Adventures in Code

Homelab Diagrams

Neato diagram

Here’s a diagram of my homelab setup 16 cores and 64GB of RAM on the cloud would be ~$500/month in ap-southeast-2 I’m only expecting local traffic so I’m gonna give catalyst cloud a go for ingress

C a 1 1 1 t v G 0 a C B G l P B y U R s A t M G w e d g e r o u t e r x K t 6 1 2 2 u t 4 1 1 2 h C 6 4 4 b h C 6 6 4 i P G 0 0 e i P G 0 0 n U B G G r n U B G G k B B n k B B c e c e s n t e s s n a v e n a a t t m s t t t r a e r a a e n e s s o s s m s s d m s s 7 d d e 7 d d 2 s 0 0 0 m q ( . k 2 3 s ) p 4 1 1 2 N 2 1 2 2 r C 6 2 4 U C 6 4 4 o P G 0 0 C P G 0 0 d U B G G U B G G e B B i B B s R 5 R k A s n A s n M a v M a v g t m t m 4 a e a e 0 0 s s s s s s s s d d d d n 5 2 e 0 T t 0 B g e G S a B A r T s A 2 a 1 t H 2 a D D N s A s t S d i e t r i 1 e r 0

Reasoning

  1. TINY PUTERS
  2. 16GB of ram is really expensive in the cloud and this hardware is being discarded frequently
  3. Each tiny pc comes with an SSD

catalyst edge node provides a secure public ip and attaches to the tailnet to get access to kubernetes resources

ACLs would be good.

Ditch DNS Go Multicloud

Ditch Cloudflare

Cloudflare doesn’t have good content moderation policies and refuses to remove a hate speech site. So I must move my hosting and money from them.

Context:

https://www.dropkiwifarms.net/

#DropKiwifarms works to end the relationship between far-right hate forum Kiwi Farms and the digital service providers that keep Kiwi Farms active online. We started this campaign after members on the website published private information on Clara Sorrenti, including sexually explicit photos and videos, phone numbers, addresses, her deadname and the private information of her friends and family. Publishing that information led to threats on her life, both implicit and explicit, as well as attempts to end her life through false reports to the police about imminent violence – a practice that has ended the lives of other people.

Plan

  1. copy dns to a file from cloudflare
  2. add zone to google cloud with existing dns entries
  3. move the name servers to be google via metaname

at this point the blog is migrated 😄

for the remaining things I used cloudflare for (reverse proxy and automated TLS)

  1. start a VPS with decent bandwidth
  2. connect VPS to tailscale network
  3. configure caddy as a reverse proxy with tls certs
  4. replicate the app hostname configurations with caddy + tailscale

Terraform Infra

So I was wrong

To remove the public bucket alert I have updated my blog infrastructure. Using code I intended to use for static publishing for a CMS tool. https://github.com/Mossman1215/mountainmoss-tf This uses a cloudfront distribution to control access and the s3 only allows the cloudfront identity to fetch content.

I’m running hugo locally but it would be possible to hook a cms server in ec2 to upload content to the bucket instead. Having a subdomain for api or form content can then allow the dynamic content to be included in the site. This module is intended for that use.

https://github.com/Mossman1215/tf-static-site

I thought that rewriting index.html with lambda code was required based on this article https://danmc.net/posts/aws-cloudfront-default-index/

perma link

but instead it’s easier to turn on ugly urls in hugo (no code is the best code!)

https://gohugo.io/content-management/urls/#ugly-urls