SFTP server with isolated users
SFTP is an old protocol that still sees a lot of usage, for a good reason, it is very secure. Let’s take a look at how to configure SSHD to support multiple isolated SFTP users, using Ansible.
PostgreSQL rotate password
Quick recipe for how to rotate password in PostgreSQL without downtime. PostgreSQL roles can be created as members of another role, giving them the potential to inherit their privileges, assuming the INHERIT attribute is set (the default).
Counters with PostgreSQL and Django
Almost all web apps will need counters. Let’s take a look at how to create counters that are accurate and have good performance. Perhaps you want to count the number of related objects per object, such as total number of comments per article. Or perhaps you want to count the total number of things in a system, such as total number of users. In either case, there are certain things that must be taken into consideration, to avoid slowing down performance, and to ensure correctness.
Docker builder pattern
When talking about Docker, the typical case is that the resulting build artifact of the project is a Docker image that will be pushed to a Docker registry and subsequently run on some production server. That’s not what this blog post is about. Docker can be used very effectively in a project, to create isolated build environments, even if the result of the project has nothing to do with Docker or containers.
Django settings package
When starting a new Django project, you get a settings.py file with some initial basic settings in it. This is rarely complex enough for real world projects. Lets take a look at how to improve the settings management in Django. There is no claim that the examples here will fit perfectly for your specific project. However, this provides a framework for dealing with Django settings, and it is based on several years of real world experience in large Django projects.
Samba 4 on FreeBSD with ZFS and NFSv4 ACLs
Configuring Samba has never been one of my favourite things. This is just a quick recipe setting up Samba on FreeBSD with a dedicated ZFS filesystem that uses ACLs. It is set up for a single user, where the user gets full control over all files. It can be adapted to support more users by using groups, and configuring permissions / ACLs for that. It is written for FreeBSD 11 and Samba 4.
FreeBSD Iocage Primer
Jails is a very stable and mature feature in FreeBSD. However, the standard interface for jails is slightly too cumbersome for my taste. The Iocage project provides a higher level interface for administrating jails. Currently, the project is in a bit of flux, the original (now legacy) version was written in shell script. The new version is written in python. The new version is not available as a binary package, it’s only available from ports, under the name sysutils/py3-iocage, and requires Python 3.
SuperMicro X11SSM Assembly
The main purpose of this server build is to be a NAS. To host a bunch of storage, and related network services such as Samba. Similar to FreeNAS, but based on a regular FreeBSD install. But I also wanted to be able to do a bit more, such as experiment with different applications, and run multiple virtual development servers, and maybe even run some heavier things like a public game server.
PC Engines APU2C4 Assembly
So, I decided I need want a new router. Partly because the support ended for my current Netgear router, and because I always wanted a good reason to run some BSD so I could learn more about it and networking in general. I researched a bunch of boards with Intel Atom / Celeron CPU’s at first. But finally decided on a PC Engines apu2c4, for some not too shabby reasons: