Month: June 2022

Posted on

I Survived Self-Hosting a Wiki With Podman!

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am setting up not one, but two personal wikis on my home network. Let’s get started!

A Personal Wiki

Wikis are the reference material of choice for the casual researcher in this day and age. The content of the subject encyclopedia is turbocharged by the power of the hyperlink when compared to a volume/page reference that can take minutes to weeks to “load” depending on circumstantial accessibility. Community contributions allow for information to be updated in a timely manner, while built-in version control helps admins quickly repair sabotage.

This technology can easily be deployed to a closed-off environment for personal, group, or enterprise use. I know I could use one to organize my role play games, and my sister is after one to help with her writing. My goal for this month’s large project is to get both these wikis operational within our home network.

Wiki Planning

The first list of open source wiki software listed Wiki.js as supporting deployment on Docker. If my Rocky Linux 8 experience with ButtonMash has taught me anything, it’s that OCI containers are good for easy cleanup of botched installations, though challenges can arise when using Podman instead of Docker.

I spent a day studying Wiki.js off and on. My basic understanding is that you need three things for a wiki: the web server, the database, and the wiki software itself. I already understand a bit about the relationship between website and web server. Database vs. website is a similar relationship to website vs. browser. It is an independent process that serves data a website garnishes before presenting to a browser. It’s even possible for multiple websites to share a common database. While Wiki.js currently supports a few SQL (Structured Query Language) databases, PostgreSQL is the only database they will support in future versions.

Sparing a thought for my photo trunk project, I believe a wiki has potential for distribution once we learn more about how to use one. ButtonMash is configured to use the scanner though on its Debian install and not the Rocky 8 one, so I’ll need a different machine to host. GoldenOakLibry comes to mind as its primary function is to host and serve files.

My First Operable Prototype Wiki

GoldenOakLibry is a Network Attached Storage (NAS) by Synology running a custom version of Linux called Disk Station Manager. I found MediaWiki, the wiki software powering Wikipedia.org, in its package manager and chose the easy route. I did not know what I was doing for the most part – just that I was glad I re-enabled the old Vaultwarden container to store new passwords I made as I passed through Password Purgatory: database, wiki root, wiki admin (a user), database user – and then I had to make names for them all before I understood what each one did or how many more were needed.

There was a slight snag when the wiki wanted the database password and I wanted a new one, but someone blissfully using the same password for everything wouldn’t have noticed. A less tech savvy individual wouldn’t have thought to try looking for where to copy the wiki’s configuration file via command line. Once I figured that out though, I landed on a fresh wiki.

The snag that caught me was the mission-critical “What You See is What You Get” editor. Whenever I tried saving changes I made with it, it returned “[<RANDOM HEX NUMBER>] Caught exception of type Error.” A help topic on MediaWiki.org [1] reported fixing his wiki by installing a package called php7-zlib. This package is not in the Synology-approved repository, and I found no other package managers I’m familiar with when I connected over SSH. That’s… understandable, I suppose. The product is aimed at homes and small business too small for dedicated IT, after all.

An Alternative MediaWiki Host

A couple weeks ago, I had the misfortune of breaking one of the hooks securing the bezel around my laptop’s screen. Without it, I have to be extremely careful opening and closing the lid. I’m in the market for a new laptop, but in the meantime, the machine’s mind as it were is intact and I can’t use it for computing just anywhere anymore.

I learned a lot on my first successful prototype wiki. Database-website distinction and multi-site databases come to mind as relevant to my use-case. I’m imagining a system where I run each website in an OCI container with Podman on my laptop, then they go to a database on GoldenOakLibry for content.

…Podman isn’t in the Debian 10 repositories. There is a way to install it that involves a lot of hububaloo, but https://pkgs.org/ says it is on Debian 11, and I’ve had the computer upgrade bug as of late. My recent experience upgrading Mint primed me to locate a tutorial and upgrade to Debian 10. The process was the same (Timeshift, shift repositories, upgrade), just a bit less automated [2]. I took the opportunity to clean up after a failed project or two that involved repositories, but I think I ran into issues with Lutris’s repository GPG key (it updated later so I’m not sure). I’m leaving it for now.

The packages podman, cockpit, and cockpit-podman went on easily. Getting a static IP for the laptop was another story. Its official position within the house is under the TV, out of range of any free Ethernet cables we have laying about. After a few hours trying to understand how its Wi-Fi is even connected, I chose to move it next to ButtonMash and configure a static IP that way.

I started and enabled Cockpit with systemctl. It complained without a proper config file, but a browser on another computer made it to laptop’s Cockpit login screen. I told ButtonMash to link Cockpits, and it gave me a command I’ve been looking for for years.

ssh-keyscan -t ecdsa-sha2-nistp256 localhost | ssh-keygen -lf -

Admittedly, this only hints at a formula, but I saved it to a special directory on GoldenOakLibry anyway.

My Second Operable Prototype Wiki

With a more malleable host than GoldenOakLibry that wasn’t ButtonMash, I scrapped what I could of my first setup and started over. MediaWiki lists four packages as dependencies, and I removed three of them that related directly to serving web pages. MariaDB 10 stayed because I know for sure that it is compatible.

Unlike my experience with Rocky Linux 8, Podman on Debian 11 did not come with any unqualified registries configured, so I was getting fast searches with no results when pulling an image in Cockpit. I took a break for Sabbath, even though I felt I could keep the progress coming. When I got back, I about immediately found a tutorial that recommended a couple Red Hat container registries to add in addition to docker.io [3]. I spotted registry.centos.org in ButtonMash’s registries.conf; with the warnings in the file headers about who you trust, I removed it over the slim chance it gets compromised in the future. Worst case scenerio: I have to re-add it later.

Acquiring docker.io’s official image was easy next to telling MariaDB to let it in. I spent around seven hours inching through assorted tutorials tangential to setting up MediaWiki in a Podman container with [important keywords here:] remote access to a MariaDB database on a Synology device. It was slow, I could have written a post about just this paragraph, but I learned enough to understand the provided instructions (key tutorial: [4]). I braved Vim to write a needed config file and learned about MySQL database CLI client to make a pseudo-root account. And of course this was after locking things down to the static IP addresses I set up earlier.

Once MediaWiki was happy with its access to MariaDB, setup was similar to my first time, though I paid a little closer attention this time around and included all the editors, the mistake that send me on this side quest in the first place. The containerized setup will still come in handy, so it was not all for nothing. As a final, problematic sendoff, MediaWiki’s setup file, LocalSettings.php, remembers the port number it was installed to: future wiki installation attempts will happen in the containers they’re meant to run in, not some baseline I’ll be keeping around.

It was cause for celebration when I made the first edit and it stuck.

Project Notes

Given the right circumstances, I would have to say it’s possible for about anyone to bumble his or her way into a working self-hosted wiki on a Synology NAS, as I sort of did. Don’t get me wrong: even this is not an impatient beginner’s project! This week I learned that databases stand alongside websites, not inside them – a very important distinction for a sysadmin to know.

I’ve seen the Cockpit functionality to switch hosts since first installing Rocky 8 on ButtonMash. It was a pleasant surprise to find it worked over SSH and had a ready command for generating SSH host key fingerprints. DSM sadly does not have that functionality.

My opinion of Synology’s DSM began strong after a slow start, but it’s been fading. Stray one command outside their intended use case and it has DON’T TOUCH THAT! signs waiting everywhere. It’s still production grade, and that I can respect. I just won’t be asking for a similar system in the future.

The database password was extremely difficult to get right. No errors were ever thrown when entering 100+ character jibberish from Bitwarden, but 79 appears to be the maximum MySQL can swallow.

Takeaway

My progress this project does not represent a production-ready environment. I fully expect to have to tweak things before I have each wiki sequestered to its own user while still running happily. Website administration will be a whole other matter to conquer, but that is an exercise for another week.

Final Question

What kind of information might you organize with a wiki?

Works Cited

[1] Winel10, “Caught exception of type Error when saving changes in VisualEditor,”MediaWiki.org, Feb. 4, 2019 and June 8, 2022. [Online]. Available: https://www.mediawiki.org/wiki/Topic:Uuk96xjvh0ukaci2. [Accessed June 27, 2022].

[2] AM, “How to upgrade to Debian 11 from Debian 10,” AtechTown.com, 2022. [Online]. Available: https://www.atechtown.com/upgrade-debian-10-to-debian-11/. [Accessed June 27, 2022].

[3] J. Arthur, “How to Install Podman on Debian 11,” LinOxide.com, Sept. 20, 2021. [Online]. Available: https://linoxide.com/install-podman-on-debian/. [Accessed June 27, 2022].

[4] TechNotes “How to run Mariadb in Docker and Connect Remotely,”YouTube.com, Dec. 15, 2020. [Online]. Available: https://youtu.be/OabTOPOU2RU. [Accessed June 27, 2022].

Posted on

I Upgraded Linux Mint Two Whole Versions

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

Linux Mint is known for being one of the easiest distributions to use when switching from Windows, so that’s why I chose it when I assembled a desktop for my father. The only catch –or so I heard– was that you’re basically stuck reinstalling every time you need to upgrade. Or are you?

Clues here and there hint otherwise. Long story short, I found a few guides. The gist of them is generally to update/upgrade packages, backup, then system upgrade. The Mint 18.x repositories are shut down, but the underlying Ubuntu ones still work. I went on to backup the home directory, then use a recommended utility called Timeshift to create another time-consuming backup.

I tried following one to upgrade to Mint 20, but 18.3 insisted on Mint 19 and 19 on 19.3. The jump to 20 was a lot longer, requiring the sudo password multiple times along the way. A couple days later, after things were starting to settle, I spotted Mint 20.3, and struggled upgrading to that trying to follow the same principals as before. Turns out there are multiple ways to upgrade, and not all of them work for each upgrade. The Linux Mint User Guide has a page linking to blog posts about each step in the upgrade path from Mint 17 to present [1].

Takeaway

I doubt I would trust someone who only knows how to update/upgrade/install packages unless he was up to failure/frustration/learning cycles. On the other hand, that is why using a utility like Timeshift is important.

My recommendation for Mint users who haven’t learned the command line is to back up their home directory and restore it after a clean install.

Final Question

Do you schedule backups for your computer systems?

I look forward hearing your answers on in the comments below or on my Discord server.

Work Cited

[1] Linux Mint Revision 52875d62, “Docs >> Upgrades,” The Linux Mint User Guide, 2020, [Online]. Available: https://linuxmint-user-guide.readthedocs.io/en/latest/upgrade.html. [Accessed June 19, 2022].

Posted on

I Broke My 3D Printer Making a Gift

Good morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

The Game Quilt

My mother is made a quilt for a kid who will be spending his summer in the hospital this year recovering from a painful procedure. An accompanying game board has Chess/Checkers quilted onto one side and Tic-Tac-Toe on the other. The idea of paper Chess pieces glued inside some bottle caps grossed me out. I demanded to make something a bit nicer. I browsed the available Chess sets on Thingiverse and settled on a short “travel” set [1].

The Black Army

My printer started the week loaded with black filament, so I printed the black army first. I scaled the pieces up to 150% to match the board and made the bases solid to lower pieces’ center of mass. I tested these changes with a queen and the result needed a larger crown topper that wasn’t so sharp and fragile-looking.

With those changes in place, I started printing, but pieces kept peeling/detatching, resulting in some… spectacular failures that often involved massive misalignments. I made it through four usable batches of two pawns each, but a couple were damaged during removal (my sister and I had similar ideas involving channel locks on batches 3 and 4, respectively).

I printed a bishop, knight, rook triplet and the 10% infill I had been using did not support their flat tops. The bishop was usable, but a little warped on the base. Nevertheless, all three had performed decently, so I bumped it up to 15% infill and tried printing the back row pieces minus knights. Print failure after print failure. Small brims curled on the first layer, even with a high temperature first layer trick I tried.

Finally, I programmed some brims so big they would touch, I also tried wiping the bed with some acetone. Another print failure, but this time only because it stopped extruding after a beautiful, no-curl first layer. I took the printhead out and cleared out a clog, only for it to clog at least one more time. Eventually, I traced the source of the crud not from my spool of filament, but to the e-step motor assembly and even fashioned some tools out of my failed prints to navigate the tight quarters in the mechanism to clean it out. The next print came out nicely.

I knew from the beginning I wouldn’t be happy playing with K’s for knights. Where most of the pieces were just the heads of a more traditional set those knights – YUCK! I appreciate the need for a simpler geometry for small prints, but K is for king in Chess notation where N is for knight. I found my way around Thingiverse to a decent knight designed to be printed without supports [2]. It was a slight adventure putting its head onto a base like the other pieces, but a doable challenge nonetheless. I printed two up to complete the army.

Filament Change and the White Army

I stayed up late to get the knights off as soon as possible and get the white army printing so they would be done before my writeup (an estimated 14 hour printjob). I should have slept on it. Mistake 1: using the firmware’s unload feature; the plastic overheated and stretched off inside the printhead, denying the cleaning filament admittance. Mistake 2: disassembling the printhead while it was on, in a shadow – I snapped two fan blades in successive attempts to engage with a bolt. Within ten minutes, I had found a replacement set of fan blades [3] and quadruple checked the counter clockwise variation was the file I needed. I printed it, enduring the much louder fan as it choked out one last print.

In the morning, my father advised we pass on gluing the original blades back on in the hopes of printing a better set of replacement blades. I clipped the remaining blades and used the fan itself to sand the nubs smooth. My father glued the blades on and we had to squish the fan’s housing to correct for Mistake 3: clipping one of the fan’s three spokes. I printed a Benchy tugboat to satisfactory results.

After all that drama, the white army came out usable with one knight warping a little and one pawn nicked during removal. I plan on adding a couple extra queens in each color because I know from experience that they make for more exciting endgames.

Takeaway

Don’t work on machines while tired, or in the dark. The fix I found is only a patch job until I can buy an upgraded replacement. It’s not as balanced as one made to factory standards, but it is good enough for decent prints on a temporary basis.

Final Question

What self-inflicted accidental damage have you caused by a series of dumb mistakes?

I look forward hearing your answers on in the comments below or on my Discord server, where I sometimes share exclusive nuggets that didn’t fit into the main post.

Works Cited

[1] Raukk, “Travel #chess,” thingiverse.com, March 22, 2012. [Online]. Available: https://www.thingiverse.com/thing:19754/comments. [Accessed June 13, 2022].

[2] Zarlor, “OpenSCAD Chess Simple Printing,” thingiverse.com, Jan. 26, 2019. [Online]. Available: https://www.thingiverse.com/thing:3381939/files. [Accessed June 13, 2022].

[3] CreativeTools, “Cooling fan replacement blades,”thingiverse.com, Nov. 19, 2013. [Online]. Available:https://www.thingiverse.com/thing:186979. [Accessed June 13, 2022].

Posted on

I Switched My Operations to Caddy Web Server

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am rebuilding my home server, Button Mash, from the operating system up. Let’s get started!

Caddy Over Nginx

I spent well over a month obsessing over Nginx, so why would I start over now? As far as I am concerned, Caddy is the piece of software for my use case. While I am sure Nginx is great at what it does, I keep slamming into its learning curve – especially with integrating Let’s Encrypt, a tool for automating SSL encryption (HTTPS/the green padlock). Caddy builds that functionality in while still doing everything I wanted Nginx for.

The official Caddy install instructions [1] for Fedora, Red Hat, and CentOS systems are as follows:

$ dnf install ‘dnf-command(copr)’
$ dnf copr enable @caddy/caddy
$ dnf install caddy

First of all, new command: copr. Background research time! COPR (Cool Other Package Repositories) is a Fedora project I feel comfortable comparing to the Arch User Repository (AUR) or Personal Package Archive (PPA): it lets users make their own software repositories.

Installation went smoothly. When I enabled the repository, I had to accept a GPG key that wasn’t mentioned in the instructions at all. From a user point of view, they appear to fill a similar purpose here to a SSH keys: special numbers use math to prove you are still you in case you get lost.

Caddy uses an HTML interface (a REST API – Don’t ask, I don’t understand myself) on the computer’s internal network known as loopback or localhost on port 2019. Caddy additionally serves everything over HTTPS by default. If it cannot convince Let’s Encrypt to give it a security certificate, it will sign one itself and tell the operating system to trust it. In other words, if I were not running ButtonMash headless (without a graphical interface), I’d be able to try connecting to localhost:2019 with a favorite browser, like at least one of the limited supply of Caddy tutorials did.

IP Range Transplant

I should have just done my experimentation on DerpyChips or something. Instead, I pressed on with trying to point a family-owned domain name at Button Mash. This side adventure sprouted into last week’s post. In short: ButtonMash’s static IP kept was in conflict with what my ISP-provided equipment kept trying to assign it, resulting in an estimated 50% downtime from a confused router. Upgrading to the next gateway may have allowed us to free up the IP range for the gaming router’s use, but it’s not out for our area yet. My father and I switched our network connections over to a “gaming router” we had laying about and enabled bridge mode on the gateway to supposedly disable its router part. I have my doubts about how it’s actually implemented.

Most of our computers gladly accepted the new IP range, but GoldenOakLibry and ButtonMash –having static IP’s– were holdouts. I temporarily reactivated a few lines of configuration on my laptop to set a static IP so I could talk with them directly and manually transfer them over to the new IP range, breaking NFS shares and Vaultwarden on them respectively.

In the confusion, ButtonMash lost its DNS settings; those were easy enough to fix by copying a config line to point those requests to the router. GoldenOakLibry took a bit longer to figure out because the NFS shares themselves had to accept traffic from the new IP range with settings buried deep within the web interface. Once that was sorted, I had to adjust the .mount files in or around /etc/systemd/system on several computers. Editing note: While trying to upload, I found I could not access GoldenOakLibry on at least a couple of my machines. Note 2: I had to change the DHCP settings to the new IP range on my Raspberry Pi reverse Wi-Fi router. Systemd on both goofed systems needed a “swift kick” to fix them.

sudo systemctl start <mount-path-with-hyphens>.mount

Repairs Incomplete

That left Vaultwarden. I was already in a it’s-broken:-fix-it-properly mentality from the modem/router spinoff project. I got as far as briefly forwarding the needed ports for an incompletely configured Caddy to respond with an error message before deciding I wanted to ensure Bitwarden was locked down tightly before exposing it to the Internet. That wasn’t happening without learning Caddy’s reverse proxy, as I put Vaultwarden exclusively onto a loopback port.

Speaking of loopback, I found the official Caddy tutorials lacking. They –like many others after them– never consider a pupil with a headless server. I have not yet figured out how to properly convince my other computers to trust Caddy’s self-signed certificates and open up the administration endpoint. That will come in another post. I did get it to serve stuff over HTTP by listing IP’s as http://<LAN address>, but Bitwarden/Vaultwarden won’t let me log in on plain HTTP, even over a trusted network and confine the annoying log to a file.

As far as I can tell, the administration API on port 2019 does not serve a normal web page. Despite my efforts, the most access I have gotten to it was for it to error out with “host not allowed.” I haven’t made total sense of it yet. I recognize some of the jargon being used, but its exact mechanics are beyond me for the time being.

Takeaway

Caddy is a powerful tool. The documentation is aesthetically presented and easy enough to understand if you aren’t skimming. But you will have a much better time teaching yourself when you aren’t trying to learn it over the network like I did.

Final Question

Do you know Caddy? I can tell I’m close, but I can’t know for sure if I’m there in terms of the HTTP API and just don’t recognize it yet. I look forward hearing from you in the comments below or on my Discord server.

Works Cited

[1] “Install,” Caddy Documentation. [Online], Available: https://caddyserver.com/docs/install. [Accessed: June 6, 2022].

Privacy Policy