This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

RKey Tech Blog

This is the blog section. It has two categories: News and Releases.

Files in these directories will be listed in reverse chronological order.

Welcome

Welcome

Welcome to:

RKey Tech

Here you will find the not as personal; thoughts and ramblings of RWK3y

Some of the blog entries here also link back to documents in the docs section as well.

News About RKey Tech

VPS Migration

Going to jail

Going to jail

Matching blog post to Going to jail @ RKey.Tech/Docs/

Getting thrown in jail

This was a fairly stressful venture as I did it while at my day job working as a medical receptionist (I’ve been unsuccessful so far, getting back into IT after being laid off). So this was done while answering phones, booking appointments, and checking clients out. Needless to say the stress level was a bit high for making a mistake there or here. But I’m addicted to IT and technology so I have to play 24/7/365 or I will probably just die of boredom.

I will create docs and post on how I setup the database jail and NextCloud© jail in future installments. My goal here was to just get things moved off a host instance and into jails and consolidate things a bit as I use Cox Communications at home for internet and they are notoriously slow on upload speeds, so that really slowed down my NextCloud service. The server at home is awesome having 72GB of ram and 8TB of mirrored ZFS disk. But all the power in the world does you no good if your internet provider throttles your upload to less than 6 Mbs. (That’s not a typo) Here is a word of advice; never run an OONI probe1 on your internet provider in case they hold grudges. All stories for another day. And with an 80G 128G NVMe, I think I’m good for a while as I mostly just use CalDAV and WebDAV services. My photos still reside on Google© for now. That will be another project to document in the future.

So far I pretty happy with Vultr©, my configuration thus far and the performance; yes I need to compress some images and convert to .webp and there are some tweaks I could make elsewhere I’m sure. But things are looking good so far.

I know everything below is in the docs section as well: But how else can I convey my excitement when I finished the migration and ……………………..

At this point I say “Hold onto your butts” and reboot the VPS instance.

Within about a second I browse to rkey.tech, rkey.online and nc.rkey.tech and all 3 sites were up and operational. I then ssh into the host ssh -p 5000 titania and then ssh into the jail ssh caddy and this all worked as well.

Then I jumped out of my char and screamed “Holy fucking Shit!!!” Yeah, I was surprised it worked. There were a lot of moving pieces and not shutting down before taring up a jail, hell using tar instead of bastille export for that matter. So many configs to make typos on. Yes I’m a happy camper :)


  1. Born in 2012, the Open Observatory of Network Interference (OONI) is a non-profit free software project that aims to empower decentralized efforts in documenting internet censorship around the world. ↩︎

Creating Vultr Instance

Creating Vultr Instance

Matching blog post to Creating Vultr Instance @ RKey.Tech/Docs/

Creating instance at Vultr & setting up DNS

I initially created a “High Frequency” instance running FreeBSD 13 with 32GB NVMe, 1 vCores, 1G ram and 1GB bandwidth For testing. But my testing quickly became live and so I upgraded to 2 vCores, 80GB NVMe, 2GB RAM and 3 GB bandwidth.

Before the upgrade, I migrated my test only domain bootstraps.tech over from Digital Ocean to Vultr. My domains are over at HostGator, so moving the domains simply meant that I created DNS entries for boostraps.tech, opekkt.tech and opekktar.online at Vultr and then point HostGator from DigitalOcean to Vultr. I use ProtonMail for my mail servers so I have to plug that into those DNS entries as well. One thing I see missing on many web sites is CAA entries. I always add CAA entries to my DNS configuration.

I use a Caddy server that auto-magically takes care of my SSL certs for me. I like lazy solutions that work.

When Vultr© sets up initial DNS entry you select the instance to point it to and then Vultr creates a wild card ‘*’ entry. I initially did not like this solution because,,,,,,,,Well I don’t know why, but I’m finding I like the solutions as it only requires I create a Caddy entry in my web server and then I’m done. Again the lazy solution thing.

Before changing the DNS pointers I need to migrate my Caddy© server at Digital Ocean (DO) over to Vultr.

At DO I had a mixed setup I had a Caddy server that ran on the host, not in a jail breaking all my own rules. Then I had another server running only jails, which consisted of a WIKI and a couple of Ghost blogs. Everything else was just files in a directory on the host running the Caddy server. So my initial migration was just from an instance on Digital Ocean to Vultr running at the host level. Since I deploy static web sites via rsync from my Archlabs Fedora workstation at home I simply added the new host to my script and deployed to both instances for rkey.tech and rkey.online

Of course prior to synching things over and with any new VPS I generally do two things first.

  1. I turn off password login in ssh. Since I keep my public ID at DO and Vultr© and Linode© for that matter. when I create a VPS the first thing I do is add a new user, then I rsync my keys over from root that the VPS provider added when I created the instance to my user account.

Note in the document section there is no slash on .ssh but there is at the end of user/ The is not necessary but a habit of mine. When syncing directories if you leave off the trailing / then the whole directory gets synced. Since my user does not have an .ssh directory yet I leave off the slash. The / at the end of user/ is more about habits in this particular case. It does not need to be there. But when you have backed up terabytes of data to a server and forgot the slash on either end, you tend to be fussy about such things.

  1. I make sure the new user can su to root. Linux is a mess sometimes adding to wheel works and sometimes there not even a wheel group so you have to add to sudoers and then modify the sudoers file via visudo generally Linux has some lame editor like Nano and I screw everything up using vi keys. So if I’m only doing things once I usually just vi the file. On BSD I just make sure the user belongs to wheel when creating the account and then I usually install doas, and configure /usr/local/etc/doas.conf honestly just for muscle memory I usually install opendoas on my Linux boxes as well. My doas.conf file is super freaking simple.

  2. After verifying that my user can ssh in. I turn off password authentication and root user login

Most VPS providers already have PasswordAuthentication no unless you do not have your keys on site or do not select to add during creation. Of course until you create a user and verify you can login you will most certainly find that PermitRootLogin is yes since the default is now no. You could just comment it out but I like the feel of an explicit statement in a config that affects security. It’s a mental thing for me.

My Caddy configuration on the host is just running a file server for now so the entries are very basic. Because I can not for the life of me figure out why the “Congo” theme does not follow basic Hugo rules for inserting images into markdown documents. I have a catch all entry for two things. One is a fake 404, which is just a redirect for funsies and gamesies and the other is a place to put my images in documents, which is actually a good thing now that I think of it because it saves drive space when I re-use images. Funny how problems become solutions.

Solved (I told you it would be stupid simple, I omitted the full path) For images there is a img directory under wtf that I just point my pages to. So instead of ![](titania.webp) which should work but does not; I have ![](https://titania.rkey.tech/img/titania.webp) If anyone knows why having the image in a Hugo bundle block does not work on Congo, please feel free to let me know. I’m sure it’s something stupid simple.

My other web sites are just directories named after the web site so rkey.tech for this site and r0bwk3y.com rkey.online for my personal site. So far it’s all just child’s play and pretty boring stuff even for the process of migrating VPS providers and sites over. I even made sure my deploy scripts deployed to DO and Vultr so when the DNS hit with the new site everything was in sync and up to date. For this migration process. I did not even have to shut down my monitors.

Later on when I migrated NextCloud from a home server to the cloud and even migrated my Caddy to a jail, things did not feel as much like child’s play. Nor did I do so without taking hits on my up-time monitor.

Yes, Yes, I know the status page says 100% as of today 8-March-22. But it was a migration and I should have paused the monitors anyway. So I feel justified in resetting the counters :)

Ghost Blog

Matching blog post to Setup Ghost Blog In FreeBSD Jail @ RKey.Tech/Docs/

So I was going to let my msrobota.online domain expire it would have been domain 3 of 5 I’m letting go, but I decided to have something that was not branded with myself or rkey.online to spew thoughts. Which I have a difficult time doing. I’m good at spewing thoughts, just not good at deciding to keep the incriminating evidence online for all to see. But this gives me an excuse to play with Ghost. So there is that.

Setup GitLab Repo

Setup GitLab Repo

Matching blog post for Setup GitLab Repo @ RKey.Tech/Docs/

I suppose having worked in the disaster recovery industry, I have developed the mind set that, hardware always fails, services always fail, power always fails, service providers always go down. Now eliminating all variables is impossible, unless the money, time, and knowledge is vast and endless. For me being unemployed, having what money I do make being garnished and not even having enough for the basics that most in this country enjoy. I am very limited on my options. I use rsync to a local NAS server in my apartment, then I mirror to another server with external drives I can unplug and take off site and I have two workstations that are identical kept that way via rsync as well. Of course for development work my primary repo is GitLab (Private) and then I mirror to GitHub (public) depending on files. Of course depending on where I start my project from this is sometimes reversed :)

Build RKey Tech

Build RKey Tech

Matching blog post to Build RKey Tech @ RKey.Tech/Docs/

I’ve only recently started building websites using markdown and processing through Hugo. So for a while I was trying out several different themes, trying to find the right fit. I liked Ananke theme and then tried Docsy, but found Docsy felt like a mess trying to setup. I finally discovered that simpler is better and have settle on my two favorite themes. Congo and Dimension. Because I mirror this site with another under my real name they are both using the Congo theme. I then build out pages for this site using Atom VSCodium and then while still in Atom VSCodium, just copy the page over to the other site and change the names to protect the guilty. I suppose if you were to look at the source code for the other site, you would discover this one. But honestly, until I change some fake 404 links under different domains, it’s a pretty obvious discovery anyway. It only takes looking at the shared personal productivity site. My personal site is using the Dimension theme and though it is a very cool theme. It seems that it would not work well for documenting things or rather for reading those documented things.

Update 05 September 2022

As you will notice I’m no longer using Congo or Dimension. Seems Docsy has grown on me a bit.

New Releases

Re-Released Again!

Here I go again, bouncing from Docsy to Congo to GeekDocs and now back to Docsy. The only decisive decision on this site is the decision to be indecisive.

I was really liking my GeekDoc themed site until is wasn’t anymore. The issues I had earlier with Docsy was just the learning curve. I really liked the simplicity of the old site, but decided to go a bit more flashy.

There is still much to do on the site and many of the documents that I have manged to put in place are crude and many are out of date, as I have not been documenting my changes like I should.

That is partly due to the fact that I should be studying for certs to get my unemployed ass working in IT again. But I also have a strong desire to fix my documentation mess.

I’ve decided to go ahead and post the site even though it’s crude and not even close to being finished or publishable or presentable. But it’s just a place for me to document my stuff, so the fact that it looks like scratch paper notes taken on a dirty napkin seems fairly appropriate actually.

The old site was never finished either actually was barely started, so there is that as well.