G's Blog

tech

Learning C++

I have decided to embark on a journey to learn C++. It's something i've wanted to do for a while and in fact started doing a few years ago but then things got crazy at work and time was not something i had so it got left behind.

Lately i've once again gotten the urge to learn this language. I'm not a programmer by any means. I've dabbled with python in the past and have used it for a few things but always just by learning specific things as i needed them. My want for learning C++ is purely that a want not a need. The choice of C++ is not based on any real reason other than it's popular. I might end up moving to Python if C++ proves too challenging. I'm assuming Python is easier to learn here but that might prove wrong as well.

Anyways for now i will be using the tutorials found here to start my journey. I will also do my best to document the journey here. Both for me to have quick reference to look back on without having to re-read chapters and for anyone who wants to follow my progress.

I don't have any specific need to learn to program (like i wont make it my career) but i do have some random ideas that i might turn into actual things if this pans out.

Anyways that's all for now. Feel free to follow along at the git repo above. I will also blog about any bigger milestones in my journey.

G

#tech #c++ #programing

Setting up Git using SourceHut (Part 2 actually getting GIT working)

So this is a follow up to my last post in which i was setting up selfhosted GIT using SourceHut.

In that post i got everything installed and mostly setup with the exception of being able to pull/push to any git repo. That has now been resolved with the help of a few people on the SourceHut mailing list.

The first “issue” was permissions on the logs for GIT. This was not preventing anything from working but was preventing the issues from being logged properly. So first step was to create the logs

touch /var/log/gitsrht-dispatch touch /var/log/gitsrht-keys touch /var/log/gitsrht-shell

Then set the permissions

chown git:git /var/log/git-*

Then i also changed the user for the git.sr.ht service by editing /usr/lib/systemd/system/git.sr.ht.service

Also ensure the folder hosting your repos is owned by the git user not the gitsrht user as my last post indicated.

sudo chown -R git:git /srv/gitrepos/

Next the root cause of the issue was that the git user did not have a proper shell defined. After i set it's shell to /bin/bash it started giving errors in the gitsrht-shell log.

First we had this:

2020/03/14 15:26:32 Looking up repo: pusher ID 0, repo path
/srv/gitrepos/~marcg/Initial_Repo
2020/03/14 15:26:32 Lookup failed: pq: SSL is not enabled on the server
2020/03/14 15:26:32 Looking up redirect
2020/03/14 15:26:32 Lookup failed: pq: SSL is not enabled on the server
2020/03/14 15:26:32 Repository not found.

I suspected the trouble was this Lookup failed: pq: SSL is not enabled on the server

A quick google search suggested adding this ?sslmode=disable to the connection string for the gitsrht database

which worked to remove that error on the next clone attempt the log showed

2020/03/14 15:32:12 Looking up repo: pusher ID 0, repo path
/srv/gitrepos/~marcg/Initial_Repo
2020/03/14 15:32:12 Lookup failed: sql: no rows in result set
2020/03/14 15:32:12 Looking up redirect
2020/03/14 15:32:12 Lookup failed: sql: no rows in result set
2020/03/14 15:32:12 Repository not found.

Which i was informed “could be caused by a faulty redis cache.” I had to ask for guidance here since i'm not familiar with interacting with redis.

I was told the following:

“You can list your keys like this: redis-cli -n 0 KEYS '*' (where the number after n is your redis cache number) And that should delete all keys: redis-cli -n 0 FLUSHDB”

So i did just that and that and now everything works. I am able to clone/push to my git install.

That's all for now

G

#tech #selfhost

Setting up Git using SourceHut

In this post i will document the process of setting up selfhosted git. I decided to go with SourceHut because of it's modular approach making it less resource intensive. There install documentation leaves much to the user so this should be a fun interesting process. I'm going to try to keep this post organized but it might end up all over the place if so i apologize.

SourceHut is broken up into many modules. For my current needs i will only be setting up the core,meta(login) and git modules. More might be added in the future. So lets get started.

SourceHut provides a repository for Archlinux so step 1 is to add that. This is done by editing the /etc/pacman.conf file and adding this

[sr.ht]
Server = https://mirror.sr.ht/archlinux/sr.ht

after that packages can be installed normally

sudo pacman -Sy meta.sr.ht

This will pull in all required dependencies.

Now the fun begins. The SourceHut documentation states that every module comes with a config.example.ini but for the life of me i could not find it so i manually created the path/file /etc/sr.ht/config.ini and got the content from config.example.ini and carried on.

The config file itself in fairly well explained so i wont go into details here. Simply adapt to my needs. A couple options i'm unsure of

site-info sounds like a landing page type which i don't intend on having. Not sure if it can be blank at this point.

privacy-policy because this will pretty much be a personal/private setup i don't plan on having one of these. It's blank by default so i will leave it.

Next is the database related things. SourceHut uses postgresql as a database so first thing is to create a db and user. I use webmin to do most database tasks so i created the sourcehut user and the db metasrht making the sourcehut user it's owner . Then set connection-string property to

connection-string=postgresql://sourcehut@localhost/metasrht

so the create db function can do it's thing in the next step.

python3
>>> from metasrht.app import db
>>> db.create()

This will create the database for the meta module.

Next we should be able to start the meta.sr.ht service I had to make a change at this point to the port used. Making the change both in the systemd service(/usr/lib/systemd/system/meta.sr.ht.service) file and in the module config. This was required because of everything else i run on this server the port was already used.

Once that change was made all that was required to start the service was

sudo systemctl daemon-reload then sudo systemctl start meta.sr.ht sudo systemctl enable meta.sr.ht

So now the meta service is running but can't be accessed as it's running only locally. What we need is to setup a (sub)domain to point to our server then setup webserver(apahe in my case) to serve the application. So my apache config looks like this

<VirtualHost *:80>
   ServerName shmeta.marcg.pizza

   # Default is to force https
   RewriteEngine on
   RewriteCond %{SERVER_NAME} =shmeta.marcg.pizza
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

   <Location "/.well-known/acme-challenge/">
      Options None
      Require all granted
   </Location>
</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443>
   ServerName shmeta.marcg.pizza

   # Path to ErrorLog and access log
   ErrorLog ${APACHE_LOG_DIR}/shmeta.error.log
   CustomLog ${APACHE_LOG_DIR}/shmeta.access.log combined

   # TLS
   # Feel free to use your own configuration for SSL here or simply remove the
   # lines and move the configuration to the previous server block if you
   # don't want to run funkwhale behind https (this is not recommended)
   # have a look here for let's encrypt configuration:
   # https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
   SSLEngine on
   SSLProxyEngine On
   SSLCertificateFile /etc/letsencrypt/live/marcg.pizza/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/marcg.pizza/privkey.pem


   

   # Configure Proxy settings
   # ProxyPreserveHost pass the original Host header to the backend server
   ProxyVia On
   ProxyPreserveHost On
   <IfModule mod_remoteip.c>
      RemoteIPHeader X-Forwarded-For
   </IfModule>

   # Turning ProxyRequests on and allowing proxying from all may allow
   # spammers to use your proxy to send email.
   ProxyRequests Off

   <Proxy *>
      AddDefaultCharset off
      Order Allow,Deny
      Allow from all
   </Proxy>

   <Location "/">
      LimitRequestBody 104857600

      Header set X-Frame-Options "sameorigin"
      Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"
      Header set Referrer-Policy "strict-origin-when-cross-origin"
      ProxyPass http://127.0.0.1:5002/
      ProxyPassReverse http://127.0.0.1:5002/
   </Location>

   <Location "/static">
      ProxyPass  "!"
   </Location>
   Alias /static /usr/lib/python3.8/site-packages/metasrht/static
  <Directory /usr/lib/python3.8/site-packages/metasrht/static>
   Require all granted
  </Directory>
</VirtualHost>
</IfModule>

This is probably not the best config as i'm no expert here but it works. It's adapted off the config i use for funkwhale.

So great now we can get to the login page. Next part creating the initial admin user.

The documentation has some step on converting an existing user into an admin but nothing specific on creating the user. I saw 2 options

  1. Turn on registration, create user,turn off registration,make user admin
  2. Use the metasrht-createuser script i saw in the source to create the user

Problem was for some reason that script was not installed with the package ( it should be now ). So what i did was simply create a file and past the content of the script into it. Then execute it like so

python metasrht-createuser.py -t admin <user_name> <user_email>

This will prompt for a password and create the user. To prepare the DB for future migrations/upgrades do

srht-migrate meta.sr.ht stamp head && metasrht-migrate stamp head

Voila now we can login to the meta module.

I noticed another issue before moving on. The audit log was always showing 127.0.0.1 as the source IP on all entries. After much searching and trial and error i found a working solution. I sent a patch for the meta package. Not sure if it will get merged as it may not be the ideal way to do this. It works for me.

Moving on to git.

The git.sr.ht is again installed like any other package

sudo pacman -S git.sr.ht this will install it and it's dependencies

Now we look at config.example.ini and add the [git.sr.ht] and [git.sr.ht::dispatch] sections to our /etc/sr.ht/config.ini making the require changes and setting up oauth from our meta installation.

Now setup the DB

python3
>>> from gitsrht.app import db
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.8/site-packages/gitsrht/app.py", line 7, in <module>
    from gitsrht.repos import GitRepoApi
  File "/usr/lib/python3.8/site-packages/gitsrht/repos.py", line 5, in <module>
    from minio import Minio
  File "/usr/lib/python3.8/site-packages/minio/__init__.py", line 36, in <module>
    from .api import Minio
  File "/usr/lib/python3.8/site-packages/minio/api.py", line 49, in <module>
    import certifi
ModuleNotFoundError: No module named 'certifi'

What's this? A missing dependancie.(I've sent a patch to add it to the package so this may no longer be an issues) No problem lets install it

sudo pacman -S python-certifi

then again

python3
>>> from metasrht.app import db
>>> db.create()

This gave a warning “Unable to ensure delegated scopes are provisioned. Is https://shmeta.marcg.pizza reachable? This may render the API unusable.” Lets see if everything works in the end.

Next prepare the DB for future migrations

srht-migrate git.sr.ht stamp head && gitsrht-migrate stamp head

Setup the folder to hold repos

sudo mkdir /srv/gitrepos or whatever you set in your config

and make the gitsrht user it's owner

sudo chown -R gitsrht:gitsrht /srv/gitrepos/

Now the apache config. Just copy the one for the meta module and adapt the servername and such.

Make sure to add to apache main config and restart apache. Start the git.sr.ht service

Create cron entry or systemd timer to run /usr/bin/gitsrht-periodic every 20 minutes.

Example systemd timer/service

gitsrht-periodic.timer

[Unit]
Description=Run gitsrht-periodic every 20 minutes

[Timer]
OnBootSec=20min
OnUnitActiveSec=20min
Unit=gitsrht-periodic.service

[Install]
WantedBy=timers.target

gitsrht-periodic.service

[Unit]
Description=Nextcloud cron.php job

[Service]
User=gitsrht
ExecStart=/usr/bin/gitsrht-periodic

[Install]
WantedBy=basic.target

Then start/enable the timer.

This also needs to be done for metasrht-daily but have it run daily.

So with all this i now have a working meta module to handle login/users and a “working” git module. I have working in quotations here because altho i can login and create a repo i can't pull/push anything over ssh(did not setup/try over http(s)). I get some errors. Reach out for support i will post an update when i have it working.

And with that

That's all for now. Hope this post made sense. Let me know if you have any questions/comments.

See Part 2 where i get GIT fully working.

G

#tech #selfhost

PinePhone has arrived

So this actually happened a few day ago (Thursday Feb 27th) but i did not take the time to post here.

Anyways the day finally came!!

PinePhone image here

I'm so excited to start playing with this. I have done some playing around and documented some of it here

and here

There will be more to come so watch here, on peertube and on pleroma for more updates.

That's all for now

G

#pinephone #tech

Adventures with BSD Episode 2(AKA Yub(sd)ico)

So this is going to be a relativity quick post. I got my yubikey working on GhostBSD.

This was something really simple and stupid in the end(As i suspected). In the process of moving away from systemd on linux i had to re-enable all boot time services. One of which was pcscd which is a service for interacting with smart cards which the yubikey is one(or at least that's how it's interface to)

So all that was needed was to install pcsc-lite from the software station. Then run

sudo service pcscd start

And the yubico authenticator desktop app now finds my yubikey and is able to generate OTP codes!! YAY!

Then to ensure the service is started at boot

sudo rc-update add pcscd default

and voila working yubikey on BSD.

That's all for now

G

#bsd #tech

So long Systemd!

So I, like probably a fair chunk of you, have always felt like systemd was forced onto me. I did not ask for a new init system. Systemd in may ways is doing more than what an init system should do. In some ways that's great but an init system should just init. I was finding myself getting used to it after the last few years(had avoided it till then). Probably partly due to the fact that it EVERYWHERE. I was actually starting to like it even. I finally had enough and woke up.

Yesterday I read an article about the systemd devs trying to force a change on the linux kernel because they did not want to change how systemd worked. Now it turns out that this article was like 6 years old but still it highlighted the fact that systemd is trying to be more than what it is. Kernel is king! Everything else comes after.

So this morning I migrated from Arch Linux to Artix Linux. It was fairly smooth other than a few issues related to having root on encrypted partition but those where mostly my doing in trying to go too quickly. No format/reinstall and no more systemd!

My views may be ill explained but that's it for this post.

Have a great day

G

#linux #nosystemd #tech

Adventures with BSD Episode 1 (AKA:Hello from BSD)

So back in November I won a small little HP laptop from my work Christmas party. First I figured I would just distro hop around on it for fun. Then I decided that since I always wanted to try out BSD I would do so on it.

So first order of business was to pick a distribution of BSD to try. I settled on GhostBSD as a first go for no real reason other than it's a Canadian distribution.

Booting into live environment and performing the install went smooth. I went with all the defaults to have a higher chance of success.

First boot things started looking bleak. The touchpad was not working at that point I was not sure if the whole system froze or if it was just the touchpad. I stole the wireless mouse from my desktop and to my delight the cursor started moving. YAY!

Got logged in and started looking around. Really if you did not see the system boot or if you don't run uname -a from terminal you would have almost no clue it's not linux.

So i launched a terminal and did just that:

marcg@marc /u/h/marcg> uname -a
FreeBSD marc.ghostbsd-pc.home 12.1-STABLE FreeBSD 12.1-STABLE GENERIC  amd64

I was also quite pleased to see fish as the default shell it's what I use on Linux and I love it (maybe a post for another day).

So next I ran dmesg just to see how the output differs from Linux and I was greeted with this:

dmesg_screenshot_here

So even tho the system seemed to be running just fine I would not have that error constantly spamming system logs.

A quick google search turned up that the issue was because the emmc in the laptop does not support the trim command and offered a solution. Add the following to /etc/sysctl.conf:

vfs.zfs.trim.enabled=0

So I did that and rebooted. But after reboot the error still repeated. Now during boot I noticed systemd complain about something so I did ctrl+F1 to see what was up and caught something about how the above directive should be in /boot/loader.conf so I moved it to that file and rebooted again. Either things differ between FreeBSD and GhostBSD or the info on placement under FreeBSD was outdated. Either way No more error! Yay!

I will keep using it for a while. Things to fix/For future posts:

  1. Get WiFi working. Not much of a laptop if I have to be plugged in. Hopefully this is doable

  2. Fix touchpad. Otherwise I'll have to get a new mouse since going back and forth is annoying.

  3. Get sleep working properly. It goes to sleep good(like when i close the laptop lid) but it does not wake up. Screen stays black.

  4. Get yubikey working. Tried using it and even tho the software is available something must be missing kernel side or something as it is never detected by any of the yubi apps. Not as big a deal since I can use my phone.

That's all for now.

G

#bsd #tech