initial commit
This commit is contained in:
maybetree
102
.gitignore
vendored
Normal file
102
.gitignore
vendored
Normal file
@ -0,0 +1,102 @@
|
||||
### Generic ###
|
||||
|
||||
# VIM
|
||||
*.sw*
|
||||
*.vim*
|
||||
*.obsession*
|
||||
|
||||
# misc. garbage
|
||||
*.bak
|
||||
*.old*
|
||||
~*
|
||||
*~
|
||||
-
|
||||
|
||||
# Damn you steve jobs!!!!
|
||||
.DS_Store
|
||||
|
||||
# vscope
|
||||
.vscode/*
|
||||
*.code-workspace
|
||||
.history/
|
||||
|
||||
# potential credentials
|
||||
*.pem
|
||||
*.secret
|
||||
*.key
|
||||
**/credentials.json
|
||||
**/client_secrets.json
|
||||
**/client_secret.json
|
||||
*creds*
|
||||
*.dat
|
||||
*password*
|
||||
*.httr-oauth*
|
||||
*.env
|
||||
!*.sample.env
|
||||
|
||||
# C/C++
|
||||
*.o
|
||||
*.out
|
||||
*.a
|
||||
*.so
|
||||
|
||||
# Python
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*$py.class
|
||||
.clirope
|
||||
*.egg-info
|
||||
build
|
||||
dist
|
||||
coverage.json
|
||||
htmlcov
|
||||
*.spec
|
||||
.coverage
|
||||
|
||||
# Archives
|
||||
*.zip
|
||||
*.tar
|
||||
*.rar
|
||||
*.tar.*
|
||||
*.tzst
|
||||
*.tgz
|
||||
*.txz
|
||||
*.zst
|
||||
*.gz
|
||||
|
||||
# Multimedia
|
||||
*.xcf
|
||||
*.svg
|
||||
*.jpg
|
||||
*.jpeg
|
||||
*.png
|
||||
*.avif
|
||||
*.gif
|
||||
*.pdf
|
||||
*.gv
|
||||
!img/*.jpg
|
||||
!img/*.png
|
||||
!img/*.svg
|
||||
!img/*.gv
|
||||
|
||||
# CMake
|
||||
|
||||
CMakeCache.txt
|
||||
CMakeFiles
|
||||
cmake_install.cmake
|
||||
*.cmake
|
||||
.cmake
|
||||
.skbuild-info.json
|
||||
CMakeInit.txt
|
||||
|
||||
# Rust
|
||||
|
||||
target
|
||||
|
||||
### Project-specific ###
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
25
wiki/bardak.md
Normal file
25
wiki/bardak.md
Normal file
@ -0,0 +1,25 @@
|
||||
# Bardak
|
||||
|
||||
<https://bardak.klank.school> is what we use to "manage" our "inventory"
|
||||
at klankschool.
|
||||
|
||||
Username: `klankschool`
|
||||
Password: `klankschool`
|
||||
|
||||
Bardak is a webapp developed by maybetree.
|
||||
The source code is [on github](https://github.com/maybeetree/bardak),
|
||||
while our particular configuration is on
|
||||
[our gitea](https://code.klank.school/maybetree/klankschool-bardak>.
|
||||
|
||||
For paranoia reasons, bardak runs inside a rootless Podman container.
|
||||
This is managed by usermode systemd as the `maybetree` user
|
||||
(consult the `klankschool-bardak` repo for more info).
|
||||
It runs on port 8085,
|
||||
which is reverse proxied by [Nginx](nginx.md) to
|
||||
<https://bardak.klank.school>
|
||||
to add SSL and authentication via [HTTP Basicauth](http-basicauth.md).
|
||||
|
||||
## Our conventions for maintaining the inventory
|
||||
|
||||
just do whatever
|
||||
|
||||
26
wiki/dynamic-dns.md
Normal file
26
wiki/dynamic-dns.md
Normal file
@ -0,0 +1,26 @@
|
||||
# Dynamic DNS
|
||||
|
||||
Public IP of Catu changes sometimes. Therefore,
|
||||
dynamic DNS is needed.
|
||||
|
||||
`klank.school` domain name is managed by the Porkbun
|
||||
registrar and nameservers which have a nice
|
||||
[API](https://porkbun.com/api/json/v3/documentation).
|
||||
We have a script called `/usr/local/bin/dynamic-dns` which
|
||||
queries the current public IP using ipinfo.io
|
||||
and updates the existing DNS records to use it.
|
||||
|
||||
The script is called by a cronjob somewhere idk dont ask me.
|
||||
|
||||
The old version of the script written by Riviera
|
||||
is under `/usr/local/bin/dynamic-dns.riviera`.
|
||||
New version is written by maybetree and makes it easier
|
||||
to add new records.
|
||||
Just edit `/usr/local/bin/klankdns.secret.toml`
|
||||
and run the scripts.
|
||||
|
||||
The script is very jank but it works and thats what matters.
|
||||
It's developed on our gitea: <https://code.klank.school/maybetree/klankdns>
|
||||
|
||||
|
||||
|
||||
27
wiki/http-basicauth.md
Normal file
27
wiki/http-basicauth.md
Normal file
@ -0,0 +1,27 @@
|
||||
# HTTP Basicauth
|
||||
|
||||
HTTP Basicauth is a username-password login mechanism that
|
||||
is built in directly into the HTTP protocol.
|
||||
Basically every HTTP client supports it,
|
||||
and it's simple to set up with most http servers and reverse proxies.
|
||||
|
||||
We use HTTP Basicauth for adding authentication to [Bardak](bardak.md).
|
||||
|
||||
## How to configure it
|
||||
|
||||
Inside nginx `location` block:
|
||||
```
|
||||
auth_basic "Custom message to the user goes here";
|
||||
auth_basic_user_file /etc/nginx/somefile.htpasswd;
|
||||
```
|
||||
|
||||
Generating the `.htpasswd` (extension can be anything,
|
||||
"htpasswd" is just a convention) file is done with `htpasswd`
|
||||
utility from `apache2-utils` package:
|
||||
|
||||
```
|
||||
htpasswd -B /etc/nginx/somefile.htpasswd USERNAME
|
||||
```
|
||||
|
||||
(by default password is read from stdin)
|
||||
|
||||
4
wiki/incus.md
Normal file
4
wiki/incus.md
Normal file
@ -0,0 +1,4 @@
|
||||
# Incus
|
||||
|
||||
Incus is a container and vm engine.
|
||||
We run
|
||||
25
wiki/nginx.md
Normal file
25
wiki/nginx.md
Normal file
@ -0,0 +1,25 @@
|
||||
# Nginx
|
||||
|
||||
Nginx is a web server and reverse proxy.
|
||||
We use it for klank.school website.
|
||||
Actually, we use it twice over,
|
||||
once on the host,
|
||||
and once inside an [Incus](incus.md) containter.
|
||||
|
||||
The host nginx currently has an issue
|
||||
where it somehow escapes systemd supervision
|
||||
I think this happens because
|
||||
the incus container takes a while to start,
|
||||
and its hostname is specified in the nginx host config,
|
||||
so when nginx on host starts before the container is ready
|
||||
it crashes and restarts and somehow
|
||||
becomes orphaned.
|
||||
To fix, just `killall nginx`
|
||||
and restart it with systemd.
|
||||
|
||||
## SSL
|
||||
|
||||
SSL is managed by certbot just normally in that mode where
|
||||
it rewrites your nginx config.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user