Comments

• 

  almost 5 years ago by RBrownSUSE | Reply

  After a few hackweeks this is finally done. It went through various minor steps over the last years with a major rework as part of Hackweek 19

  https://github.com/sysrich/salt-states shows the basic layout, but to give a tl;dr here for Hackweek 19

  • luke.rootco.de was a Leap 15.1 server running at Hetzner, hosting https://rootco.de , my ZNC bouncer, and my salt-master
  • k2so.dyn.rootco.de was a Leap 15.1 LXC container running on a armv7 turris omnia, hosting my backup service and acting as an SSH jumphost
  • r2d2.home.rootco.de is a MicroOS NUC hosting only a containerised nextcloud accessible via cloud.dyn.rootco.de

  As part of this hackweek I accomplished the following:

  Decommissioned k2so.dyn.rootco.de, replacing it with the following container running on r2d2.home.rootco.de:

  registry.opensuse.org/home/rbrownsuse/containers/containers/backer-srv https://build.opensuse.org/package/show/home:RBrownSUSE:containers/backer-srv-image

  This is now acting as both my backup target for all of my other services, and also an SSH jumphost for my personal infra, running on port 80 so I can get to it even from restricted wireless networks. With all this custom magic, it's not suitable for reuse as a generic container in Tumbleweed sadly, but it's WAY easier for me to manage than before.

  Decommissioned luke.rootco.de and replaced it with d0.rootco.de, a freshly installed MicroOS host running on Hetzner Cloud

  Salt-master was replaced with a custom salt-master container registry.opensuse.org/home/rbrownsuse/containers/containers/salt-master https://build.opensuse.org/package/show/home:RBrownSUSE:containers/salt-master-image

  This container automatically git pulls from https://github.com/sysrich/salt-states and uses the existing keys from luke.rootco.de to continue working as before the migration. However this magic unfortunately means the salt-master container is not easily reusable for others, but again, way easier for me to manage than the old salt-master.

  ZNC bouncer was replaced with a rather generic znc container registry.opensuse.org/home/rbrownsuse/containers/containers/znc https://build.opensuse.org/package/show/home:RBrownSUSE:containers/znc-image

  With a bit of polish this ZNC image can easily be submitable for all of Tumbleweed

  The rootco.de website was a bit more of a challenge, because it's a jekyll generated website, with letsencrypt

  As openSUSE's jekyll packaging is a mess, and as it's not internet facing, I opted to use the upstream jekyll container, using a systemd service to generate the site automatically on a timer:

  https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-jekyll.service

  The output of this jekyll run is then consumed by the recently created opensuse-nginx container

  https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-web.service

  As the upstream container is a mess and because it's internet/security related, I built a custom certbot container, including the nginx plugins for ease of use

  registry.opensuse.org/home/rbrownsuse/containers/containers/certbot https://build.opensuse.org/package/show/home:RBrownSUSE:containers/certbot-image

  With a bit of tweaking this might be suitable for including in tumbleweed, though will always behave very differently from the upstream equivalent because I strongly disagree with the approach upstream take with containerised certbot.

  This was used to generate the certificates with a run of:

  podman run --rm -v /var/opt/rootco-web/data/etc:/etc/nginx -v /var/opt/rootco-web/data/htdocs:/srv/www/htdocs -v /var/opt/rootco-web/letsencrypt:/etc/letsencrypt -p 80:80 -p 443:443 -it registry.opensuse.org/home/rbrownsuse/containers/containers/certbot:latest certbot --standalone --installer nginx

  and will now be automatically renewed on a periodic basis using the container also https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-certbot.service

  And so, not only is everything in my life free from regular releases, but everything I need is containerised too :)

×
Edit Comment 4398
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
After a few hackweeks this is finally done. It went through various minor steps over the last years with a major rework as part of Hackweek 19 https://github.com/sysrich/salt-states shows the basic layout, but to give a tl;dr here for Hackweek 19 * luke.rootco.de was a Leap 15.1 server running at Hetzner, hosting https://rootco.de , my ZNC bouncer, and my salt-master * k2so.dyn.rootco.de was a Leap 15.1 LXC container running on a armv7 turris omnia, hosting my backup service and acting as an SSH jumphost * r2d2.home.rootco.de is a MicroOS NUC hosting only a containerised nextcloud accessible via cloud.dyn.rootco.de As part of this hackweek I accomplished the following: **Decommissioned k2so.dyn.rootco.de**, replacing it with the following container running on r2d2.home.rootco.de: registry.opensuse.org/home/rbrownsuse/containers/containers/backer-srv https://build.opensuse.org/package/show/home:RBrownSUSE:containers/backer-srv-image This is now acting as both my backup target for all of my other services, and also an SSH jumphost for my personal infra, running on port 80 so I can get to it even from restricted wireless networks. With all this custom magic, it's not suitable for reuse as a generic container in Tumbleweed sadly, but it's WAY easier for me to manage than before. **Decommissioned luke.rootco.de and replaced it with d0.rootco.de, a freshly installed MicroOS host running on Hetzner Cloud** Salt-master was replaced with a custom salt-master container registry.opensuse.org/home/rbrownsuse/containers/containers/salt-master https://build.opensuse.org/package/show/home:RBrownSUSE:containers/salt-master-image This container automatically git pulls from https://github.com/sysrich/salt-states and uses the existing keys from luke.rootco.de to continue working as before the migration. However this magic unfortunately means the salt-master container is not easily reusable for others, but again, way easier for me to manage than the old salt-master. ZNC bouncer was replaced with a rather generic znc container registry.opensuse.org/home/rbrownsuse/containers/containers/znc https://build.opensuse.org/package/show/home:RBrownSUSE:containers/znc-image With a bit of polish this ZNC image can easily be submitable for all of Tumbleweed The rootco.de website was a bit more of a challenge, because it's a jekyll generated website, with letsencrypt As openSUSE's jekyll packaging is a mess, and as it's not internet facing, I opted to use the upstream jekyll container, using a systemd service to generate the site automatically on a timer: https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-jekyll.service The output of this jekyll run is then consumed by the recently created opensuse-nginx container https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-web.service As the upstream container is a mess and because it's internet/security related, I built a custom certbot container, including the nginx plugins for ease of use registry.opensuse.org/home/rbrownsuse/containers/containers/certbot https://build.opensuse.org/package/show/home:RBrownSUSE:containers/certbot-image With a bit of tweaking this might be suitable for including in tumbleweed, though will always behave very differently from the upstream equivalent because I strongly disagree with the approach upstream take with containerised certbot. This was used to generate the certificates with a run of: podman run --rm -v /var/opt/rootco-web/data/etc:/etc/nginx -v /var/opt/rootco-web/data/htdocs:/srv/www/htdocs -v /var/opt/rootco-web/letsencrypt:/etc/letsencrypt -p 80:80 -p 443:443 -it registry.opensuse.org/home/rbrownsuse/containers/containers/certbot:latest certbot --standalone --installer nginx and will now be automatically renewed on a periodic basis using the container also https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-certbot.service And so, not only is everything in my life free from regular releases, but everything I need is containerised too :)
 
×
Reply to RBrownSUSE
After a few hackweeks this is finally done. It went through various minor steps over the last years with a major rework as part of Hackweek 19
https://github.com/sysrich/salt-states shows the basic layout, but to give a tl;dr here for Hackweek 19
• luke.rootco.de was a Leap 15.1 server running at Hetzner, hosting https://rootco.de , my ZNC bouncer, and my salt-master
• k2so.dyn.rootco.de was a Leap 15.1 LXC container running on a armv7 turris omnia, hosting my backup service and acting as an SSH jumphost
• r2d2.home.rootco.de is a MicroOS NUC hosting only a containerised nextcloud accessible via cloud.dyn.rootco.de
As part of this hackweek I accomplished the following:
Decommissioned k2so.dyn.rootco.de, replacing it with the following container running on r2d2.home.rootco.de:
registry.opensuse.org/home/rbrownsuse/containers/containers/backer-srv https://build.opensuse.org/package/show/home:RBrownSUSE:containers/backer-srv-image
This is now acting as both my backup target for all of my other services, and also an SSH jumphost for my personal infra, running on port 80 so I can get to it even from restricted wireless networks. With all this custom magic, it's not suitable for reuse as a generic container in Tumbleweed sadly, but it's WAY easier for me to manage than before.
Decommissioned luke.rootco.de and replaced it with d0.rootco.de, a freshly installed MicroOS host running on Hetzner Cloud
Salt-master was replaced with a custom salt-master container registry.opensuse.org/home/rbrownsuse/containers/containers/salt-master https://build.opensuse.org/package/show/home:RBrownSUSE:containers/salt-master-image
This container automatically git pulls from https://github.com/sysrich/salt-states and uses the existing keys from luke.rootco.de to continue working as before the migration. However this magic unfortunately means the salt-master container is not easily reusable for others, but again, way easier for me to manage than the old salt-master.
ZNC bouncer was replaced with a rather generic znc container registry.opensuse.org/home/rbrownsuse/containers/containers/znc https://build.opensuse.org/package/show/home:RBrownSUSE:containers/znc-image
With a bit of polish this ZNC image can easily be submitable for all of Tumbleweed
The rootco.de website was a bit more of a challenge, because it's a jekyll generated website, with letsencrypt
As openSUSE's jekyll packaging is a mess, and as it's not internet facing, I opted to use the upstream jekyll container, using a systemd service to generate the site automatically on a timer:
https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-jekyll.service
The output of this jekyll run is then consumed by the recently created opensuse-nginx container
https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-web.service
As the upstream container is a mess and because it's internet/security related, I built a custom certbot container, including the nginx plugins for ease of use
registry.opensuse.org/home/rbrownsuse/containers/containers/certbot https://build.opensuse.org/package/show/home:RBrownSUSE:containers/certbot-image
With a bit of tweaking this might be suitable for including in tumbleweed, though will always behave very differently from the upstream equivalent because I strongly disagree with the approach upstream take with containerised certbot.
This was used to generate the certificates with a run of:
podman run --rm -v /var/opt/rootco-web/data/etc:/etc/nginx -v /var/opt/rootco-web/data/htdocs:/srv/www/htdocs -v /var/opt/rootco-web/letsencrypt:/etc/letsencrypt -p 80:80 -p 443:443 -it registry.opensuse.org/home/rbrownsuse/containers/containers/certbot:latest certbot --standalone --installer nginx
and will now be automatically renewed on a periodic basis using the container also https://github.com/sysrich/salt-states/blob/master/rootco/containerhost/d0/rootco-certbot.service
And so, not only is everything in my life free from regular releases, but everything I need is containerised too :)
---
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
 
• 

  almost 5 years ago by RBrownSUSE | Reply

  Posted Blog Post about this project: Regular Releases Are Wrong

×
Edit Comment 4460
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview
Posted Blog Post about this project: [Regular Releases Are Wrong](https://rootco.de/2020-02-10-regular-releases-are-wrong/)
 
×
Reply to RBrownSUSE
Posted Blog Post about this project: Regular Releases Are Wrong
---
# A First Level Header
## A Second Level Header

Use one asterisk to *emphasize*

Use two asterisks for **strong emphasis**

- Use hyphens
- for unordereed
- lists

This is an [link to example.com](http://example.com/)

This is an image ![an openSUSE geeko icon](https://en.opensuse.org/images/d/d0/Icon-distribution.png)

This is a user link @hans

This is a project link hw#some-cool-title
More Complex Markdown Help
Formatting Help
• Edit
• Preview