initial commit

.gitignore

@@ -0,0 +1,102 @@
+### Generic ###
+
+# VIM
+*.sw*
+*.vim*
+*.obsession*
+
+# misc. garbage
+*.bak
+*.old*
+~*
+*~
+-
+
+# Damn you steve jobs!!!!
+.DS_Store
+
+# vscope
+.vscode/*
+*.code-workspace
+.history/
+
+# potential credentials
+*.pem
+*.secret
+*.key
+**/credentials.json
+**/client_secrets.json
+**/client_secret.json
+*creds*
+*.dat
+*password*
+*.httr-oauth*
+*.env
+!*.sample.env
+
+# C/C++
+*.o
+*.out
+*.a
+*.so
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+.clirope
+*.egg-info
+build
+dist
+coverage.json
+htmlcov
+*.spec
+.coverage
+
+# Archives
+*.zip
+*.tar
+*.rar
+*.tar.*
+*.tzst
+*.tgz
+*.txz
+*.zst
+*.gz
+
+# Multimedia
+*.xcf
+*.svg
+*.jpg
+*.jpeg
+*.png
+*.avif
+*.gif
+*.pdf
+*.gv
+!img/*.jpg
+!img/*.png
+!img/*.svg
+!img/*.gv
+
+# CMake
+
+CMakeCache.txt
+CMakeFiles
+cmake_install.cmake
+*.cmake
+.cmake
+.skbuild-info.json
+CMakeInit.txt
+
+# Rust
+
+target
+
+### Project-specific ###
+
+
+
+
+
+

wiki/bardak.md

@@ -0,0 +1,25 @@
+# Bardak
+
+<https://bardak.klank.school> is what we use to "manage" our "inventory"
+at klankschool.
+
+Username: `klankschool`
+Password: `klankschool`
+
+Bardak is a webapp developed by maybetree.
+The source code is [on github](https://github.com/maybeetree/bardak),
+while our particular configuration is on
+[our gitea](https://code.klank.school/maybetree/klankschool-bardak>.
+
+For paranoia reasons, bardak runs inside a rootless Podman container.
+This is managed by usermode systemd as the `maybetree` user
+(consult the `klankschool-bardak` repo for more info).
+It runs on port 8085,
+which is reverse proxied by [Nginx](nginx.md) to
+<https://bardak.klank.school>
+to add SSL and authentication via [HTTP Basicauth](http-basicauth.md).
+
+## Our conventions for maintaining the inventory
+
+just do whatever
+

wiki/dynamic-dns.md

@@ -0,0 +1,26 @@
+# Dynamic DNS
+
+Public IP of Catu changes sometimes. Therefore,
+dynamic DNS is needed.
+
+`klank.school` domain name is managed by the Porkbun
+registrar and nameservers which have a nice
+[API](https://porkbun.com/api/json/v3/documentation).
+We have a script called `/usr/local/bin/dynamic-dns` which
+queries the current public IP using ipinfo.io
+and updates the existing DNS records to use it.
+
+The script is called by a cronjob somewhere idk dont ask me.
+
+The old version of the script written by Riviera
+is under `/usr/local/bin/dynamic-dns.riviera`.
+New version is written by maybetree and makes it easier
+to add new records.
+Just edit `/usr/local/bin/klankdns.secret.toml`
+and run the scripts.
+
+The script is very jank but it works and thats what matters.
+It's developed on our gitea: <https://code.klank.school/maybetree/klankdns>
+
+
+

wiki/http-basicauth.md

@@ -0,0 +1,27 @@
+# HTTP Basicauth
+
+HTTP Basicauth is a username-password login mechanism that
+is built in directly into the HTTP protocol.
+Basically every HTTP client supports it,
+and it's simple to set up with most http servers and reverse proxies.
+
+We use HTTP Basicauth for adding authentication to [Bardak](bardak.md).
+
+## How to configure it
+
+Inside nginx `location` block:
+```
+auth_basic "Custom message to the user goes here";
+auth_basic_user_file /etc/nginx/somefile.htpasswd;
+```
+
+Generating the `.htpasswd` (extension can be anything,
+"htpasswd" is just a convention) file is done with `htpasswd`
+utility from `apache2-utils` package:
+
+```
+htpasswd -B /etc/nginx/somefile.htpasswd USERNAME
+```
+
+(by default password is read from stdin)
+

wiki/incus.md

@@ -0,0 +1,4 @@
+# Incus
+
+Incus is a container and vm engine.
+We run 

wiki/nginx.md

@@ -0,0 +1,25 @@
+# Nginx
+
+Nginx is a web server and reverse proxy.
+We use it for klank.school website.
+Actually, we use it twice over,
+once on the host,
+and once inside an [Incus](incus.md) containter.
+
+The host nginx currently has an issue
+where it somehow escapes systemd supervision
+I think this happens because
+the incus container takes a while to start,
+and its hostname is specified in the nginx host config,
+so when nginx on host starts before the container is ready
+it crashes and restarts and somehow
+becomes orphaned.
+To fix, just `killall nginx`
+and restart it with systemd.
+
+## SSL
+
+SSL is managed by certbot just normally in that mode where
+it rewrites your nginx config.
+
+