The Great Wall

I’ve been working on improving the address mapper for some weeks now, which is probably the most thorougly maintained ‘10 lines of python code would have done the job’ project I ever had. It’s real fun working in OCaml, and after I got over the Oasis frustration — I guess what I want it to do an what it is designed to do are orthogonal things — by writing a simple Makefile, it just works. Also, the build image helps a lot, if only to remember my future self how to set up the development environment.

When I just thought that things would get boring, I was contacted by a friend who’s currently visiting China for a prolonged vacation. He said that he lost his phone and needed some help in accessing the internet (you know, the part that is not comformant to CPC’s world view). Time to roll up my sleeves and fight for free speech!

The first thing was to upload some APK files that are hard to get in the People’s Republic. While feeling guilty both for hosting someone elses binaries and for visiting dodgy download sites, it (probably) serves a good cause. The more interesting part came afterwards: setting up a VPN. Of course, you can go out and register an account somewhere, but this costs money, you don’t really know whether it’s safe and it might be blocked off by the Great Firewall. What does the fearless admin do in this case? Exactly — roll your own.

Which was surprisingly easy, thanks to the work of Pieter Lange. After not more than one hour, we had the first OpenVPN listening on a public address, and after a couple of minutes more my friend was all set up with a public IP in Frankfurt (Main). The only downside: I think I’m reaching peak app on this server — running all the kubernetes services, the apps, the VPN etc. is makes it hit its very own Great Wall and I ran into problems with kubelet and docker. At least the mail server probably deserves its own pod.

[...]


Blog Moved to BlogitWeb

After trying a couple of different approaches to deploy my old wordpress blog in the new k8s environment, I finally decided to abandon PHP altogether. There are too many components involved - I don’t want to install yet another web server (that just forwards CGI), a FastCGI backend service and a MySQL database. That’s why I decided to try something new.

Having elixir on my list for quite some time now, this might be a good moment to actually start using it for something cool. I discovered the blogging engine BlogitWeb, which looks promising to say the least. My first experiments are looking good, and the only things to deploy are a Phoenix server and a git daemon (which I wanted to have anyway).

I’ll start hacking up some deployment templates for this. If this does not change my opinion - and I don’t think so, blogging in markdown is awesome - I’ll move my old posts to the new repo.

[...]


Kuberize All The Things

Quite some time has passed since I rented my first vServer (running Debian Squeeze), and over the years I dist-upgraded twice and accumulated lots of baggage. There are custom init scripts (nowadays systemd units), executables whose purpose I can’t remember and several databases (I guess at least MySQL, Redis and etcd). There are backup directories of my wife, which hold dear pictures and videos of our daughter. My web stack is a confusing combination of lighttpd, a letsencrypt cron job, wild php-cgi appearances and some obscure python scripts using http.server. I tried accessing my blog a couple of days ago and was greeted by a nice 503 error message. This was the point where I knew I need to change something.

Over the last weeks, I started to change my primary email address for many accounts to my self-hosted mail address. That makes my email address look fancy, and I’m quite positive that my correspondence is not scanned for marketing purposes. On the other hand, this opens up a lot of problems in terms of reliability. If I’m on vacation for two weeks and postfix goes down (or mysql, or some other component), emails start bouncing and make me look unprofessional. The same goes for my web presence, which has admittedly not that many visitors, but nonetheless should be up if someone stumbles across a link.

Since I’m getting better at kubernetes by the day - it’s part of my day job, and I had some spare time projects using it - it makes a lot of sense to build on that. The hope is to have a nice yaml file repository where I can see at a glance how my web services are set up. Moving postfix and friends is almost done - there’s a backup mail server on Vultr (warlock.burgerdev.de) which passes all tests I have found so far.

The hard part will probably be the web server. I could either use a similar approach as I do now, having nginx servers relay PHP to some deployment , but I’m in the mood to move away from PHP once and for all. An interesting project would be switching to Elixir/Phoenix, but since my family usually frowns upon me spending too much weekends on the PC, I might as well use ikiwiki for the blog. But having Perl in the backend makes me more than a bit uncomfortable.

[...]


Walk like an egyptian

After quite some struggle, I finally got my OCaml env set up how I wanted it. I cursed at Atom, Merlin, Opam and pretty much any tool that could not hide quick enough, until I finally realised I just forgot to install the package highlighted as “unbound”. Now, with my hello world TLS client running, I am pretty amazed at the package management. Time for some planning.

I decided that a nice project would be to revamp my postfix address mapping server. That server maps an incoming email’s recipient address to the address that should be looked up in the database. Sounds simple enough — currently it’s just a python regex that removes dots, underscores, #suffixes — but it could use some features. For example, I’d like to be able to specify the applied maps without restarting the server, and adding temporary aliases on demand would also be nice. While I’m at it, I’d also like to get rid of MySQL in the process, but this strongly depends on the flexibility of dovecot. In the long run, I’d love to try out etcd, but there’s no OCaml native client available, and writing one will be difficult because ocaml-protoc does not support proto3 syntax yet.

So what is the mapping server going to look like? I imagine a specification of transformation/validation chains serialised as S-expressions, which would make them swappable at runtime. It also needs a bit of protocol implementation (request types and return codes specified by postfix) and socket handling. These two should be easy enough to figure out, but complex enough to give me some further insights into the OCaml world.

[...]