Paul's page

Hacker, tech-entrepreneur

Caddy plugins on NixOS

Caddy is a very handy HTTP server with lots of built-in features. But every once in a while you need something more. Fortunately Caddy has a plugin API. But Caddy being written in Go, the plugins need to be added at compile-time. On NixOS, there are no plugins added by default, and there are a couple of things to note when adding them.

Generic "must" helper for Go

Go error handling can be a bit verbose. There are a lot of places where errors are unlikely or where they are so critical that a panic is preferred. Because of this there are lots of Must* -helpers in various packages. E.g. regexp.MustCompile.

Docker Multiarch Builds

Like many other developers, I have to work with computers with different processor architectures. For me it’s amd64 (x86_64) on the laptop and arm64 (aarch64) on the server. For some it may be the other way around. Fortunately I mostly write Go, which makes cross-compilation quite easy. Docker adds some extra steps, but is very nice for deploying software.

Deploy Hugo to NixOS on Push to Gitea

There are several ways to automate blog publishing from git push. This one is mine. Mostly notes for future self. I use Gitea, Hugo, Caddy and NixOS.

WebAuthn & Base64 encoding

I recently ran into a problem that seems to be present in a wide range of WebAuthn tutorials, but I don’t know where it originated.

SSH PKI on top of Web PKI

Reading Future Internet PKI schemes need to be bootstrapped through web PKI I was reminded by all the problems I’ve had with SSH (Secure SHell) PKI (Public Key Infrastructure). SSH host verification is trust-on-first-use (TOFU). So SSH is protected from man-in-the-middle (MITM) attacks unless the first connection falls prey to the attack.

Molly Guard for Ansible

The Jargon File defines Molly Guard as: A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer’s toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you’ll see the much less interesting description “guarded button”.

Menu-driven Matrix Bot Interaction

I’m a huge fan of Matrix. A lot of the user value of modern chat platforms like Slack, Matrix and Discord (even IRC) comes from integrations to other services via bots. I had high hopes for MSC3006: Bot Interactions, but unfortunately it isn’t currently being pushed further. However, there exists an implementation of MSC3381: Polls.

Selectively running single role in Ansible

While I’ve been switching from Ansible to Nix lately, I still use Ansible and have written a fair share of Ansible YAML. A common trick I’ve used is to only run a specific Ansible role instead of the whole playbook. That can be achieved by using tags, but usually I haven’t tagged everything before I have the need.

Shorter wrapped error handling in Go

With Go 1.13 error wrapping was standardised with an interface in the standard library. When properly handling errors, you end up dealing with it a lot. The blog post suggests the following: var e *QueryError if errors.As(err, &e) { // err is a *QueryError, and e is set to the error's value }