Stefan's Blog

[l] How I run Certbot (as non-root and automated)

I have previously noted that I get all my TLS certificates from Let’s Encrypt, but since my usage of the client deviates quite a bit from the standard, I figured I should take a few minutes to describe my setup.

Read more...

[l] Donation to Let’s Encrypt

When you visit this blog, the connection will be encrypted and thus tamper-proof thanks to a free TLS certificate from Let’s Encrypt. They’re currently running a crowdfunding campaign to fund their operational costs. Since I use their service extensively, I gave 50 dollars. If you, too, like the idea of a more secure and privacy-respecting web, please consider giving generously, too.

[l] Argh-P-M! – Dissecting the RPM file format

As the first actual content on my new blog, let me tell you the story of how I went absolutely crazy.

On my private systems, I ship configuration as system packages. Every distribution has their own tooling and process for building these packages, but I eventually grew tired of the ceremony involved in it, and wrote my own system package compiler. Since I’m using Arch Linux everywhere, the first version generated only Pacman packages, but I was determined to make it truly cross-distribution. The first step was support for Debian packages, which I implemented in a mere two evenings (one for understanding the format, one for writing the generator).

Next to dpkg, the other widely deployed package format is RPM, so I set out to add support for RPM as well. If I could write the Debian generator in two days, then surely RPM support wouldn’t take that long, either. Little did I know that I was embarking on a multi-month endeavor (including multiple week-long breaks to restore my sanity). To add insult to injury, I stubbornly refused to add dependencies and use existing tooling (i.e., the rpm-build(1) command). I wanted to serialize the format directly from my own code, like I did for Pacman and Debian packages.

Read more...

[l] Blog Update: RSS

While I was at it, I added an RSS feed and changed the timestamps on an article’s page to reflect the git-log of the source file.

[l] Hello World

I had known for a long time that I need a new blog. I had one years ago in the cloud (it’s still live), but I definitely wanted something self-hosted this time. I had a brief look at static website generators, and quickly decided that (as usual) I want a custom-tailored solution.

The first iteration is an nginx serving static files rendered by a tiny Go program. Content comes from a GitHub repo and is pulled every few minutes. Good enough for a first shot. I might change the cronjob to be triggered by a GitHub webhook later on, but only if the delay until the next cronjob run annoys me enough.