History Whilst at school and college, I loved running servers and bits and pieces. During this time, to host anything, I needed a domain name. Since I was also having fun minimicing services I had been working with during college (whilst working part-time at my old school), I decided to create more a brand-name rather than a personal-esque domain name. After various iterations (including maplehat, mhsolutions and others), as I left college, I had settled on dockstudios.
Blog - MattBits
last update:For a while, I’ve been trying to get away from my previous VPN - OpenVPN. It was clunky and, somewhat, unreliable. I’d start it up, give it a username, password, OTP and it would connect after about 30 seconds. Then I’d leave my laptop for 2 seconds, the screen would go blank and as soon as I shake the mouse, OpenVPN would have disconnected, removed my routes and be asking for re-authentication.
History In my homelab setup, the way services are run are not the simplest of approaches and I often find this bites me - but every challenge is an opening for learning, which is always great (unless I just want something to work). The challenge I’m talking about today is client identification with NAT outside of HTTP. What I mean is, in the world of HTTP, load balancers are often used.
The Problem! I’ve ocassionally found Terraform providers that take an attribute and manipulate it in a way that.. isn’t favourable. This means that, following runs see a change in the attribute (compared) to the attribute passed and want to modify it. For example!… The Docker Terraform provider (by kreuzwerker :D https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs) manipulates the “image” attribute to the SHA digest of the image… This means, that if I create: resource "docker_container" "my_important_container" { .
Dymamic Terraform Provider I wanted to create a proof-of-concept simple method of storing and retrieving data. User X --push--> Database --read--> User Y This would be used as a sort of dictionary for users to query information being published by others. The exact nature and source of the data made Terraform an obvious choice for this. I explored the most basic option: A basic boiler-plated http call: data "http" "example" { url = "https://my-db.
For Christmas last year, I wanted to make a present for my Mum. My parents had recently had solar panels installed with a battery. The system worked, so I was told, that the solar power would: primarily power the house; then charge the battery; once filled heat water for the hot water tank She wanted to be more energy efficient, but knowing when to use the dishwasher and when to have a shower could be complex.
Traefik’s ConsulCatalog plugin provides a defaultRule parameter, which is applied by default to exposed services. The example from the docs (https://doc.traefik.io/traefik/providers/consul-catalog/#defaultrule), suggests: For a given service, if no routing rule was defined by a tag, it is defined by this defaultRule instead. The defaultRule must be set to a valid Go template, and can include sprig template functions. The service name can be accessed with the Name identifier, and the template has access to all the labels (i.
Whilst implementing basic end-to-end tests for, an open source Terraform-cloud alternative, Terrarun (https://github.com/matthewJohn/terrarun), I need to deploy the Hashicorp Terraform cloud agent. The agent (as well as the Terraform-cloud Terraform provider) require a trusted SSL certificate to correctly interact with the server. I’ve deployed various solutions in the past, such as automated distribution of Letsencrypt certificates and Hashicorp Vault for generating complex PKI setups, but not had to deal with generating CA certs and server certificates in a fully automated method.
Gitlab Pipeline Templates For a while, I have built custom pipelines for my Gitlab projects, each starting from scratch and facing the same issues. With the introduction of a new platform for running services, I needed to: Use custom versions of Terraform Inject CA certificates into each container Use a replacement docker registry, which now used authentication, provided by Vault Authenticate to vault for Terraform I created a test application deployment, using base docker images, which resulted in more boiler-plate code than actual deployment logic, so I tested out the Official Gitlab Terraform templates (https://gitlab.
Pre-amble This blog post was written in-flight during a quest to create a secure deployment mechanism for Terraform projects to Vault, Consul and Nomad. The beginning portion was written whilst attempting to use a technique that ended up failing. Feel free to skip this portion and jump to “Using JWT authentication” Intro For the Hashicorp stack of my homelab, I have: Vault cluster Consul cluster (single DC) Nomad servers Nomad clients using multiple datacenters An offline root CA, intermediate CA and terraform state are stored/managed by Minio (local S3-compatible alternative) and an seperated isolated Vault cluster.