Self-hosted Weekly #11

it’s still the weekend, right? It was a lazy sofa sunday spent mostly on automation research (Ansible and Foreman) and time ran away before sending out the newsletter. But since I had planned this issue as a “special command line edition” and non cli links are adding up as well I thought “lets finish this issue, before the next weekend arrives!”

Like already written, this issue will focus on handy cli tools and tools that help you navigate your server. Both aspects that are not directly self-hosted related, but skills that tremendously help avieving the state of self-hosting.

Sampler. Visualization for any shell command.

A few issues back I had the topic of self-hosted start pages, but these kind of portals are not restricted to the browser. Sampler is a tool to present the output of locally running commands (like weather, docker status, etc) in your terminal window.

Using VS Code/Codium as your main terminal/ssh client

Anthony has published a nice blog titled Visual Studio Code is now my Default SSH Client and Linux file Editor! outlining how he uses Visual Studio Code to interact with his linux boxes. My workflow is actually quite similar: I am using my Chromebook or my work laptop to connect to connect to headless linux boxes where I my actual data is stored. Being able to use the code command within the VS Code terminal is also convinient as it easily spins up additional editor tabs or windows for more serious in-depth text editing, than vi & co allow for.

Migrating from Docker to Podman

There is a lot of uncertainty around Docker (as a company) and one alternative for running containers is Podman. In the blog Migrating from Docker to Podman a full scenario is explained for moving containers to it. For me personally docker-compose is an invaluable tool and while Podman can be an serious alternative for Docker, podman-compose is not as far, yet.

Docker Swarm is here to stay

Speaking of uncertainty around Docker. One of the components that were on the edge after the aquisition of the Docker Enterprise business was Docker Swarm. Swarm can be an alternative for small scale deployments, wher Kubernetes would add too much overhead. Luckily Mirantis, the company buying the Enterprise business off Docker Inc. and itelf an advocate for Kubernetes, has now changed it’s course and has fully commited to Swarm. Read more at Mirantis will continue to support and develop Docker Swarm.

Introduction to testing Ansible roles with Molecule leveraging Docker inside Docker and Goss.

In his blog Gred is outlining how to use Molecule and Goss to develop and test Ansible roles locally.

Easy management of local git checkouts

myrepos is kind of an old-school tool already, but can be valuable if you are regulary starting over with your workstation or simply follow a lot of git repositories. mr can parralise checking out repos, adding remotes and pulling in changes.

In addition to this github2mr is an interesting add-on to easily pull your existing repositories from Github.

Buy maybe I’ll (ab-)use Ansible for that in the future?

Collection of small utilities

sysadmin-util is a collection that has been around for years as well already, some files last touched seven years ago. Some of its tools I use one a regular bases, like when-up that executes a command once a remote target responds. Definitely worth having a look at.

Create local mirrors for apt repositories

Having control over your environment is one of the key motivators for going self-hosted. aptly is a handy tool to pull in external repositories, take snapshots of their state and then publish them back to the local network.

Tools for easy container registry interaction

(apt) package repositories are not the only way to retrieve applications nowadays. In addition to this container registries hold many of the pieces required to run ones infrastructure. reg is a nice and small tool to not only explore a given registry, but can also be used to generate a HTML representation of your own registry.

And while its always more secure to build your own containers (for audition purposes) at some times you may want to reuse an existing container image, but store it locally. This is (among other things) easily possible with skopeo.

The manual way to the above would be to pull an image, re-tag and then publush it to the local registry. So this is definitely something that can be made easier.

Use Tmux to preserve & resume remote connections

This is maybe also something that not everyone is totally aware of, yet. The usage of terminal multiplexers (screen in the past, nowadays mostly tmux) can help in resuming remote connections in case a connection is lost.

In the blog Autostart Tmux Session On Remote System When Logging In Via SSH the author shows how to automatically start and resume a session in tmux upon logging into a remote system.

But similar to rome. there more than one way to achieve this. I am using the following snippet in my sshrc script when connecting to other systems:

	# -S Share a socket in a fixed directory so that sessions for me are retained and reused
	local TMUX_COMMAND="/usr/bin/tmux -S $TMUXDIR/tmuxserver"

	if $TMUX_COMMAND has-session; then
		SSHHOME=$TMUXDIR SHELL=$TMUXDIR/bashsshrc exec $TMUX_COMMAND attach $@
	else
		SSHHOME=$TMUXDIR SHELL=$TMUXDIR/bashsshrc exec $TMUX_COMMAND $@
	fi

The one main difference here is that sshrc copies the bashrc file to the remote host on connection, hence it will always be there, even when you connect for the first time. But as it seems the original repo, formerly located at https://github.com/Russell91/sshrc does not seem to exist anymore.

Managing Kanban boards on the cli

There is hardly anything that cannot be done on the command line. Even kanban board can be managed through it. What is particularly interesting in taskell is that it acutally stores it’s data in markdown files, which makes it easy to version control it through git.

Secure remote backup storage with Restic

Restic is my backup program of choice for a few years already. It runs on your local system and is capable of connecting to a remote instance, which could again be restic, rclone or a S3 compatible storage. For the latter I am making use of Minio together with a little help from restic-tools.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems

And last, but not least my most recent discovery. Lynix can be used as a local scanner to discover potentially insecure configuration of a given system.

Updates

  • Commander v2.0 - Commander is a tool to test script execution. In it’s latest release it has received native support to test script within Docker containers for local isolation.

I am always looking for new projects to try out! Just send an email to selfhosted-newsletter@9wd.eu.

I hope you have enjoyed this issue. If this newsletter was useful to you please recommend it to colleges or tell them to subscribe to it via RSS.

Have a nice weekend rest of the week! Felix