dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-14 12:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 1ff0e68a91931d15c85aa3d34dcd8f6cf32550be

Browse Source
This commit is contained in:
davegallant
2021-11-17 22:54:55 +00:00
parent b5d6830500
commit 1f8287da15
39 changed files with 96 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
blog/2021/09/06/what-to-do-with-a-homelab/index.html
View File

@@ -8,7 +8,7 @@
<meta property="og:url" content="/blog/2021/09/06/what-to-do-with-a-homelab/">
<meta property="og:site_name" content="davegallant">
<meta property="og:type" content="article"><meta property="article:section" content="post"><meta property="article:tag" content="tailscale"><meta property="article:tag" content="homelab"><meta property="article:tag" content="netdata"><meta property="article:tag" content="jellyfin"><meta property="article:tag" content="plex"><meta property="article:tag" content="pihole"><meta property="article:tag" content="virtualization"><meta property="article:tag" content="adguard"><meta property="article:tag" content="grafana"><meta property="article:published_time" content="2021-09-06T01:12:54-04:00"><meta property="article:modified_time" content="2021-09-06T01:12:54-04:00"><meta name=twitter:card content="summary">
<meta name=generator content="Hugo 0.88.0">
<meta name=generator content="Hugo 0.89.4">
<title>What To Do With A Homelab • davegallant</title>
<link rel=canonical href=/blog/2021/09/06/what-to-do-with-a-homelab/>
<link rel=icon href=/favicon.ico>

8
blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html
View File

@@ -8,7 +8,7 @@
<meta property="og:url" content="/blog/2021/09/08/why-i-threw-out-my-dotfiles/">
<meta property="og:site_name" content="davegallant">
<meta property="og:type" content="article"><meta property="article:section" content="post"><meta property="article:tag" content="nix"><meta property="article:tag" content="dotfiles"><meta property="article:tag" content="home-manager"><meta property="article:published_time" content="2021-09-08T00:42:33-04:00"><meta property="article:modified_time" content="2021-09-08T00:42:33-04:00"><meta name=twitter:card content="summary">
<meta name=generator content="Hugo 0.88.0">
<meta name=generator content="Hugo 0.89.4">
<title>Why I Threw Out My Dotfiles • davegallant</title>
<link rel=canonical href=/blog/2021/09/08/why-i-threw-out-my-dotfiles/>
<link rel=icon href=/favicon.ico>
@@ -161,9 +161,9 @@ personal blog
<h2 id=what-is-home-manager>What is home-manager?</h2>
<p>Before understanding home-manager, it is worth briefly discussing what nix is. <a href=https://nixos.org/>nix</a> is a package manager that originally spawned from a <a href=https://edolstra.github.io/pubs/phd-thesis.pdf>PhD thesis</a>. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.</p>
<p>For example, I have used nix to install the package <a href="https://search.nixos.org/packages?channel=unstable&show=bind&from=0&size=50&sort=relevance&type=packages&query=bind">bind</a> which includes <code>dig</code>. You can see that it is available on multiple platforms. The absolute path of <code>dig</code> can be found by running:</p>
<pre tabindex=0><code class=language-console data-lang=console> ls -lh $(which dig)
lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -&gt; /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
</code></pre><p>Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This <a href=https://nixos.org/guides/nix-pills/nix-store-paths.html>nix pill</a> does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.</p>
<div class=highlight><pre tabindex=0 style=background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-console data-lang=console><span style=color:#aaa> ls -lh $(which dig)
</span><span style=color:#aaa>lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -&gt; /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
</span></code></pre></div><p>Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This <a href=https://nixos.org/guides/nix-pills/nix-store-paths.html>nix pill</a> does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.</p>
<p>Part of the nix ecosystem includes <a href=https://github.com/NixOS/nixpkgs>nixpkgs</a>. Many popular tools can be found already packaged in this repository. As you can see with these <a href=https://repology.org/repositories/statistics/total>stats</a>, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!</p>
<p>home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my <a href=https://github.com/davegallant/nix-config>nix-config</a> in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.</p>
<h2 id=setting-up-home-manager>Setting up home-manager</h2>

2
blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
View File

@@ -8,7 +8,7 @@
<meta property="og:url" content="/blog/2021/09/17/automatically-rotating-aws-access-keys/">
<meta property="og:site_name" content="davegallant">
<meta property="og:type" content="article"><meta property="article:section" content="post"><meta property="article:tag" content="aws"><meta property="article:tag" content="python"><meta property="article:tag" content="security"><meta property="article:tag" content="aws-vault"><meta property="article:published_time" content="2021-09-17T12:48:33-04:00"><meta property="article:modified_time" content="2021-09-17T12:48:33-04:00"><meta name=twitter:card content="summary">
<meta name=generator content="Hugo 0.88.0">
<meta name=generator content="Hugo 0.89.4">
<title>Automatically Rotating AWS Access Keys • davegallant</title>
<link rel=canonical href=/blog/2021/09/17/automatically-rotating-aws-access-keys/>
<link rel=icon href=/favicon.ico>

62
blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
View File

@@ -8,7 +8,7 @@
<meta property="og:url" content="/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/">
<meta property="og:site_name" content="davegallant">
<meta property="og:type" content="article"><meta property="article:section" content="post"><meta property="article:tag" content="docker"><meta property="article:tag" content="podman"><meta property="article:tag" content="containers"><meta property="article:published_time" content="2021-10-11T10:43:35-04:00"><meta property="article:modified_time" content="2021-10-11T10:43:35-04:00"><meta name=twitter:card content="summary">
<meta name=generator content="Hugo 0.88.0">
<meta name=generator content="Hugo 0.89.4">
<title>Replacing docker with podman on macOS (and Linux) • davegallant</title>
<link rel=canonical href=/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/>
<link rel=icon href=/favicon.ico>
@@ -178,21 +178,21 @@ podman machine init
podman machine start
</code></pre></div><h3 id=running-a-container>Running a container</h3>
<p>Let&rsquo;s try to pull an image:</p>
<pre tabindex=0><code class=language-console data-lang=console>$ podman pull alpine
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
Writing manifest to image destination
Storing signatures
14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</code></pre><blockquote>
<div class=highlight><pre tabindex=0 style=background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-console data-lang=console><span style=color:#009;font-weight:700>$ </span>podman pull alpine
<span style=color:#aaa>Trying to pull docker.io/library/alpine:latest...
</span><span style=color:#aaa>Getting image source signatures
</span><span style=color:#aaa>Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
</span><span style=color:#aaa>Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span><span style=color:#aaa>Writing manifest to image destination
</span><span style=color:#aaa>Storing signatures
</span><span style=color:#aaa>14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span></code></pre></div><blockquote>
<p>If you&rsquo;re having an issue pulling images, you may need to remove <code>~/.docker/config.json</code> or remove the set of auths in the configuration as mentioned <a href=https://stackoverflow.com/a/69121873/1191286>here</a>.</p>
</blockquote>
<p>and then run and exec into the container:</p>
<pre tabindex=0><code class=language-console data-lang=console>$ podman run --rm -ti alpine
Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network &quot;podman&quot;: unexpected end of JSON input
</code></pre><p>What does this error mean? A bit of searching lead to <a href=https://github.com/containers/podman/issues/11837>this github issue</a>.</p>
<div class=highlight><pre tabindex=0 style=background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-console data-lang=console><span style=color:#009;font-weight:700>$ </span>podman run --rm -ti alpine
<span style=color:#aaa>Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network &#34;podman&#34;: unexpected end of JSON input
</span></code></pre></div><p>What does this error mean? A bit of searching lead to <a href=https://github.com/containers/podman/issues/11837>this github issue</a>.</p>
<p>Until the fix is released, a workaround is to just specify a port (even when it&rsquo;s not needed):</p>
<div class=highlight><pre tabindex=0 style=background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-sh data-lang=sh>podman run -p <span style=color:#f60>4242</span> --rm -ti alpine
</code></pre></div><p>If you&rsquo;re reading this from the future, there is a good chance specifying a port won&rsquo;t be needed.</p>
@@ -212,24 +212,24 @@ Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f6
</span><span style=color:#c30> command: [/bin/echo, &#39;Hello world&#39;]
</span><span style=color:#c30>EOF</span>
</code></pre></div><p>Now run:</p>
<pre tabindex=0><code class=language-console data-lang=console>$ podman-compose up
podman pod create --name=davegallant.github.io --share net
40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
0
podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
Resolved &quot;ubuntu&quot; as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/ubuntu:latest...
Getting image source signatures
Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
Writing manifest to image destination
Storing signatures
1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
0
podman start -a davegallant.github.io_hello_world_1
Hello world
</code></pre><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
<div class=highlight><pre tabindex=0 style=background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-console data-lang=console><span style=color:#009;font-weight:700>$ </span>podman-compose up
<span style=color:#aaa>podman pod create --name=davegallant.github.io --share net
</span><span style=color:#aaa>40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
</span><span style=color:#aaa>0
</span><span style=color:#aaa>podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
</span><span style=color:#aaa>Resolved &#34;ubuntu&#34; as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
</span><span style=color:#aaa>Trying to pull docker.io/library/ubuntu:latest...
</span><span style=color:#aaa>Getting image source signatures
</span><span style=color:#aaa>Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span><span style=color:#aaa>Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span><span style=color:#aaa>Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
</span><span style=color:#aaa>Writing manifest to image destination
</span><span style=color:#aaa>Storing signatures
</span><span style=color:#aaa>1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
</span><span style=color:#aaa>0
</span><span style=color:#aaa>podman start -a davegallant.github.io_hello_world_1
</span><span style=color:#aaa>Hello world
</span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
<h3 id=summary>Summary</h3>
<p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p>
<p>One caveat to mention is that there isn&rsquo;t an official graphical user interface for Podman, but there is an <a href=https://github.com/containers/podman/issues/11494>open issue</a> considering one. If you rely heavily on Docker Desktop&rsquo;s UI, you may not be as interested in using podman yet.</p>

50
blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
View File

@@ -8,7 +8,7 @@
<meta property="og:url" content="/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/">
<meta property="og:site_name" content="davegallant">
<meta property="og:type" content="article"><meta property="article:section" content="post"><meta property="article:tag" content="k3s"><meta property="article:tag" content="proxmox"><meta property="article:tag" content="lxc"><meta property="article:published_time" content="2021-11-14T10:07:03-05:00"><meta property="article:modified_time" content="2021-11-14T10:07:03-05:00"><meta name=twitter:card content="summary">
<meta name=generator content="Hugo 0.88.0">
<meta name=generator content="Hugo 0.89.4">
<title>Running K3s in LXC on Proxmox • davegallant</title>
<link rel=canonical href=/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/>
<link rel=icon href=/favicon.ico>
@@ -211,30 +211,30 @@ k3sup install --ip <span style=color:#033>$CONTAINER_IP</span> --user root --k3s
</code></pre></div><p>If all goes well, you should see a path to the <code>kubeconfig</code> generated. I moved this into <code>~/.kube/config</code> so that kubectl would read this by default.</p>
<h2 id=wrapping-up>Wrapping up</h2>
<p>Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton&rsquo;s <a href=https://tekton.dev/docs/getting-started/>Getting Started</a> guide and was able to deploy it in a few commands.</p>
<pre tabindex=0><code class=language-console data-lang=console>$ kubectl get all --namespace tekton-pipelines
NAME READY STATUS RESTARTS AGE
pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h
pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h
pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/tekton-pipelines-controller ClusterIP 10.43.44.245 &lt;none&gt; 9090/TCP,8080/TCP 12h
service/tekton-pipelines-webhook ClusterIP 10.43.183.242 &lt;none&gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h
service/tekton-dashboard ClusterIP 10.43.87.97 &lt;none&gt; 9097/TCP 11h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h
deployment.apps/tekton-dashboard 1/1 1 1 11h
deployment.apps/tekton-pipelines-controller 1/1 1 1 12h
NAME DESIRED CURRENT READY AGE
replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h
replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h
replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</code></pre><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p>
<div class=highlight><pre tabindex=0 style=background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-console data-lang=console><span style=color:#009;font-weight:700>$ </span>kubectl get all --namespace tekton-pipelines
<span style=color:#aaa>NAME READY STATUS RESTARTS AGE
</span><span style=color:#aaa>pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h
</span><span style=color:#aaa>pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h
</span><span style=color:#aaa>pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h
</span><span style=color:#aaa></span><span style=color:#a00;background-color:#faa>
</span><span style=color:#a00;background-color:#faa></span><span style=color:#aaa>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
</span><span style=color:#aaa>service/tekton-pipelines-controller ClusterIP 10.43.44.245 &lt;none&gt; 9090/TCP,8080/TCP 12h
</span><span style=color:#aaa>service/tekton-pipelines-webhook ClusterIP 10.43.183.242 &lt;none&gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h
</span><span style=color:#aaa>service/tekton-dashboard ClusterIP 10.43.87.97 &lt;none&gt; 9097/TCP 11h
</span><span style=color:#aaa></span><span style=color:#a00;background-color:#faa>
</span><span style=color:#a00;background-color:#faa></span><span style=color:#aaa>NAME READY UP-TO-DATE AVAILABLE AGE
</span><span style=color:#aaa>deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h
</span><span style=color:#aaa>deployment.apps/tekton-dashboard 1/1 1 1 11h
</span><span style=color:#aaa>deployment.apps/tekton-pipelines-controller 1/1 1 1 12h
</span><span style=color:#aaa></span><span style=color:#a00;background-color:#faa>
</span><span style=color:#a00;background-color:#faa></span><span style=color:#aaa>NAME DESIRED CURRENT READY AGE
</span><span style=color:#aaa>replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h
</span><span style=color:#aaa>replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h
</span><span style=color:#aaa>replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h
</span><span style=color:#aaa></span><span style=color:#a00;background-color:#faa>
</span><span style=color:#a00;background-color:#faa></span><span style=color:#aaa>NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
</span><span style=color:#aaa>horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p>
<p>If I&rsquo;m feeling adventurous, I might experiment with <a href=https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental>K3s rootless</a>.</p>
</div>
<footer class=entry-footer>