It derived from my thread yesterday about writing filters instead of trying to manipulate complex data in YAML. https://t.co/bSueXRjcPT
@mrled
I wrote "An Ansible filter is a pure function"
https://t.co/3yP7GCjmEG
@mrled
(Later update) this reminded me of another filter I wrote: https://t.co/k910fCBkzn
@mrled
... and that Ansible filter reminded me of an older filter I wrote, to generate idempotent UUIDs within a namespace. 🧵 https://t.co/k910fCBkzn
@mrled
But I feel bad whenever I look at it lol. Writing my own filter just did not occur to me. If I ever touch that code again, I think I could replace it with a filter in just a single line of Python (plus Ansible boilerplate), and it would be more clear.
@mrled
I will admit to having written a truly horrible set of tasks to update a dictionary variable in Ansible that relied only on set_fact, +, and the first party combine() filter. It works, and we actually rely on it as (a very small part of) the system to encrypt our disks at work 😬
@mrled
After all, a filter is a device which takes some input, and applies a change to it. Which is also how you could describe a general purpose function, actually! A filter plugin is a way to expose pure functions as tasks in Ansible.
@mrled
It feels like the obvious choice now that I've realized it, but at first, I had only used filter plugins for the basic, built-in stuff, and it didn't occur to me to think of them abstractly.
@mrled
I am finding myself reaching for filter plugins whenever I have some data in Ansible that I need to manipulate, and I find myself thinking "ugh, I really wish I could just embed some Python in this role to do what I need".
@mrled
This way, the UUIDs were the same every time, as long as my VPN hostname and client name didn't change. I could run the Ansible playbook as many times as I wanted without the UUIDs changing - which would have generated a new mobileconfig file that I would have had to redeploy.
@mrled
Since namespaces are just UUIDs, https://t.co/5YAP2KuWjj now has its own namespace. I used this to define a namespace of UUIDs for my VPN's hostname that had a UUID for each client, which itself was a namespace for UUIDs of each UUID type I needed in the mobileconfig.
@mrled
In fact, each namespace is just a UUID. So you can define a namespace for https://t.co/5YAP2KuWjj by applying the UUID algorithm with https://t.co/5YAP2KuWjj as the name parameter, and the DNS namespace as the namespace parameter. The result is a new UUID.
@mrled
The RFC defines some existing namespaces, such as the DNS namespace and the URL namespace. These namespaces have their own standard UUIDs.
@mrled
It uses the Python standard library's implementation of RFC4122 name-based UUIDs. The work was basically already done! I just had a few lines of code to actually implement it.
@mrled
I wrote a name based UUID filter plugin for Ansible to accomplish this. It can generate UUIDs based on a name and a namespace, where the same name/namespace will always result in the same UUID.
https://t.co/di4kYTTmEk
@mrled
In upstream Algo, the UUIDs are just regenerated every time, because the whole infrastructure (including the VPN server) id intended to be thrown away periodically. I wanted something idempotent, where I got the same result no matter how many times I re-ran the Ansible playbook.
@mrled
... but I wanted something that was more set and forget, that I didn't have to keep re-deploying to all my endpoint devices.
Those endpoints include iOS and macOS devices. Deploying a VPN to Apple devices like these uses a mobileconfig file. The mobileconfig file uses UUIDs.
@mrled
The one I made last year was for a (now deprecated) fork of @AlgoVPN I maintained for personal use.
Upstream Algo is intended to be rebuild periodically, incorporating disposable infrastructure to improve security posture. I see the value in this...
@mrled
The most recent filter plugin I made helped me configure Syncthing in Ansible: https://t.co/w2UdsTp2L0
@mrled
My last thread reminded me of another filter plugin I made last year, to generate idempotent UUIDs within a namespace.
Built an Ansible role to configure @syncthing on my home server, and also an Ansible filter to merge lists of dictionaries based on unique keys so I can add/change devices: https://t.co/LDFIb9A21K
@mrled
Oh, I meant to say this explicitly earlier, but @syncthing is an open source project. It's free to use, with no storage or device limits, and no bullshit tactics to support upsells or increase "engagement". It really is a breath of fresh air.
@mrled
... yikes, automatically x3, where is your editor.
@mrled
And it works really well! It automatically authorized my laptop and my desktop, and configured Syncthing on my server to automatically accept new folder shares from them. Now my data is automatically replicated in three places.
@mrled
I wrote a filter plugin that merges two objects based on a the unique "deviceID" property to manage this.
(This was much better than my initial attempt, which was a horrible unreadable mess to try to do it in the tasks YAML file directly.)
https://t.co/WtbCNcNLrq
@mrled
I wanted to authorize devices automatically over the API. The devices are in a "connections" property in a JSON object, and the value of that key is a list containing one object per device. Each device object has a unique "deviceID" property.
@mrled
I also wrote an Ansible filter plugin for use in my Syncthing role. Syncthing exposes an HTTP API that allows GET or POST of an entire configuration. To make a change to just one part of the configuration, you have to GET, update the result, then POST the updated config.
@mrled
(I should probably talk about my psyops repo at some point, but for a tiny bit of context right now, it's the repo I use to deploy personal services. It keeps track of encrypted secrets, and also all my custom code for deploying what I run, like Syncthing.)
@mrled
Anyway, I wrote an Ansible playbook for configuring it on the Raspberry Pi I use as my server at home. See the role here: https://t.co/k72QfD8Mo2
@mrled
(It's true that there are discovery servers already running on the Internet already, but they are only used for allowing peer discovery when both machines are behind firewalls - and they only exchange public key data, which is tautologically public. They're also optional.)
@_StevenFan
SneakerNet 2.0 https://t.co/x7yyvFaOVR
@mrled
You can use it without configuring any servers, and without giving control of your data to a third party (unlike the file sync heavyweights like Dropbox, iCloud, etc).
It's also just a really cool design. Your devices authorize to each other via public keys (shown to you as either long text strings or a QR code). When both devices know each other, they can sync files. It can get more customizable if you want, but it doesn't have to.
@mrled
I was turned onto it by this post. It really highlights just how much bullshit there is in the modern scale-focused software industry. Syncthing is a relief! https://t.co/x21mbEwUGJ
@mrled
I just found @syncthing and I'm really liking it so far. It's a really cool peer to peer syncing system, implemented so that your data is only ever on your own devices, and it's encrypted when transferring between them.
@ThePatanoiac
Good news friends: beginning next Wednesday, my comparative tarot newsletter will be live. It will feature short explorations of artistic decisions across numerous decks, as well as the presence of tarot in the real:
https://t.co/VXFtHvCxQd
@mrled
I would not call causing data loss a "project I am working on", but I did write about it: https://t.co/aq8FfzL508
@mrled
But most importantly, you can link to a particular key now! So I can show some of my thinking on why I put the ctrl key where I did, for example: https://t.co/Z539N8GgpS
@mrled
Worked on this more over the weekend!
Added a few mobile improvements. It's not as nice as I'd like, but it's more serviceable than it was before.
https://t.co/SdjFSktm2m
@mrled
keyblay: show my keyboard layout, focusing on why rather than what. My keyboard has helped my RSI a lot, but it was hard to decide to actually buy it.
Demo (alpha): https://t.co/SdjFSktm2m
Project page: https://t.co/kDQb3jlQjc
🧵: https://t.co/IFpDztj9oW
@mrled
Adding two SFPs to a UniFi switch I have to give me two more Ethernet ports: https://t.co/2kbsRyCTIw
@mrled
Making my keyboards prettier ✨: https://t.co/l71YGlPRbz
@mrled
FOURGANG: a home cluster project. ARM SBCs, building a backboard, powering them, soldering, dremeling, network booting, clustering. Very incomplete.
Project page: https://t.co/mKDQ9ffYls
🧵: https://t.co/1v4m0Hr5vK
@mrled
🧵: projects I'm working on
@mrled
I think it's important though because while nobody is going to use an ErgoDox with a phone, that is probably where they're going to do most of their pre-purchase research. It's an important part of making the information I want to share accessible.
@mrled
Mobile is the biggest concern I have, though. I'm sure someone could do it beautifully, but I don't know how to myself (yet?). CSS still confuses and frightens me lol
@mrled
Adding a URL fragment to each key is part of that - I want to be able to link to (and have others link to) specific keys for discussion and sharing.