From 1eef47728d1a46639a7f92c83428189bc584ee54 Mon Sep 17 00:00:00 2001 From: Adrian Cochrane Date: Sat, 11 Feb 2023 13:50:07 +1300 Subject: [PATCH] Blog about deploying project services! --- _posts/2023-02-11-services.md | 49 +++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 _posts/2023-02-11-services.md diff --git a/_posts/2023-02-11-services.md b/_posts/2023-02-11-services.md new file mode 100644 index 0000000..6691e3e --- /dev/null +++ b/_posts/2023-02-11-services.md @@ -0,0 +1,49 @@ +--- +layout: post +title: Project Services +author: Adrian Cochrane +date: 2023-02-11 13:49:22+1300 +--- + +In developing [Haphaestus](https://haphaestus.org/) the sites which gives me the most trouble to support are the [silos](https://youtube.com/) creatives feel expected to publish on. As such it is in my vested interest to question [the value of these silos](https://sr.ht/~benbusby/farside/), [leading me](https://alex.flounder.online/gemlog/2022-01-15.gmi) to [self-hosting](https://blog.sethcorker.com/why-i-host-my-blog-2022/) [our own codeforge](https://git.argonaut-constellation.org/). + +I'm renting a small [Debian](https://www.debian.org/) [Xen-supervised VM](https://xenproject.org/) from [Rimu Hosting](https://launchtimevps.com/) which I can feel free to share with other collaborators (though it does incur a small ongoing cost I'm minimizing). Upon which I'm running a [Maddy](https://maddy.email/) [email](https://www.rfc-editor.org/rfc/rfc2821) server, [Snikket](https://snikket.org/) [XMPP](https://xmpp.org/extensions/) server, & [SourceHut](https://sourcehut.org/) codeforge. [Spamboxes aside](https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html), its never been a better time to self-host your own communications! + +## WebServer +I've deployed a handful of sites, with their own domains, for each of [Rhapsode](https://rhapsode-web.org/) & [Haphaestus](https://haphaestus.org/) as well the overarching [Argonaut Constellation](https://argonaut-constellation.org/). These are statically hosted by [nginx](https://nginx.org/) (I personally like the config language) & secured by [Let's Encrypt](https://letsencrypt.org/) [Certbot](https://certbot.eff.org/), with more dynamic bits like this very blog generated via [Jekyll](https://jekyllrb.com/) before being uploaded. + +The idea is that the browsers would have their own sites to serve as a front-face, and link interested developers to the over-arching project. + +## Communications +Maddy is a new email server written in [Go](https://go.dev/) with, as much as possible (some [additional DNS configuration](https://maddy.email/tutorials/setting-up/#dns-records) required), excellent defaults. New accounts can be registered, & [IMAP](https://www.rfc-editor.org/rfc/rfc3501) inboxes assigned to them, with a couple of commandline programs. Once installed it pretty-much works out-of-the-box with your favourite email client! Even if I found [Thunderbird](https://www.thunderbird.net/en-US/) infers the wrong username... + +Snikket is a nontrivial [Docker](https://www.docker.com/)-packaging of the [Prosody](https://prosody.im/) XMPP server with a web-UI & "official" clients. Simply running the docker image & making sure any existing webserver (if any) are forwarding requests to it gives you a working standards-based invite-only chat server with videocalling! Some subdomains do need to be set up for it. + +I'm striving to embrace [long-established](https://staysaasy.com/engineering/2020/05/30/Picking-Your-Tech-Stack.html) [open standard](https://openstandards.nz/what-open-standard) [federated](https://indieweb.org/federation) communication channels. Ones that operate outside the browser in a [choice of native clients](https://xmpp.org/software/clients/), so I'm not tempted to get Haphaestus to support them. + +## Codeforge +I wanted a codeforge which would [take minimal effort](https://gomakethings.com/more-html-less-javascript/) for Haphaestus to render legibly. I wanted something I could easily fork to [explore new browser features](https://www.passkeys.com/) in. I wanted something invite-only which didn't require people to log-in to contribute. I wanted something [lightweight](https://forgeperf.org/) that could grow with my needs. SourceHut fits this bill! + +SourceHut is an [email](https://www.computerworld.com/article/3267698/why-email-is-the-best-social-network.html)-centric suite of software-project management webservices written in [Python](https://python.org/) [Flask](https://flask.palletsprojects.com/en/2.2.x/) & Go, including [OAuth](https://oauth.net/2/) single-signon, with a cleaned-up [CGit](https://git.zx2c4.com/cgit/about/) aesthetic. Under the hood these share the same [webframework abstractions](https://git.sr.ht/~sircmpwn/core.sr.ht), mostly to hook various modules up to a single [INI] config file. It uses practically no JavaScript, though the markup whilst semantic is very much from the pre-[CSS3 Grid](https://learncssgrid.com/) [Twitter Bootstrap](https://getbootstrap.com/2.0.2/) era. Not my codestyle, but could be much worse & ultimately just requires me to support [FlexBox](https://cssreference.io/flexbox/). + +I had some trouble installing SourceHut, my VM was too small to install from source, & until I upgraded to Debian Bullseye/Sid I couldn't use the official packages. I was surprised how effortless that upgrade was! At which point I could use said official SourceHut Apt repositories, at least until I fork my own variations. However these packages still requires a fair amount of configuration to hook the pieces together, & making sure permissions were set correctly frequently tripped me up. And not all of those misconfigurations were picked up until I actually tried to use these... + +To start I had to install the OAuth server "SourceHut Meta", though presumably other OAuth servers could've been made to work. This took the most extensive configuration setting [crypto](https://adrian.geek.nz/network_docs/crypto.html)-keys, branding, & desired registration flow (invite-only) whilst hooking up to eMail (via Maddy), [Redis](https://redis.io/), [Postgres](https://www.postgresql.org/), I skipped [S3](https://aws.amazon.com/s3/)-compatible, & [HTTP](https://httpwg.org/specs/) (via nginx) under a new subdomain. Whilst ensuring the seperate "[API](https://graphql.org/) server" was running successfuly, accessible to the HTML UI server. + +Once I had a way to authenticate into them I could deploy an [access-controlled](https://en.wikipedia.org/wiki/Access_control) git web UI & an [issue-tracker](https://en.wikipedia.org/wiki/Issue_tracking_system). Both of which needed OAuth credentials, a Postgres databases, & Redis for webhooks. Also the issue tracker can be hooked up to an emailserver so you can email its subdomain to open & comment on issues without signing up. Thankfully Maddy is a [capable enough emailserver](https://maddy.email/reference/targets/smtp/) that I could forward SourceHut Todo its mail! Interestingly SourceHut Todo issue trackers don't have to be associated with specific projects & public browsing can be disabled per-tracker. This can be very useful for e.g. security vulnerabilities reporting! + +Maybe someday I'll deploy a mailinglist server too... The other microservices SourceHut offers me to self-host don't look that important for now... + +## Code of Conduct +To help ensure a more diverse range of potential collaborators feels comfortable contributing to the Argonaut projects ensuring it works better across a broader range of cultures, I drafted a [code-of-conduct](https://argonaut-constellation.org/code-of-conduct) to be attached to any public forums like issue trackers. Since SourceHut supports [Markdown](https://www.markdownguide.org/) in its descriptions I can place this code-of-conduct where I personally feel it's more appropriate & clear. + +This code of conduct is based on [Django](https://www.djangoproject.com/conduct/)'s, an excellently-run project, lightly editted to refer to our projects, avoid inferring that we're larger than we currently are, avoid promising actions we cannot offer at this stage, & address some additional inclusivity concerns we noticed. + +I am aware that the real test will be when we have to, sooner-or-later, enforce our code-of-conduct. Hopefully by having an explicit one & a confidential issue tracker in place, it will be later! + +## Conclusion +I deployed my own communications server & codeforge so that the technology used to manage the Argonaut Constellation could [be used to test it](https://blog.airbrake.io/dogfooding-its-great-when-done-right). And (once forked) test proposed new features in HTML/CSS! Following long-established open standards the Maddy, Snikket, & SourceHut projects were perfect for this. + +I wanted to [challenge the notion](https://indieweb.org/) that all projects needed to be on the same service for the sake of discovery and ease of contribution. Because it is these sorts of silos which gives me the most trouble to support. Heck, it was never the case that all opensource projects were on a single service. Only a large minority of the projects powering your [GNU](https://savannah.gnu.org/)/[Linux](https://git.kernel.org/) terminal or [your](https://gitlab.gnome.org/explore/groups) [freedesktop](https://gitlab.freedesktop.org/explore/groups) operate on GitHub. + +I hope this new infrastructure can serve The Argonaut Constellation well, and grow with its needs! -- 2.30.2