Skip to content

14th Week of 2023

Coding

Languages

Configure Docker to host the application

  • New: Disable ipv6.

    sysctl net.ipv6.conf.all.disable_ipv6=1
sysctl net.ipv6.conf.default.disable_ipv6=1

DevOps

Infrastructure as Code

Forgejo

  • New: Introduce Forgejo.

    Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job. The awful name comes from forĝejo, the Esperanto word for forge. I kind of like though the concept of forge for the repositories.

    Brought to you by an inclusive community under the umbrella of Codeberg e.V., a democratic non-profit organization, Forgejo can be trusted to be exclusively Free Software. It is a "soft" fork of Gitea with a focus on scaling, federation and privacy.

    In October 2022 the domains and trademark of Gitea were transferred to a for-profit company without knowledge or approval of the community. Despite writing an open letter, the takeover was later confirmed. The goal of Forgejo is to continue developing the code with a healthy democratic governance.

    On the 15th of December of 2022 the project was born with these major objectives:

    • The community is in control, and ensures we develop to address community needs.
    • We will help liberate software development from the shackles of proprietary tools.

    One of the approaches to achieve the last point is through pushing for the Forgejo federation a much needed feature in the git web application ecosystem.

    On the 29th of December of 2022 they released the first stable release and they have released several security releases between then and now.

    Despite what you choose, the good thing is that as long as it's a soft fork migrating between these software should be straight forward.

    Forgejo outshines Gitea in:

    • Being built up by the people for the people. The project may die but it's not likely it will follow Gitea's path.
    • They are transparent regarding the gobernance of the project which is created through open community discussions.
    • It's a political project that fights for the people's rights, for example through federation and freely incorporating the new additions of Gitea
    • They'll eventually have a better license
    • They get all the features and fixes of Gitea plus the contributions of the developers of the community that run out of Gitea.

    Gitea on the other hand has the next advantages:

    • It's a more stable project, it's been alive for much more time and now has the back up of a company trying to make profit out of it. Forgejo's community and structure is still evolving to a stable state though, although it looks promising!
    • Quicker releases. As Forgejo needs to review and incorporate Gitea's contributions, it takes longer to do a release.

    Being a soft-fork has it's disadvantages too, for example deciding where to open the issues and pull requests, they haven't yet decided which is their policy around this topic.

Authentication

Authentik

  • New: Protect applications that don't have authentication.

    Some applications don't have authentication, for example prometheus. You can use Authentik in front of such applications to add the authentication and authorization layer.

    Authentik can be used as a (very) simple reverse proxy by using its Provider feature with the regular "Proxy" setting. This let's you wrap authentication around a sub-domain / app where it normally wouldn't have authentication (or not the type of auth that you would specifically want) and then have Authentik handle the proxy forwarding and Auth.

    In this mode, there is no domain level nor 'integrated' authentication into your desired app; Authentik becomes both your reverse proxy and auth for this one particular app or (sub) domain. This mode does not forward authentication nor let you log in into any app. It's just acts like an authentication wrapper.

    It's best to use a normal reverse proxy out front of Authentik. This adds a second layer of routing to deal with but Authentik is not NGINX or a reverse proxy system, so it does not have that many configuration options.

    We'll use the following fake domains in this example:

    • Authentik domain: auth.yourdomain.com
    • App domain: app.yourdomain.com
    • Nginx: nginx.yourdomain.com
    • Authentik's docker conter name: auth_server

    The steps are:

    • Configure the proxy provider:
    # ---------------
# -- Variables --
# ---------------

variable "prometheus_url" {
  type        = string
  description = "The url to access the service."
}

# ----------
# -- Data --
# ----------

data "authentik_flow" "default-authorization-flow" {
  slug = "default-provider-authorization-implicit-consent"
}

# --------------------
# --    Provider    --
# --------------------

resource "authentik_provider_proxy" "prometheus" {
  name               = "Prometheus"
  internal_host      = "http://prometheus:9090"
  external_host      = var.prometheus_url
  authorization_flow = data.authentik_flow.default-authorization-flow.id
  internal_host_ssl_validation = false
}

Operating Systems

Linux

Linux Snippets

  • New: Automatic reboot after power failure.

    That's not something you can control in your operating system. That's what the BIOS is for. In most BIOS setups there'll be an option like After power loss with possible values like Power off and Reboot.

    You can also edit /etc/default/grub and add:

    GRUB_RECORDFAIL_TIMEOUT=5

    Then run:

    sudo update-grub

    This will make your machine display the boot options for 5 seconds before it boot the default option (instead of waiting forever for you to choose one).

  • New: Add sshuttle information link.

    If you need a more powerful ssh tunnel you can try sshuttle