Vasili's Blog

In today's episode my guest is Yurii Rashkovskii, an entrepreneur and hacker extraordinaire. We nerd out about databases in general and #Omnigres is particular. We get up to some very esoteric things later on, and this is the longest episode we've had so far, so there's a lot of interesting concepts that are being discussed.

#podcast #rdbms #omnigres #spacetimedb #tigerbeetle

In this episode I recount my experiences at #siberx #odtn Operation: Defend the North, and in the latter part we talk more about how to improve your personal security posture and how to help your family do the same.

#podcast #cybersecurity #odtn #beekeeper

Part 1. The beginning

So, I've been running my homelab for a while now, running several services on it, some of which are exposed to the outside. I'd like to be able to access my media collection and photo library and things like that.

In order to make it happen, one could go with a bunch of various HomeLab Homepage software, but I'm quite hands on, so I decided to use Traefik.

Traefik is a proxy server in it's basic form, and unlike nginx it has a bunch of nifty features, such as dynamic runtime configuration, automatic certificate provisioning, built-in metric, etc. It does sacrifice the ability to do other things, though. Not sure if you can proxy directly to unix sockets, for instance. Or run php. But as I wasn't having fun with certbot and nginx on my “production” machine, automatically dealing with certificates was a really nice thing to have.

I've created an lxc container in my ProxMox instance, rolled out Alpine on it, and downloaded the traefik binary. After poking a bit with the documentation, I was able to create a directory with config files (I guess my nostalgia for nginx's /etc/nginx/sites-available/ is ingrained too deeply). Once I put some yaml files into that directory the server would automatically pick them up and reconfigure itself without having to do any restarts... Awesome.

Part 2. Keeping up to date

Some time after starting with my ProxMox journey, I've discovered the excellent VE Helper Scripts. It's a collection of small scripts that help you automatically provision various pieces of software (traefik being one of them). I've used it so far to provision Home Assistant for managing my smart home, iVentoy for iPXE booting, n8n and NodeRed for playing with various automation pipelines. It makes a quick work of these things and also allows you to update the main software for that VM or Container.

But the traefik container I've installed manually, so any time I wanted to do an update, I'd have to ssh into it, download new traefik binary, and do that whole song and dance, so I thought, why don't I migrate to a new container, provisioned with a helper script, so that I can keep it updated much easier.

Part 3. The new container

I got the container provisioned, but now I started feeling like manual configuration in yaml files is suboptimal. I'm getting quite lazy with age, and having some kind of UI for some tasks certainly has its draws. I began looking and stumbled upon Mantrae, which provides a UI for configuring Traefik.

You see, Traefik can dynamically read its configuration from a URL. And Mantrae outputs a traefik-compatible JSON file. It can also connect to traefik's API to get a bunch of information from the existing instance.

I deployed it and started configuring the new instance. (All the traffic was still routed to the old traefik instance).

To create the configuration you can use the following command:

systemctl edit --force --full mantrae.service

and put in the following config

[Unit]
After=network.target
Description=Traefik Configuration Daemon

[Service]
EnvironmentFile=-/opt/mantrae/.env
Type=simple
ExecStart=/opt/mantrae/current/mantrae

[Install]
WantedBy=network.target

In my case I keep my software that I install from binaries under /opt/software-name/v1.2.3 and then I symlink /opt/software-name/current to a most recent version. This way I can extract the tarball into the corresponding version, adjust the symlink and try it out. I can easily roll back to the previous version as well.

Make sure to generate secrets as the docs suggest and put them into the .env file. I've also changed my admin username and password. You can find all the env vars in the documentation.

Part 4. Configuration

After downloading a binary and creating a quick systemd launch configuration I was able to get to the Web UI.

creating a profile

This points to the traefik instance, and once it's created you should be able to see the stats traefik server status

Now we can create a Router... creating a router ... and add a service adding a service

I couldn't get Mantrae to automatically detect my certificate resolver, but you can look it up in your traefik.yaml, in my case it was predictably Let's Encrypt

certificatesResolvers:
  letsencrypt:

So just type letsencrypt in the “Resolver” field.

Part 5. Wiring up traefik and switchover

In order for traefik to use it, we have to add it to the main config. Originally I tried to put it into the dynamic folder, but that didn't work at all, so just put it into the main config, probably /etc/traefik/traefik.yaml

providers:
  file:
    directory: /etc/traefik/conf.d/
    watch: true
  http:
    endpoint: http://localhost:3000/api/Default

In my case they both run on the same container, and the capitalization matters in the url.

After restarting traefik I was able to see the http provider in the dashboard

http provider

I've configured all my existing services, basically mirroring my original traefik instance via Mantrae, so that all of them were set up through it's UI. After comparing the two dashboards, to make sure everything is the same, there was one step left. I wanted to re-use my certificates that were already provisioned, so a quick

scp old-traefik:/opt/traefik/acme.json /etc/traefik/ssl/acme.json

and the cert storage was moved over.

Then I simply went to my router, and pointed it to the IP address of the new container, and that was done...

My Uptime Kuma has recorded a small blip of an outage, as my router was restarting, but that quickly got resolved.

I'll write about setting that up in another post

#homelab #traefik #mantrae #uptimekuma

In today's episode we talk about E-Commerce and the issues of Fraud and some ways of dealing with it. We talk about why Amazon's e-commerce business is so successful, and a few other related things.

In today's episode we talk about origins of Single Sign-On, the demise of Skype, Nokia and Blackberry. The marketing woes of Microsoft's mobile endeavours. The latter half is going on about a recent spicy take of “Write bad code” and how I interpret what it means.

#podcast #skype #nokia #blackberry #livejournal #openid #sso #goodcode #badcode

In today's episode we chat about how to deal with rockstar devs, the importance of one-on-ones, and various aspects of culture fit. Throughout the episode we also go over how overall culture has changed in the dev world and what could've cause those changes. Check it out!

#podcast #culturefit #rockstars

EOM

In today's episode we talk about photography, importance of sleep, stress and its effects on personality, and professional boundaries and dealing with transgressions.

Photograps mentioned in the episode are here.

#podcast #photography #sleep #transgressions #burnout #empathy

In this episode we talk about legacy code, going around nuances with SOLID, Clean Code, DRY, etc... And also talk about testing, and what is appropriate for which categories of tests... Check it out.

In today's episode we talk about my opinions on the current economic state of tech sector and the mass hirings and layoffs. In the second part we chat about whether or not AI would follow the regular tech hype curve, and whether we are about to start the downswing from the current peak. Viability of AI assistants reaching intermediate dev levels any time soon and more. In the last part we chat about life advice industry, type A and B personality and a notable example of it.

#podcast #economics #it #typea #elonmusk