Drone.IO is a CI/CD platform that uses Docker Containers for each pipeline step. This makes it easy to use existing Docker containers as steps in your pipeline. You can go futher and create special containers that are designed to be used as steps in your pipeline that accept arguments from the pipeline to run pre-defined tasks. These plugins can be re-used in Gitea Actions to be able to run the same tasks in Gitea Actions as you would in Drone....

In an effort to create an easy-to-manage VM environment that I can use on the go, even with spotty internet, I decided to try running Proxmox on my Apple Silicon MacBook Air. I could use Parallels or VMware Fusion, but I instead chose Proxmox to support open-source software. Should the need arise to run production-level workloads, I can always purchase a Proxmox license and deploy it on a dedicated server. The challenging part was that Proxmox doesn’t distribute itself for arm64/aarch64, so I needed to find a way how to do that....

One of the great things about Gitea, is that it comes with a built-in Docker registry. This means that you don’t need to be reliant on Docker Hub (or its rate-limits) to host your docker images, or any other OCI compliant image for that matter. In this post, I’ll go over how I migrated some of my docker images from the Docker Hub to my own self-hosted registry in Gitea. I won’t go over the setup of the package registry in Gitea itself, as it’s enabled by default, and I’d rather focus on the migration of images itself....

As an addendum to my previous post on giving yourself an IPv6 address using wireguard, I wanted to show how, if you are lucky enough to have a IPv4 range before the “great IPv4 exhaustion”, you can assign those addresses to clients using wireguard. Several consumer, prosumer, and enterprise cloud hosts, allow you to advertise your IP range for your cloud servers. Some of these providers are OVH, Vultr, and Equinix Metal, but like last time, I suggest you look into OVH due to their predictable costs around bandwidth, as well you don’t need to configure a BGP connection with them which makes setup much less work....

After many years of asking, my Internet Service Provider (ISP) still doesn’t support IPv6; the same goes for many other ISPs. This is a problem for many reasons, the first being the exhaustion of IPv4 addresses, leading some ISPs to implement “Carrier-Grade NAT” (CGN), where many customers share the same address—the second being that it is getting more and more expensive for small websites to have their own dedicated IPv4 addresses, including cloud providers instituting a cost to have an address....

In my ever-ending quest to do things that are probably not the best idea that aren’t a part of a usual use-case, I wanted to see if I could run a docker daemon on Fly.io. Even though you can think of Fly.io as a “container”-service hosting platform, it’s actually using Firecracker micro-VMs to run your service. They (“transmogrify”)[https://fly.io/blog/docker-without-docker/] Docker images into the micro-VMs they run. This means, it’s much easier to run a docker daemon, as you don’t need to worry about the implications of running the docker daemon inside of a docker container....

Namespace.so is a service that provides ephemeral instances (Linux, and macOS) for you to use, primarily used for CI/CD workflows. Similar to Fly.io, it’s another way to not have to manage servers. I’m currently using it to run some of my CI/CD workflows, but I want to play around with it in other ways. One, would to potentially make it a run-on-demand nixpkgs builder, similar to how I have with Fly....

Now that we are able to synch TLS certs and the Caddy configuration across various points-of-prescense, we now need to ensure that Caddy will only request certificates for approved names. As we are doing this for Gitea Pages, we won’t know what the domain names are in advanced and will have to create a validation service to handle this. This approach can also be abstracted to any SaaS that provides the ability for customers to bring their own domain....

In the previous post we discussed how to provision, and keep TLS certs in synch across multiple Caddy instances. In this post we will look at how to dynamically create and distribute Caddy configuration to multiple nodes using Hashicorp’s Nomad. Similar to other orchestrations tools such as Kubernetes, Nomad allows you to schedule and run containers, and non-containerized applications, across many servers with a standardized configuration. Using nomad, we can manage multiple servers, in many datacentres, to create those Points of Presence (PoPs) for our CDN we discussed in our previous post....