Setting up Git using SourceHut (Part 2 actually getting GIT working)

So this is a follow up to my last post in which i was setting up selfhosted GIT using SourceHut.

In that post i got everything installed and mostly setup with the exception of being able to pull/push to any git repo. That has now been resolved with the help of a few people on the SourceHut mailing list.

The first “issue” was permissions on the logs for GIT. This was not preventing anything from working but was preventing the issues from being logged properly. So first step was to create the logs

touch /var/log/gitsrht-dispatch touch /var/log/gitsrht-keys touch /var/log/gitsrht-shell

Then set the permissions

chown git:git /var/log/git-*

Then i also changed the user for the git.sr.ht service by editing /usr/lib/systemd/system/git.sr.ht.service

Also ensure the folder hosting your repos is owned by the git user not the gitsrht user as my last post indicated.

sudo chown -R git:git /srv/gitrepos/

Next the root cause of the issue was that the git user did not have a proper shell defined. After i set it's shell to /bin/bash it started giving errors in the gitsrht-shell log.

First we had this:

2020/03/14 15:26:32 Looking up repo: pusher ID 0, repo path
/srv/gitrepos/~marcg/Initial_Repo
2020/03/14 15:26:32 Lookup failed: pq: SSL is not enabled on the server
2020/03/14 15:26:32 Looking up redirect
2020/03/14 15:26:32 Lookup failed: pq: SSL is not enabled on the server
2020/03/14 15:26:32 Repository not found.

I suspected the trouble was this Lookup failed: pq: SSL is not enabled on the server

A quick google search suggested adding this ?sslmode=disable to the connection string for the gitsrht database

which worked to remove that error on the next clone attempt the log showed

2020/03/14 15:32:12 Looking up repo: pusher ID 0, repo path
/srv/gitrepos/~marcg/Initial_Repo
2020/03/14 15:32:12 Lookup failed: sql: no rows in result set
2020/03/14 15:32:12 Looking up redirect
2020/03/14 15:32:12 Lookup failed: sql: no rows in result set
2020/03/14 15:32:12 Repository not found.

Which i was informed “could be caused by a faulty redis cache.” I had to ask for guidance here since i'm not familiar with interacting with redis.

I was told the following:

“You can list your keys like this: redis-cli -n 0 KEYS '*' (where the number after n is your redis cache number) And that should delete all keys: redis-cli -n 0 FLUSHDB”

So i did just that and that and now everything works. I am able to clone/push to my git install.

That's all for now

G

#tech #selfhost

Until next time. Stay safe!

G @mgrondin@youdabomb.social

Setting up Git using SourceHut

In this post i will document the process of setting up selfhosted git. I decided to go with SourceHut because of it's modular approach making it less resource intensive. There install documentation leaves much to the user so this should be a fun interesting process. I'm going to try to keep this post organized but it might end up all over the place if so i apologize.

SourceHut is broken up into many modules. For my current needs i will only be setting up the core,meta(login) and git modules. More might be added in the future. So lets get started.

SourceHut provides a repository for Archlinux so step 1 is to add that. This is done by editing the /etc/pacman.conf file and adding this

[sr.ht]
Server = https://mirror.sr.ht/archlinux/sr.ht

after that packages can be installed normally

sudo pacman -Sy meta.sr.ht

This will pull in all required dependencies.

Now the fun begins. The SourceHut documentation states that every module comes with a config.example.ini but for the life of me i could not find it so i manually created the path/file /etc/sr.ht/config.ini and got the content from config.example.ini and carried on.

The config file itself in fairly well explained so i wont go into details here. Simply adapt to my needs. A couple options i'm unsure of

site-info sounds like a landing page type which i don't intend on having. Not sure if it can be blank at this point.

privacy-policy because this will pretty much be a personal/private setup i don't plan on having one of these. It's blank by default so i will leave it.

Next is the database related things. SourceHut uses postgresql as a database so first thing is to create a db and user. I use webmin to do most database tasks so i created the sourcehut user and the db metasrht making the sourcehut user it's owner . Then set connection-string property to

connection-string=postgresql://sourcehut@localhost/metasrht

so the create db function can do it's thing in the next step.

python3
>>> from metasrht.app import db
>>> db.create()

This will create the database for the meta module.

Next we should be able to start the meta.sr.ht service I had to make a change at this point to the port used. Making the change both in the systemd service(/usr/lib/systemd/system/meta.sr.ht.service) file and in the module config. This was required because of everything else i run on this server the port was already used.

Once that change was made all that was required to start the service was

sudo systemctl daemon-reload then sudo systemctl start meta.sr.ht sudo systemctl enable meta.sr.ht

So now the meta service is running but can't be accessed as it's running only locally. What we need is to setup a (sub)domain to point to our server then setup webserver(apahe in my case) to serve the application. So my apache config looks like this

<VirtualHost *:80>
   ServerName shmeta.marcg.pizza

   # Default is to force https
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =shmeta.marcg.pizza
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

   <Location "/.well-known/acme-challenge/">
      Options None
      Require all granted
   </Location>
</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443>
   ServerName shmeta.marcg.pizza

   # Path to ErrorLog and access log
   ErrorLog ${APACHE_LOG_DIR}/shmeta.error.log
   CustomLog ${APACHE_LOG_DIR}/shmeta.access.log combined

   # TLS
   # Feel free to use your own configuration for SSL here or simply remove the
   # lines and move the configuration to the previous server block if you
   # don't want to run funkwhale behind https (this is not recommended)
   # have a look here for let's encrypt configuration:
   # https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
   SSLEngine on
   SSLProxyEngine On
   SSLCertificateFile /etc/letsencrypt/live/marcg.pizza/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/marcg.pizza/privkey.pem


   

   # Configure Proxy settings
   # ProxyPreserveHost pass the original Host header to the backend server
   ProxyVia On
   ProxyPreserveHost On
   <IfModule mod_remoteip.c>
      RemoteIPHeader X-Forwarded-For
   </IfModule>

   # Turning ProxyRequests on and allowing proxying from all may allow
   # spammers to use your proxy to send email.
   ProxyRequests Off

   <Proxy *>
      AddDefaultCharset off
      Order Allow,Deny
      Allow from all
   </Proxy>

   <Location "/">
      LimitRequestBody 104857600

      Header set X-Frame-Options "sameorigin"
      Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"
      Header set Referrer-Policy "strict-origin-when-cross-origin"
      ProxyPass http://127.0.0.1:5002/
      ProxyPassReverse http://127.0.0.1:5002/
   </Location>

   <Location "/static">
      ProxyPass  "!"
   </Location>
   Alias /static /usr/lib/python3.8/site-packages/metasrht/static
  <Directory /usr/lib/python3.8/site-packages/metasrht/static>
   Require all granted
  </Directory>
</VirtualHost>
</IfModule>

This is probably not the best config as i'm no expert here but it works. It's adapted off the config i use for funkwhale.

So great now we can get to the login page. Next part creating the initial admin user.

The documentation has some step on converting an existing user into an admin but nothing specific on creating the user. I saw 2 options

1. Turn on registration, create user,turn off registration,make user admin
2. Use the metasrht-createuser script i saw in the source to create the user

Problem was for some reason that script was not installed with the package ( it should be now ). So what i did was simply create a file and past the content of the script into it. Then execute it like so

python metasrht-createuser.py -t admin <user_name> <user_email>

This will prompt for a password and create the user. To prepare the DB for future migrations/upgrades do

srht-migrate meta.sr.ht stamp head && metasrht-migrate stamp head

Voila now we can login to the meta module.

I noticed another issue before moving on. The audit log was always showing 127.0.0.1 as the source IP on all entries. After much searching and trial and error i found a working solution. I sent a patch for the meta package. Not sure if it will get merged as it may not be the ideal way to do this. It works for me.

Moving on to git.

The git.sr.ht is again installed like any other package

sudo pacman -S git.sr.ht this will install it and it's dependencies

Now we look at config.example.ini and add the [git.sr.ht] and [git.sr.ht::dispatch] sections to our /etc/sr.ht/config.ini making the require changes and setting up oauth from our meta installation.

Now setup the DB

python3
>>> from gitsrht.app import db
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.8/site-packages/gitsrht/app.py", line 7, in <module>
    from gitsrht.repos import GitRepoApi
  File "/usr/lib/python3.8/site-packages/gitsrht/repos.py", line 5, in <module>
    from minio import Minio
  File "/usr/lib/python3.8/site-packages/minio/__init__.py", line 36, in <module>
    from .api import Minio
  File "/usr/lib/python3.8/site-packages/minio/api.py", line 49, in <module>
    import certifi
ModuleNotFoundError: No module named 'certifi'

What's this? A missing dependancie.(I've sent a patch to add it to the package so this may no longer be an issues) No problem lets install it

sudo pacman -S python-certifi

then again

python3
>>> from metasrht.app import db
>>> db.create()

This gave a warning “Unable to ensure delegated scopes are provisioned. Is https://shmeta.marcg.pizza reachable? This may render the API unusable.” Lets see if everything works in the end.

Next prepare the DB for future migrations

srht-migrate git.sr.ht stamp head && gitsrht-migrate stamp head

Setup the folder to hold repos

sudo mkdir /srv/gitrepos or whatever you set in your config

and make the gitsrht user it's owner

sudo chown -R gitsrht:gitsrht /srv/gitrepos/

Now the apache config. Just copy the one for the meta module and adapt the servername and such.

Make sure to add to apache main config and restart apache. Start the git.sr.ht service

Create cron entry or systemd timer to run /usr/bin/gitsrht-periodic every 20 minutes.

Example systemd timer/service

gitsrht-periodic.timer

[Unit]
Description=Run gitsrht-periodic every 20 minutes

[Timer]
OnBootSec=20min
OnUnitActiveSec=20min
Unit=gitsrht-periodic.service

[Install]
WantedBy=timers.target

gitsrht-periodic.service

[Unit]
Description=Nextcloud cron.php job

[Service]
User=gitsrht
ExecStart=/usr/bin/gitsrht-periodic

[Install]
WantedBy=basic.target

Then start/enable the timer.

This also needs to be done for metasrht-daily but have it run daily.

So with all this i now have a working meta module to handle login/users and a “working” git module. I have working in quotations here because altho i can login and create a repo i can't pull/push anything over ssh(did not setup/try over http(s)). I get some errors. Reach out for support i will post an update when i have it working.

And with that

That's all for now. Hope this post made sense. Let me know if you have any questions/comments.

See Part 2 where i get GIT fully working.

G

#tech #selfhost

Until next time. Stay safe!

G @mgrondin@youdabomb.social

PinePhone has arrived

So this actually happened a few day ago (Thursday Feb 27th) but i did not take the time to post here.

Anyways the day finally came!!

I'm so excited to start playing with this. I have done some playing around and documented some of it here

and here

There will be more to come so watch here, on peertube and on pleroma for more updates.

That's all for now

G

#pinephone #tech

Until next time. Stay safe!

G @mgrondin@youdabomb.social

Adventures with BSD Episode 2(AKA Yub(sd)ico)

So this is going to be a relativity quick post. I got my yubikey working on GhostBSD.

This was something really simple and stupid in the end(As i suspected). In the process of moving away from systemd on linux i had to re-enable all boot time services. One of which was pcscd which is a service for interacting with smart cards which the yubikey is one(or at least that's how it's interface to)

So all that was needed was to install pcsc-lite from the software station. Then run

sudo service pcscd start

And the yubico authenticator desktop app now finds my yubikey and is able to generate OTP codes!! YAY!

Then to ensure the service is started at boot

sudo rc-update add pcscd default

and voila working yubikey on BSD.

That's all for now

G

#bsd #tech

Until next time. Stay safe!

G @mgrondin@youdabomb.social

So long Systemd!

So I, like probably a fair chunk of you, have always felt like systemd was forced onto me. I did not ask for a new init system. Systemd in may ways is doing more than what an init system should do. In some ways that's great but an init system should just init. I was finding myself getting used to it after the last few years(had avoided it till then). Probably partly due to the fact that it EVERYWHERE. I was actually starting to like it even. I finally had enough and woke up.

Yesterday I read an article about the systemd devs trying to force a change on the linux kernel because they did not want to change how systemd worked. Now it turns out that this article was like 6 years old but still it highlighted the fact that systemd is trying to be more than what it is. Kernel is king! Everything else comes after.

So this morning I migrated from Arch Linux to Artix Linux. It was fairly smooth other than a few issues related to having root on encrypted partition but those where mostly my doing in trying to go too quickly. No format/reinstall and no more systemd!

My views may be ill explained but that's it for this post.

Have a great day

G

#linux #nosystemd #tech

Until next time. Stay safe!

G @mgrondin@youdabomb.social

Music Discovery

Let me start this off by stating the all my(teenage/adult) life I've been a Rock/Punk/Metal guy (With the occasional Glen Campbell). I've been satisfied with that. Recently I discovered I may have been missing out.

This journey all started New Years Eve when someone I follow on mastodon boosted a post from a musician about there recent (Unreleased at the time) album. I'm not sure what it was about it. The cover? The album name? I'll never know for sure but I told myself I would have a listen when I had time. Boy was I in for a surprise.

The album/artist that started this out is Ride Eternal by Eyeshadow FM 2600 If you follow me on Mastodon you would have seen me post about it before. From the first listen it had me hooked. It's a journey from start to finish. Do yourself a favor and check it out. I particularly like What Doesn't Kill You. I also quite enjoy Vice City Dead and Shallow Grave. Those 2 songs feel like 1 they merge together so great.

So with that I had discovered SynthWave/DarkSynth/RetroSynth. A genre of music I had never delved into or even knew existed. I spent the next few day sampling more of Eyeshadow FM 2600's offerings and was not disappointed.

I am continuing on this journey. Many artists to discover. So let me highlight a couple more.

The way I did this discovery was using the synthwave tag on bandcamp and looking for interesting album cover art/name. First one to catch my eye was The order of Chaos by DEADLIFE. Again based on the cover it seemed interesting and did not disappoint. It's dark and groovy and best enjoyed from start to finish. I'm still really discovering this artist and I'll be obtaining more of his stuff in the coming days. He's also working on a new album and recently dropped A single. Sounds very promising.

The next cover that caught me was that of Liminality by DreamReaper. It's another great album filled with epic beats sure to keep you grooving no matter what you are doing. Best enjoyed in it's entirety. Still lots more by him to check out as well which I will be doing.

Well that's all for now. Keep in mind I'm no professional music reviewer. However do yourself a favor and check out these artists well worth the time. Also make sure you show them your support so they keep putting out great music. World needs more of these independent artists. Ones not directed by greedy music labels/industry.

Take care.

G

#music #synthwave

Until next time. Stay safe!

G @mgrondin@youdabomb.social

Quick FOSDEM update

Most of you reading this probably know of FOSDEM. For anyone that does not it's a yearly conference event focusing on Open source.

I've heard of it and watched some talks from it over the years. This year so far I've only watched a couple. Plan on watching more once the archive goes up. I'll update this post with links to the replays for the ones I'm going to mention here.

Today i happen to catch FreeBSD Around the World! (Recording is up) Which was a very informative talk about the history of FreeBSD. It was very interesting to see where FreeBSD originated. I had an idea that it was closly related to original Unix but did not know just how close. Was also interesting to find out that Netflix uses FreeBSD as the base for the operating system they use on all there nodes/servers. They had a talk about it last year at FOSDEM. Worth a watch as well.

Next came the talk i was most looking forward to Regaining control of your smartphone with postmarketOS and Maemo Leste. (Edit Feb4th:Recording is up)Here one of the developers of postmarketOS and one from Maemo Leste talked about the status and future of linux on phones and the drive to get devices running mainline linux. They talked about the PinePhone and the Librem 5 and how these 2 devices are helping to really kick-start that effort. Still all in very early stages but most things are working/coming along at great pace.

I'll update this post with links to the videos once they are up. I will also probably follow up with a second post on FOSDEM once i get a chance to watch more of the presentations.

#fosdem

That's all for now.

G

Until next time. Stay safe!

G @mgrondin@youdabomb.social

Adventures with BSD Episode 1 (AKA:Hello from BSD)

So back in November I won a small little HP laptop from my work Christmas party. First I figured I would just distro hop around on it for fun. Then I decided that since I always wanted to try out BSD I would do so on it.

So first order of business was to pick a distribution of BSD to try. I settled on GhostBSD as a first go for no real reason other than it's a Canadian distribution.

Booting into live environment and performing the install went smooth. I went with all the defaults to have a higher chance of success.

First boot things started looking bleak. The touchpad was not working at that point I was not sure if the whole system froze or if it was just the touchpad. I stole the wireless mouse from my desktop and to my delight the cursor started moving. YAY!

Got logged in and started looking around. Really if you did not see the system boot or if you don't run uname -a from terminal you would have almost no clue it's not linux.

So i launched a terminal and did just that:

marcg@marc /u/h/marcg> uname -a
FreeBSD marc.ghostbsd-pc.home 12.1-STABLE FreeBSD 12.1-STABLE GENERIC  amd64

I was also quite pleased to see fish as the default shell it's what I use on Linux and I love it (maybe a post for another day).

So next I ran dmesg just to see how the output differs from Linux and I was greeted with this:

So even tho the system seemed to be running just fine I would not have that error constantly spamming system logs.

A quick google search turned up that the issue was because the emmc in the laptop does not support the trim command and offered a solution. Add the following to /etc/sysctl.conf:

vfs.zfs.trim.enabled=0

So I did that and rebooted. But after reboot the error still repeated. Now during boot I noticed systemd complain about something so I did ctrl+F1 to see what was up and caught something about how the above directive should be in /boot/loader.conf so I moved it to that file and rebooted again. Either things differ between FreeBSD and GhostBSD or the info on placement under FreeBSD was outdated. Either way No more error! Yay!

I will keep using it for a while. Things to fix/For future posts:

1. Get WiFi working. Not much of a laptop if I have to be plugged in. Hopefully this is doable

2. Fix touchpad. Otherwise I'll have to get a new mouse since going back and forth is annoying.

3. Get sleep working properly. It goes to sleep good(like when i close the laptop lid) but it does not wake up. Screen stays black.

4. Get yubikey working. Tried using it and even tho the software is available something must be missing kernel side or something as it is never detected by any of the yubi apps. Not as big a deal since I can use my phone.

That's all for now.

G

#bsd #tech

Until next time. Stay safe!

G @mgrondin@youdabomb.social

PinePhone(ARM) Build Environment setup

So as most of you already know i have ordered a PinePhone. I want to be able to contribute and test as much as I can so I wanted to be able to build packages for it. I figured building direct on the device would be painfully slow so wanted to set something up on my desktop to do so.

I bounced around a few ideas. Cross Compile, Chroot to cross compile in, Emulate ARM with Qemu... In the end I decided to give the Qemu option a go first as it seems like the easiest to setup/maintain. I wasn't completely wrong but it was also a little more complicated than i had assumed at first.

My first idea was just to run one of the pinephone images using qemu. Turns out that can't really be done as qemu can't fully emulate the pinephone. So my next attempt was to run ArchARM using qemu. This is what i will detail here.

So first step is to download the latest generic ARM package found here.

I have setup a folder to host all the files related to ArchARM. So we will want to create an image to hold the ArchARM file system. We do this like so

qemu-img create -f qcow2 -o preallocation=full ArchARM.img 64G

This will create a 64GB image and preallocate the space. This will improve performance.

Next we will create a filesystem and mount this image to copy the base ArchARM system to it. To do this we need to install libguestfs. It is in the AUR and i think soon to be in the community repo. With that installed we can:

Create the filesystem inside the image virt-format --filesystem=ext4 -a ArchARM.img

make the folder to mount it on sudo mkdir /mnt/virtfs

Mount the image sudo guestmount -m /dev/sda1 -a ArchARM.img /mnt/virtfs/

The -m option specifies the partition inside the image to mount. This is not the sda1 on your actual system.

Now we can extract the ArchARM archive to the image

This should be done as root(Not using sudo)

bsdtar -xpf ArchLinuxARM-aarch64-latest.tar.gz -C /mnt/virtfs

Now we need the kernel and initrd from the image so we can boot it with qemu

cp /mnt/virtfs/boot/Image.gz .

cp /mnt/virtfs/boot/initramfs-linux.img .

This will need to be done anytime the kernel is updated in the Virtual Machine.

Now we can unmount the image and we should be able to boot our ARM VirtualMachine.

After some trial and error the proper command to do this is:

qemu-system-aarch64 -machine virt -cpu cortex-a53 -nographic -m 2048 -smp cores=4 -kernel /media/Storage/ArchARM/Image.gz -initrd /media/Storage/ArchARM/ArchARM/boot/initramfs-linux.img -append 'root=/dev/vda1 rw quiet' -drive if=none,file=/media/Storage/ArchARM/ArchARM.img,format=qcow2,id=hd -device virtio-blk-pci,drive=hd -netdev user,id=mynet -device virtio-net-pci,netdev=mynet

This will give the VM 2GB of ram and 4 processor cores. Adjust if your system can't provide that comfortably.

If all goes well you'll get into ArchARM

Starting version 243.162-2-arch
/dev/vda1: clean, 34582/4194304 files, 635873/16777184 blocks

Arch Linux 5.4.1-1-ARCH (ttyAMA0)

alarm login: alarm
Password: 
[alarm@alarm ~]$ uname -a
Linux alarm 5.4.1-1-ARCH #1 SMP Sat Nov 30 18:54:05 UTC 2019 aarch64 GNU/Linux
[alarm@alarm ~]$

YAY!! now have a fully working ARM system.

Only other thing I'm doing is creating a function in fish(my shell. Bash users could create an alias) so that i can start up this VM by just typing strarm.

Hope this was helpful to some. Let me know if you have any questions or feedback.

Have a great day

G

#Tech #ARM #PinePhone

Until next time. Stay safe!

G @mgrondin@youdabomb.social

Hello Everyone

I have decided to migrate my blog from using Github Pages to self hosting it using WriteFreely. If all goes well i'll be able to boost this on Mastodon.

I will still post sporadically when I have time and something worth sharing.

I will also be migrating my old posts at some point. Probably over the weekend.

That's all for now.

Have a great day.

G

#Tech #Meta #SelfHost #Migration

Until next time. Stay safe!

G @mgrondin@youdabomb.social