agj/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: agj:dev
Branches Tags
agj:main agj:dev agj:portainer
..
compare: agj:f33daf46ccdea268eb1d91325fe0b0d550fb0b67
Branches Tags
agj:dev agj:main agj:portainer

1 Commits
dev ... f33daf46cc

Author SHA1 Message Date
Asger Gitz-Johansen
f33daf46cc feat: descope the portainer post 
crowdsec is a separate adventure.
 2025-04-15 21:38:35 +02:00
5 changed files with 47 additions and 180 deletions
Expand all files Collapse all files

2
README.md
View File

@ -20,14 +20,12 @@ docker run --rm -it -p 8080:8080 wip hugo serve --bind 0.0.0.0 --port 8080
should be a laser printer, as inkjet is stupid. should be a laser printer, as inkjet is stupid.
- [ ] A truly FOSS eink reader. - [ ] A truly FOSS eink reader.
- [ ] VIM Bindings everywhere please - [ ] VIM Bindings everywhere please
- [ ] trying to use a MIDI controller as a piano on Linux is insanity
### Digital Soverignty ### Digital Soverignty
- [x] how to host a blog - [x] how to host a blog
- [ ] how to securely "self-host" using a VPS, portainer and traefik - [ ] how to securely "self-host" using a VPS, portainer and traefik
- [x] how to configure neomutt - [x] how to configure neomutt
- [ ] how to securely host a mail server - [ ] how to securely host a mail server
- [ ] how to private tracker with a NAS
### Old sillyblog ### Old sillyblog
- [x] Avr memory model - [x] Avr memory model

8
content/about.md
View File

@ -3,10 +3,10 @@ title: About gtz blog
author: Asger Gitz-Johansen author: Asger Gitz-Johansen
--- ---
I am a software engineer from Denmark working at [GomSpace](https://gomspace.com/home.aspx). This is just my simple I am a software engineer from Denmark working at [GomSpace](https://gomspace.com/home.aspx).
blog that I use for letting out "blogging-steam". I write GNU/Linux based tutorials and sometimes I write opinion This is just my simple blog that I use for letting out "blogging-steam".
pieces. These posts are mostly for my own sake, but I hope you find my stuff useful. I write GNU/Linux based tutorials and sometimes I write opinion pieces.
I hope you find my stuff useful.
If you want more from me, check my links: If you want more from me, check my links:
- [GitHub](https://github.com/sillydan1) - [GitHub](https://github.com/sillydan1)

2
content/posts/avr-memory-model.md
View File

@ -69,7 +69,7 @@ gdb: > x/16xb my_heap_object
``` ```
The first bytes at address `0x800100` are `0a` and `00`. These bytes are the *free-list* entry and explains how "big" The first bytes at address `0x800100` are `0a` and `00`. These bytes are the *free-list* entry and explains how "big"
the object is. When reading this, we have to remember that the model is little endian-based (meaning that the bytes are the object is. When reading this, we have to remember that the model is littleengine-based (meaning that the bytes are
switched), switched),
so we actually have the value of `0x000a`, meaning `10` in decimal. This makes a lot of sense, since we allocated 5 so we actually have the value of `0x000a`, meaning `10` in decimal. This makes a lot of sense, since we allocated 5
`int`s, that is of size 2 (16bit integers). `int`s, that is of size 2 (16bit integers).

24
content/posts/computation-in-nature.md
View File

@ -9,17 +9,17 @@ categories = ['opinion']
## Disclaimer ## Disclaimer
This was written as a student project as part of our ethics course, where we had to write an opinion piece on anything This was written as a student project as part of our ethics course, where we had to write an opinion piece on anything
we wanted in the field of computer science. Note that this was before *LLM*'s was a thing. I also apologize if the we wanted in the field of computer science. Note that this was before *LLM*'s was a thing.
wording is off - this was written in an afternoon as a rush-job. I still think it's an interesting read though.
# Computation in Nature # Computation in Nature
> "If you ever think your code is bad, just remember that CPUs are just rocks that we tricked into thinking" > "If you ever think your code is bad, just remember that CPUs are just rocks that we tricked into thinking"
**Does nature compute, or is computation something that only humans are doing? If so, what is it about?** **Does the nature compute, or the computation is something that only the humans are
doing? If so, what is it about?**
To answer this question, we would need to define what the terms used in it even means. If you look up the definition To answer this question, we would need to define what the terms used in it even means. If you look up the definition
of the word compute on Merriam Websters dictionary, you find that it primarily means _"to determine of the word compute on Merriam Websters dictionary, you will find that it primarily means _"to determine
especially by mathematical means"_. This definition mentions a usage of mathematics, which suggests a close bond especially by mathematical means"_. This definition mentions a usage of mathematics, which suggests a close bond
between these concepts. What would it mean to determine something? I would argue that it means to make a decision between these concepts. What would it mean to determine something? I would argue that it means to make a decision
based on either prior experience, data or calculations. This implies that computation have a focus on deciding based on either prior experience, data or calculations. This implies that computation have a focus on deciding
@ -33,20 +33,20 @@ mentions that flower petals rarely exceeds a quantity of five. We even see the f
seeds](http://popmath.org.uk/rpamaths/rpampages/sunflower.html). seeds](http://popmath.org.uk/rpamaths/rpampages/sunflower.html).
An example of computation in nature is actually very easy to find. Take a rabbit, or any other smaller prey. A rabbit An example of computation in nature is actually very easy to find. Take a rabbit, or any other smaller prey. A rabbit
is constantly observing and reacting to the sorrounding environment, otherwise it gets eaten by predators or fall is constantly observing and reacting to the sorrounding environment, otherwise it will get eaten by predators or fall
into a lake and drown or any other scenario involving death. You could argue that the rabbit is constantly asking into a lake and drown or any other scenario involving death. You could argue that the rabbit is constantly asking
questions about what to: _"Should I run away?"_, _"Should I keep eating?"_, _"Should I be eating this?"_ etc. The questions about what to: _"Should I run away?"_, _"Should I keep eating?"_, _"Should I be eating this?"_ etc. The
rabbit may not be consciously aware of these queries, but nevertheless, it is answering to them through actions. rabbit may not be consciously aware of these queries, but nevertheless, it is answering to them through actions.
In Empiricism, the concept of a mind being a blank slate (in this case we are talking about a human mind, not In Empiricism, the concept of a mind being a blank slate (in this case we are talking about a human mind, not
a rabbits), which remembers experiences throughout it's life is very much applicable here. This trait means that a a rabbits) and experiences gets remembered is very much applicable here. This trait means that a human mind
human mind has a memory, i.e. It can remember old conclusions and recall them when desired. We can actually prove that has a memory, i.e. It can remember old conclusions and recall them when desired. We can actually prove that this
this trait is not exclusive to humans, since we can observe other mammals (and even fish and reptiles) demonstrating trait is not exclusive to humans, since we can observe other mammals (and even fish and reptiles) demonstrating
the usage of memory. A prime example is the elephant, but pretty much any animal applies here. the usage of memory. A prime example is the elephant.
In Rationalism, we see a similar pattern that mimics memory - using the method of deduction to find conclusions and In Rationalism, we see a similar pattern of using the method of deduction to find conclusions and deduct new
deduct new conclusions. However, if you were to believe the Rationalists, getting the data needed for computation conclusions (memory). However, if you were to believe the Rationalists, getting the data needed for computation
in nature, may be a tricky task. We previously had an assumption that we could trust our senses and that other in nature, may be a tricky task. We previously had an assumption, that we could trust our senses and that other
creatures also had senses. In Rationalism the only thing we can trust is the fact that we are doubting. Since we creatures also had senses. In Rationalism the only thing we can trust is the fact that we are doubting. Since we
cant say anything about if the rabbit is doubting everything. This is where the rabbit example breaks down a cant say anything about if the rabbit is doubting everything. This is where the rabbit example breaks down a
little, but we are not completely stuck here. Humans are mammals and mammals are a type of animal. Animals are little, but we are not completely stuck here. Humans are mammals and mammals are a type of animal. Animals are

189
content/posts/how-to-portainer.md
View File

@ -10,7 +10,7 @@ In this post, we will be going over how to set up a [portainer](https://www.port
and how to use it. This is ideal if you want to host a personal website, a [blog](/posts/how-to-blog), a personal and how to use it. This is ideal if you want to host a personal website, a [blog](/posts/how-to-blog), a personal
[github](git.gtz.dk) or whatever your development heart desire. [github](git.gtz.dk) or whatever your development heart desire.
If you choose to follow along, by the end of it, you will have an environment where you can just add or remove docker If you choose to follow along, by the end of it, you will have an environment where you can just add or remove docker
based services at a whim using a nice web-based interface. based services at a whim.
I assume that you already know about `docker` and `docker compose` yaml syntax. If you don't, may I recommend the I assume that you already know about `docker` and `docker compose` yaml syntax. If you don't, may I recommend the
wonderful official [docker tutorial](https://docs.docker.com/get-started/workshop/) - once you're done with that come wonderful official [docker tutorial](https://docs.docker.com/get-started/workshop/) - once you're done with that come
@ -21,29 +21,20 @@ management and interaction with the terminal both during the setup process and d
## Server ## Server
The very first thing to get is a server. This can either be the machine you're currently using if you don't want The very first thing to get is a server. This can either be the machine you're currently using if you don't want to mess
to mess around on the public internet, or it could be an actual desktop you have set up with a public IP. Or around on the public internet, or it could be an actual desktop you have set up with a public IP. Or it could be a VPS
it could be a VPS (Virtual Private Server) - which is just a fancy word for a "cloud computer" that someone (Virtual Private Server) - which is just a fancy word for a "cloud computer" that someone else hosts and powers, and you
else hosts and powers, and you just get an SSH connection to it. Any VPS provider will work, but [digital just get an SSH connection to it. Any VPS provider will work, but [digital ocean](https://www.digitalocean.com/) is very
ocean](https://www.digitalocean.com/) or [linode](https://www.linode.com/) are very affordable and easy to use affordable and easy to use. As long as you get a VPS and avoid a *webhotel*, you should be fine (side note: webhotels
VPS providers. As long as you get a VPS and avoid a *webhotel*, you should be fine (side note: web hotels are a are a scam and you shouldn't ever use them - especially not if you're tech-savvy enough to read this blog).
scam and you shouldn't ever use them - especially not if you're tech-savvy enough to read this blog).
Once you have your server, [install](https://docs.docker.com/engine/install/) docker on it. Preferably the latest Once you have your server, [install](https://docs.docker.com/engine/install/) docker on it. Preferably the latest
version. version.
## Traefik and Portainer ## Traefik and Portainer
Traefik is a load balancer / application proxy that makes it easy for you to route network traffic into your various The very first thing to get done is set up portainer and traefik. This is done by creating a new `docker-compose.yml`
services on your server. By using traefik, you can have multiple docker containers, each providing their own service on file on your server. Just to keep things tidy, you should make a directory for all you are going to do here.
a single server, and traefik just routes user traffic based on the URL request, or ports used.
Portainer is a web-based docker container management GUI (Graphical User Interface) - if you've tried Docker Desktop,
think if portainer as a web-based version of that.
Getting traefik and portainer up and runinng is done by creating a new `docker-compose.yml` file on your server
and adding them as individual services. Just to keep things tidy, you should make a directory for all you are
going to do here. Do the following on your server.
```sh ```sh
# Make the config directory in your $HOME dir - this is where # Make the config directory in your $HOME dir - this is where
@ -58,16 +49,15 @@ cd ~/config
touch docker-compose.yml touch docker-compose.yml
``` ```
It might be a good idea to initialize the `config` directory as a (local) `git` project. That way you will always have It might be a good idea to initialize the `control` directory as a (local) `git` project. That way you will always have
a history of what you have been done, and what you did when you (inevitably) break things. This I will leave up to you a history of what you have been done, and what you did when you (inevitably) break things. This I will leave up to you
though (you should gitignore the `portainer-data` directory, since that's managed by portainer and may contain a bunch though (probably gitignore the `portainer-data` directory).
of stuff you don't want).
Inside the new `docker-compose.yml` file, you should put the following content. Simply open the file using your favorite Inside the new `docker-compose.yml` file, you should put the following content (open the file using your favorite
terminal text editor and paste the following. Note! Don't start the stack yet - we still need to configure a bunch of terminal text editor).
things.
```yaml ```yaml
# docker-compose.yml
services: services:
traefik: traefik:
image: traefik:latest image: traefik:latest
@ -94,9 +84,6 @@ services:
- traefik.http.routers.traefik-secure.service=traefik - traefik.http.routers.traefik-secure.service=traefik
- traefik.http.routers.traefik-secure.middlewares=user-auth@file - traefik.http.routers.traefik-secure.middlewares=user-auth@file
- traefik.http.routers.traefik-secure.service=api@internal - traefik.http.routers.traefik-secure.service=api@internal
environment:
- "CF_DNS_API_TOKEN=" # ADD YOUR OWN DNS API TOKEN HERE
- "CF_ZONE_API_TOKEN=" # ADD YOUR OWN DNS API TOKEN HERE
portainer: portainer:
image: portainer/portainer-ce:alpine image: portainer/portainer-ce:alpine
@ -128,145 +115,25 @@ are common to both of them, we set the initial niceties, such as the `container_
and set their shared network to be the externally defined `proxy` network. Both services need (read-only) access to the and set their shared network to be the externally defined `proxy` network. Both services need (read-only) access to the
system time for various reasons, so we volume mount `/etc/localtime` to their respective internal `/etc/localtime`. They system time for various reasons, so we volume mount `/etc/localtime` to their respective internal `/etc/localtime`. They
also both need access to the system docker socket, so we also volume mount that in (again, read-only). Then we map the also both need access to the system docker socket, so we also volume mount that in (again, read-only). Then we map the
various configuration directories to their respective services. various configuration files in (we will soon make these).
If you haven't used `traefik` before, you might be scratching your head on the `labels` that we set on each of the If you haven't used `traefik` before, you might be scratching your head on the `labels` that we set on each of the
services. This is just how you configure services to integrate into traefik, enabling you to route your various services. This is how you configure services to integrate into traefik, enabling you to route your various containers to
containers to various subdomains, integrate middle-wares such as forcing HTTPS and setting load-balancer settings etc. various subdomains, integrate middlewares such as forcing HTTPS and setting load-balancer settings etc.
The `CF_DNS_API_TOKEN` and `CF_ZONE_API_TOKEN` tokens are our cloudflare API keys. If you're using a different DNS Let's add the configuration files, shall we?
provider, you should check the [traefik documentation](https://doc.traefik.io/traefik/https/acme/#providers) to see if
your provider is supported, and change the environment variable names accordingly.
Since the configuration directories are currently empty, the setup won't work yet. Let's add the traefik configuration ## Keycloak
files first:
```sh ## TODOs
cd ~/config/traefik-data - [ ] 2FA the control dashboards through keycloak
mkdir -p configurations - [x] geoblocking the control dashboards
touch traefik.yml - [ ] start the article with a demo of what we'll be making
touch configurations/dynamic.yml - MAYBE:
``` - [ ] portainer introduction (maybe)
- [ ] traefik introduction (maybe)
- [ ] add a "skip if you already know portainer and traefik"
The `traefik.yml` file contains your general traefik configuration. This is where you register certificates, enforce
HTTPS and set general settings. The content we're interested in having is the following:
```yaml
api:
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
websecure:
address: ":443"
http:
middlewares:
- secureHeaders@file
tls:
certResolver: letsencrypt
certificatesResolvers:
letsencrypt:
acme:
email: your-email-here
storage: acme.json
keyType: EC384
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 0
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /configurations/dynamic.yml
```
The first `api` section is pretty self-explanatory enables the web-ui dashboard. You can choose not to do
this if you don't want the traefik web dashboard. The `entryPoints` section is a bit more interesting. This
is where we enforce that all HTTP web-requests on port `80` will be redirected to port `443` using transport
layer security (TLS). You might notice that we specifically mention `letsencrypt` here, this leads us
to the `certificatesResolvers` section. Since I am using [cloudflare](https://www.cloudflare.com/)
as my DNS (Domain Name Service) provider, I can also use them as my TLS certificate provider as
they provide this service. This is a complex topic and if you're interested, I recommend reading
[this](https://blog.cloudflare.com/introducing-automatic-ssl-tls-securing-and-simplifying-origin-connectivity/)
blog post by cloudflare themselves. Boiling all this jargan down, we are just using cloudflare as a middleman to
help us get the little lock icon in the browser when someone visits our website(s). I've set the certificates to
automatically update, so I don't have to worry about it ever again.
The `providers` settings refer to where traefik can route internet traffic to. We simply register `docker` as a service
provider as well as the configurations we define in `configurations/dynamic.yml`. Let's take a look at the content of
that file.
```yaml
http:
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
user-auth:
basicAuth:
users:
- "administrator:<password>" # ADD YOUR ADMIN PASSWORD HERE ()
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
```
Starting in the `http.middlewares` section, we first register a TLS middleware that we call `secureHeaders` (note that
this is the middleware referred in `traefik.yml`) - skipping past the details, this middleware simply adds security
headers to each request. Our second middleware, `user-auth` is the authentication method to gain access to the traefik
dashboard. Here we set the username `username` and you should generate the password using the `htpasswd` command. This
command should be available through the `apache2-utils` package on ubuntu systems, and `extra/apache` on Arch. Simply
copy / paste the generated hashed password into your yaml file.
```sh
# -n = output to stdout -B = use bcrypt
# Make sure to replace 'administrator' if you want a different username
htpasswd -nB administrator
```
## Starting Everything
We should now have everything set up and ready for starting! Simply navigate to the `~/control` directory and start the
docker compose stack.
```sh
# Start the containers (detached)
docker compose up -d
# Follow along with the logs
docker compose logs -f
```
Hopefully there shouldn't be any errors, but if there are, make doubly sure that your TLS settings are set correctly,
as that's likely to be the thing to mess up (ask me how I know). If you need additional assistance, the [official
traefik docs](https://doc.traefik.io/traefik/) are a great resource. Portainer is fairly fool-proof, so I don't expect
that to cause you any problems.
## TODO
- [ ] DNS records, ACME challenges, TXT records, Wildcard A records, CAA records - jesus there's so much shit I've forgotten
{{< centered image="/6616144.png" >}}
```yaml ```yaml
services: services:
@ -314,3 +181,5 @@ networks:
external: true external: true
keycloak: keycloak:
``` ```
{{< centered image="/6616144.png" >}}