Starting to containerize some stuff that I originally migrated to a VM. My linkblog, for a start. I need a generic Linux environment that’s fairly beefy; libc, not musl. Ideally I’d bake all this into a reusable container but I’m rolling it by hand for now. Here’s my notes.
Container creation
- Create a unprivileged container with hostname “blogs”
- Add root password, my SSH key
- Use the Ubuntu 22.04 (or latest) template. Ubuntu so I can get deadsnakes for Python versions. I’d like latest Ubuntu but can’t because Playwright (the screenshot library I need for the app) only supports LTS releases.
- 16GB of disk, 4 CPU cores, 16GB of RAM, 1GB of swap. Or more, these are all soft limits so it may be better to set these higher
- Default networking but enable DHCP instead of static.
- Consider adding access to vmbr1 for the NFS server.
- Edit the container options to make it start on boot
Linux configuration
- Start the container, launch a console, log in as root with password
apt update; apt upgrade
apt install joe sudo curl avahi-daemon git zip unzip rsync webp sqlite3
locale-gen en_US.UTF-8
- Install tailscale
curl -fsSL https://tailscale.com/install.sh | sh
- Shut down container
- On the Proxmox hypervisor server, modify
/etc/pve/lxc/???.conf
to give access to tailscale in the container - Start the container
- Log in on console again
tailscale up
, approve the URL to join the machine. Consider disabling tailscale key expiry in the web console.- Use ordinary ssh client to log in as
root@
ts.net
tailnet name.
(not sure avahi-daemon is working here, I can’t use the .local
DNS name I am expecting. I tend to use Tailscale to connect to things anyway.)
Linkblog configuration
Specific to my application, but some generic notes here also about creating a prod environment for anything.
User setup
- As root, make a user for the project.
adduser linkblog; adduser linkblog sudo
; - Log in as
linkblog
@ with password ssh linkblog@localhost
, to create the~/.ssh
directory.- create
~linkblog/.ssh/authorized_keys
Linux configuration
sudo apt install python-is-python3 python3.10-pip
App configuration
mkdir ~/prod
cd ~/prod
rsync -a nelson@sf.somebits.com:~nelson/somebits/linkblog/prod/ .
rm -r venv
python3 -m venv venv; source venv/bin/activate; python3 -m pip install -U setuptools pip wheel
pip install -r requirements.txt
sudo venv/bin/playwright install-deps
shot-scraper install
Testing and running for real
./update.sh -f
cd site-generated; /usr/bin/python3 -m http.server 9191
- Test HTML load in web browser
- Push site manually and accept ssh host key.
./update.sh -f -p
- Install crontab entry to run
update.sh
for user linkblog
Feed2toot for @somebitslinks@tech.lgbt
Separate cron job to update a Mastodon account from the RSS feed. Does not depend on any of the linkblog code, just the RSS feed.
- As user linkblog…
mkdir ~/mastodon; cd ~/mastodon
python3 -m venv venv; source venv/bin/activate; python3 -m pip install -U setuptools pip wheel
pip install feed2toot
- copy over the install from the old system. This gets credentials, config, and state.
rsync -av --exclude=venv nelson@example.com:~/src/mastodon/linkblog-toot/ .
- run a quick test, should show posting nothing if there are no new stories
feed2toot -n --debug -c feed2toot.ini
- Install crontab entry to run
go.sh
for user linkblog
TODO
- Package linkblog as a proper Python package so deployment is better
- Write linkblog code to manage crontab (or at least emit the line)
- Write linkblog code to run test server