + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge/ { + alias /var/www/acme-challenge/; + try_files $uri /; + } +} +``` + +Creating a directory owned by `www-data` at `/vaw/www/acme-challenge` + +```sh +sudo mkdir /var/www/acme-challenge +sudo chown -R www-data:www-data /var/www/acme-challenge +``` + +After testing with the staging server I thought that the following would work with `update-cert` + +```sh +sudo xargs -L1 update-cert < ~/domains +``` + +However this would make all my certificates be the last one in the list. Removing `-L1` fixed the problem once I was - one more time - no longer rate limited. + +Finally, setting up the cron job to auto renew certs with: + +```sh +sudo crontab -e +``` + +adding the following + +```txt +42 7 1 * * xargs update-cert < /home/ctome/domains 2>&1 > /var/log/cert.log +``` + +From then on, all my sites had working TLS. diff --git a/src/blog/content/pages/_index.md b/src/blog/content/pages/_index.md new file mode 100644 index 0000000..800a244 --- /dev/null +++ b/src/blog/content/pages/_index.md @@ -0,0 +1,3 @@ ++++ +render = false ++++ diff --git a/src/blog/content/pages/about.md b/src/blog/content/pages/about.md new file mode 100644 index 0000000..ed83311 --- /dev/null +++ b/src/blog/content/pages/about.md @@ -0,0 +1,16 @@ ++++ +title = "About me" +path = "about" ++++ +So I guess I should introduce myself. I'm known as CrimsonTome online (not that I'm well known at all), but if you do speak to me then feel free to call me Matt. +I am second year Computer Science student at the University of Hull, at which I am the Webmaster for [HullCSS](https://hullcss.org) and a member of the sysadmin team at [Freeside](https://freeside.co.uk) +I studied Computer Science, Psychology and Sociology at York College and achieved grades C, C and A respectively. +I have some experience with Linux, which started with tinkering with a Raspberry Pi which i have been doing for 5 years now. In August 2021 I switched from Windows 10 to Ubuntu --> Kubuntu --> Arch --> MX --> Fedora KDE (current) on my laptop and am now familiar with Linux. +Like many others, I enjoy playing video games in my spare time. My favourite franchises would have to be Fire Emblem and Borderlands. As a CS student I also enjoy coding primarily in Bash/Shell and C# as these are what I am the most familiar with. I know a bit of Python As part of working on this site I am learning some CSS and JS. I've always wanted to learn C/C++ but never really had the time for it. I love working on Linux sysadmin and spend a lot of time working on my VPS and tinkering with Docker. +If for some reason you need to contact me then my Discord is: CrimsonTome427#7459 +Or send me an email at +Mastodon + +Source code for this site can be found here + +Looking to hire me? My CV is available [here](/img/cv-02-23.pdf) diff --git a/src/blog/content/pages/archive.md b/src/blog/content/pages/archive.md new file mode 100644 index 0000000..2c032c0 --- /dev/null +++ b/src/blog/content/pages/archive.md @@ -0,0 +1,5 @@ ++++ +title = "Archive" +path = "archive" +template = "archive.html" ++++ diff --git a/src/blog/content/password-managers.md b/src/blog/content/password-managers.md new file mode 100644 index 0000000..dceddf6 --- /dev/null +++ b/src/blog/content/password-managers.md @@ -0,0 +1,23 @@ +--- +title: Self host your password manager! +description: How and why you should self host your own password manager +date: 2023-01-01 +tags: + - self-hosting + - security +layout: layouts/post.njk +--- + +tldr: password managers provided by large companies, while convenient and come with some very nice faeatures are very much vulnerable to having data breaches and can have security issues. You don't want that. + +You've seen the news, it seems like every other week a company has a data breach or vulnerability discovered. For example LastPass had an incident in August 2022. Whilst the company did a good job of disclosing the fact they had a breach, saying only development material was compromised and that they had no reason to believe any passwords of its users had been stolen, in December 2022 they updated their [post](https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/) stating that some personal information was obtained, such as 'end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service'. Whilst this data isn't classed as critical, it is still data that could be used to aid in another attack on an individual or company. However those that use a weak master password could still have their database [brute forced](https://en.wikipedia.org/wiki/Brute-force_attack). There are other examples that you can find online with a quick Google search. + +So what can you do about this? Don't rely on companies to provide security for you. [Self host]() your own password manager. This can either be via an application on your computer or a web based client on a [VPS](https://en.wikipedia.org/wiki/Virtual_private_server). I can recommend [Vaultwarden](https://github.com/dani-garcia/vaultwarden) for hosting on a server. You can install it using [Docker](https://docker.com) with the following commands: + +```sh +docker pull vaultwarden/server:latest +docker run -d --name vaultwarden -v /vw-data/:/data/ -p a-port-that-is-not-in-use:80 vaultwarden/server:latest +``` + +If you are new to Docker, you can follow [this guide](https://kieranrobson.com/docs/docker-and-docker-compose/) by Kieran Robson on installing Docker and Docker Compose. +For desktop use I recommend using the cross-platform [KeePassXC](https://keepassxc.org/). Both will prompt you to enter in a master password, for those that haven't used a password manager before, this is the one password you will have to remember, think of it as a key to your database filled with passwords. Make sure this is a strong, but memorable password! If you lose this password your database will be unusable to you and if it is too weak it's vulnerable to being brute forced - especially if you are exposing this over the network. diff --git a/src/blog/content/posts.json b/src/blog/content/posts.json new file mode 100644 index 0000000..4dbbba0 --- /dev/null +++ b/src/blog/content/posts.json @@ -0,0 +1,3 @@ +{ + "tags": ["posts"] +} diff --git a/src/blog/content/raspi-intro.md b/src/blog/content/raspi-intro.md new file mode 100644 index 0000000..c55c2d8 --- /dev/null +++ b/src/blog/content/raspi-intro.md @@ -0,0 +1,116 @@ +--- +title: Introduction to Raspberry Pi +description: This is my first post, it is an introduction to Raspberry Pi. +date: 2021-10-15 +tags: + - raspberry pi +layout: layouts/post.njk +--- + +# So you want to find out about the Raspberry Pi? + +I would be surprised if you've never heard of them, since they seem to have exploded in popularity in recent years. They are very popular with those who want to get into programming and electronics, or Linux in general. + +_Just a quick disclaimer, though I have been using Pis in some form for over 5 years now I can only really say I have casual experience with Pis and as such what is written here may be subjective or incorrect in some ways. I suggest you do your own research if you want to get into them, or if you're someone with knowledge of them and want to correct me feel free to contact me._ + +## But first, just a little bit of history + +The Raspberry Pi Foundation (RPF), based in the UK launched their first model of the Raspberry Pi in 2012, this was the Model B. The RPF has made one of the first affordable credit card sized computers. The Pis are designed to be intuitive (especially with Raspbian Desktop - its main OS) and suitable for educational purposes. They are still making models to this day, with the Raspberry Pi 400 being launched in November 2020 and the Pico (Microcontroller) being released in 2021. + +## So, why should you get a Pi? + +It may seem like these single board computers are a bit underwhelming. What, the best model only has 8GB of RAM?! Well you see not everyone has the money to spend hundreds or even thousands of pounds on a computer. This leads me to what I think is the best thing about these: they're cheap. For example the Raspberry Pi Zero costs ~£5 and can do plenty of things that it's successors can. Sure it does it to a lesser extent but to me at least that is part of the fun, given what you've got how can I make _x_ work? +Another reason is that if you have an idea, you can probably make it with a Raspberry Pi. As you'll see in the resources section, there are so many different things you can do, and for a lot of them you don't really need to know that much beforehand, just get stuck in. Want to make a NAS, retro games player, host your own website, play around with some electronics? The Pi has you covered. + +## Series + +### Zero + +The Raspberry Pi Zero (released in 2015) is a much smaller device - around half the size of the Raspberry Pi model A+. The original Zero had these specifications: + +- 1GHz single-core CPU +- 512MB RAM +- Mini HDMI port +- Micro USB OTG port +- Micro USB power +- HAT-compatible 40-pin header +- Composite video and reset headers +- CSI camera connector + +Given its size and low specifications, it is highly portable and has very low power consumption. This also makes it suitable for use in embedded systems. For example it would work well in a drone with a camera attached to the Zero. + +### Pico + +The Raspberry Pi Pico was released in 2021 with a price of ~£3 with these features: + +- RP2040 microcontroller chip designed by Raspberry Pi in the United Kingdom +- Dual-core Arm Cortex M0+ processor, flexible clock running up to 133 MHz +- 264KB of SRAM, and 2MB of on-board Flash memory +- Castellated module allows soldering direct to carrier boards +- USB 1.1 with device and host support +- Low-power sleep and dormant modes +- Drag-and-drop programming using mass storage over USB +- 26 × multi-function GPIO pins +- 2 × SPI, 2 × I2C, 2 × UART, 3 × 12-bit ADC, 16 × controllable PWM channels +- Accurate clock and timer on-chip +- Temperature sensor +- Accelerated floating-point libraries on-chip +- 8 × Programmable I/O (PIO) state machines for custom peripheral support + +Like the Zero, the Pico can also be used as part of an embedded system such as acting as a temperature sensor for someewhere like a greenhouse + +### Other + +A popular model of the Raspberry Pi is the Model 4B: + +- Broadcom BCM2711, Quad core Cortex-A72 (ARM v8) 64-bit SoC @ 1.5GHz +- 2GB, 4GB or 8GB LPDDR4-3200 SDRAM (depending on model) +- 2.4 GHz and 5.0 GHz IEEE 802.11ac wireless, Bluetooth 5.0, BLE +- Gigabit Ethernet +- 2 USB 3.0 ports; 2 USB 2.0 ports. +- Raspberry Pi standard 40 pin GPIO header +- 2 × micro-HDMI ports (up to 4kp60 supported) +- 2-lane MIPI DSI display port +- 2-lane MIPI CSI camera port +- 4-pole stereo audio and composite video port +- H.265 (4kp60 decode), H264 (1080p60 decode, 1080p30 encode) +- OpenGL ES 3.1, Vulkan 1.0 +- Micro-SD card slot for loading operating system and data storage + -5V DC via USB-C connector (minimum 3A) +- 5V DC via GPIO header (minimum 3A\*) +- Power over Ethernet (PoE) enabled (requires separate PoE HAT) + +The Pi Model 4B can be powerful enough to run some quite intensive things, given the right environment. For example (though not with a 4B) I used to run Retropie for running some retro games with decent performance. + +## Links to some resources + +1. [Raspberry Pi Official site](https://www.raspberrypi.org/) +2. [Raspberry Pi Documentation](https://www.raspberrypi.org/documentation/) +3. [Raspberry Pi Forums](https://www.raspberrypi.org/forums/) +4. [Raspberry Pi YouTube Channel](https://www.youtube.com/c/raspberrypi) +5. [Sample Raspberry Pi Projects](https://projects.raspberrypi.org/en) +6. [Raspberry Pi StackExchange](https://raspberrypi.stackexchange.com/) +7. [Opensource.com Pi](https://opensource.com/tags/raspberry-pi) +8. [Instructables Pi](https://www.instructables.com/circuits/raspberry-pi/projects/) +9. [Hackaday Pi](https://hackaday.io/projects?tag=raspberry%20pi) +10. [Jeff Geerling's YouTube Channel](https://www.youtube.com/c/JeffGeerling) - Jeff has a lot of videos based on Raspberry Pi projects along with some unusual testing like attempting to get modern graphics cards to function on the Pi (spoiler alert he's had very limited success with this). He also has a series on Ansible, Kubernetes and more. +11. [Jeff Geerling's Pi PCI site](https://pipci.jeffgeerling.com/) +12. [N-O-D-E](https://www.youtube.com/c/NODEtv) +13. [NetworkChuck's YouTube Channel](https://www.youtube.com/c/NetworkChuck/videos) - has some good pi videos +14. [Retropie](https://retropie.org.uk/) - If you want to relive the glory days of retro games +15. [Setting up VMware on a Raspberry Pi 4](https://www.experts-exchange.com/articles/34931/HOW-TO-Install-and-Configure-VMware-vSphere-Hypervisor-7-0-ESXi-7-0-ARM-on-a-Raspberry-Pi-4.html) +16. [TuringPi](https://turingpi.com/v2/) +17. [Pinout](https://pinout.xyz/) +18. [SBRL blog](https://starbeamrainbowlabs.com/blog/article.php?article=posts/242-Learn-Your-Terminal.html) + +### Some project ideas + +1. [Build a NAS](https://pimylifeup.com/raspberry-pi-nas/) +2. [Setup Emulation Station (a personal favourite)](https://pimylifeup.com/raspberry-pi-emulation-station/) +3. [Bitwarden](https://pimylifeup.com/raspberry-pi-bitwarden/) +4. [Internet Speed Monitor](https://pimylifeup.com/raspberry-pi-internet-speed-monitor/) +5. [Pi-hole](https://pimylifeup.com/raspberry-pi-pi-hole/) +6. [Git server](https://pimylifeup.com/raspberry-pi-git-server/) +7. [Projects from Raspberry Pi](https://projects.raspberrypi.org/en) + +_Resources compiled by various Freeside members, a huge thanks to everyone who helped!_