https://nidomiro.de/categories/infrastructure/Recent content in Infrastructure on nidomiroHugoenFri, 14 Mar 2025 10:43:41 +0100https://nidomiro.de/article/more-secure-dind-in-gitlab-ci/Thu, 31 Dec 2020 12:00:00 +0000https://nidomiro.de/article/more-secure-dind-in-gitlab-ci/<p>If you are reading this article you probably already know how to use DinD (DockerInDocker) in GitLab CI. The default way is to set <code>privileged=true</code> in your Runner-config.</p> <p>This little flag makes everything work; but at the cost of security. There are many articles regarding this topic, eg. <a href="https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html">this one</a>. The baseline is, if you run a container privileged, and the container uses the root-user inside, you can lose the whole server.</p>https://nidomiro.de/code/more-secure-deployments-via-ssh/Fri, 21 Aug 2020 12:00:00 +0000https://nidomiro.de/code/more-secure-deployments-via-ssh/<p>If we deploy an application automatically we have to grant the CI (Continuous Integration) access to the server. Common practice is to do that via a GitLab Runner or an ssh account on the server.</p> <p>Personally I would not recommend using a GitLab Runner for deployments, because you have to maintain it. Another potential issue is, that you normally register runners for your whole GitLab instance or groups. That results in a scenario in which everyone can use that runner and accidentally (or not) destroy, for example, your production server. To avoid that you have to register the GitLab Runner in the Project it belongs to only. But even then your production server can be misused as a build worker and therefore create performance issues.</p>https://nidomiro.de/article/server-config-from-git/Wed, 15 Jul 2020 12:00:00 +0000https://nidomiro.de/article/server-config-from-git/<h1 id="intro">Intro</h1> <p>During my work as a programmer I often encountered that configuration and infrastructure files only lived on the servers they belog to. If they had a copy in git, the states would always divert over time. One reason for this diverting is that you actively have to put the changed files in git, after you finished your work. It’s simply a thing you can forget.</p> <p>What do I mean by &ldquo;infrastructure files&rdquo;? For me infrastructure files are files, that you need to configure the server itself, e.g. nginx-config, docker-compose.yml, &hellip; .</p>https://nidomiro.de/article/switching-to-hugo/Wed, 17 Jun 2020 12:00:00 +0200https://nidomiro.de/article/switching-to-hugo/<p>If you see this post, my WordPress blog is gone.</p> <p>My Blog now uses <a href="https://gohugo.io/">Hugo</a>. I really like formats like <a href="https://en.wikipedia.org/wiki/Markdown">Markdown</a> and <a href="https://de.wikipedia.org/wiki/AsciiDoc">AsciiDoc</a>. These formats are expressive, and you can edit them with every editor <em>you</em> want and don&rsquo;t need expensive licenses, like for Word or similar. Another advantage is that you define what should happen by writing and not by clicking a button and hoping the program does what you intended to do.</p>https://nidomiro.de/2018/04/install-cmake-3-11-1-on-ubuntu/Tue, 17 Apr 2018 20:00:00 +0200https://nidomiro.de/2018/04/install-cmake-3-11-1-on-ubuntu/<p>Sometimes you just want a newer version than ubuntu ships. This code will update cmake to version 3.11.1 or any other version you want.</p>https://nidomiro.de/2018/04/automatic-virtualbox-module-signing-for-uefi/Tue, 17 Apr 2018 19:49:00 +0200https://nidomiro.de/2018/04/automatic-virtualbox-module-signing-for-uefi/<p>These steps are for all those people who hate to sign the Virtualbox modules every time and don’t want to disable UEFI.</p>https://nidomiro.de/2016/12/ubuntu-automatic-password-for-second-encrypted-disk/Thu, 15 Dec 2016 21:23:00 +0200https://nidomiro.de/2016/12/ubuntu-automatic-password-for-second-encrypted-disk/<p>I just encountered the problem that I have to type two passwords at startup, for two encrypted disks. My first disk is encrypted through the Ubuntu installer. After some searching I found the perfect solution for that task. In german, it&rsquo;s called <a href="https://wiki.ubuntuusers.de/LUKS/Schl%C3%BCsselableitung/#Bestehendes-LUKS-Geraet">&ldquo;Schlüsselableitung&rdquo;</a>, in English derived keys. But perfect solutions often have a big issue why they don’t work, like here. I’m using Ubuntu 16.04 which uses ´systemd´, and that has problems with derived keys. So I found the second most perfect solution for me, using a key-file. Some people argue that this is a security issue, but the derived key is also obtainable with root rights, just like a key-file. And by the way, your private keys of your certificates are also stored on that disks and nearly nobody complains about that.</p>https://nidomiro.de/2016/09/en-how-to-work-on-your-projects-on-multiple-devices/Tue, 27 Sep 2016 22:26:00 +0200https://nidomiro.de/2016/09/en-how-to-work-on-your-projects-on-multiple-devices/<p>In the beginning of my programming-life I’ve never thought of synchronization of my projects as an issue. Back at the time I only had a Computer standing in my room. Then I got a Laptop from the company I worked for back at the time. Still, synchronization was not an issue by now because I kept private and work separate. But the whole journey began when I started studying, and I bought myself a Laptop. In the beginning I used a USB-drive to copy my workspace on, after I finished on one device, and copied it to the other machine then. It was simply ugly&hellip; After a few weeks I had hundreds of different versions, because I worked a bit on the Laptop, forgot to copy it to my Pc but wanted to save the possible progress I made.</p>