End of Summer 2023
Just before this summer I laid out my roadmap for, well, the summer. Here is a quick retrospective. Weird order, because it is somewhat chronological. This post does not offer background for the project, so the previous post is a prerequisite reading.
Project 2: my take on universal headers
During SYCL 2023 I was told that Johny Marler expressed explicit interest in the project. I have much higher hopes in him than myself — at which point I decided to shelve universal-headers. Non-ironically, I am no longer working on compiling lots of C++ code, so this area has less ROI than it did back in the day at Uber.
Project 1: city limits
Showing any spatial result requires a map in the background (e.g. OpenStreetMap tiles). In the spirit of protomaps, I looked into how to host the base layers myself. That was quite a rabbit hole, turns out, designed to misguide the non-initiated.
Since online maps are PNG squares with a bit of JavaScript for download and display, I wanted to “keep things simple” and serve the files with a simple web server which also hosts my blog. To do it, I pre-generated many tiles from the OpenStreetMap data. Turns out, this results in 5 million files to cover Lithuania:
Generating 5 million tiles takes at least a day on my small server. To generate tiles one still needs the usual suspects — PostGIS and more dependencies. Pre-generating Lithuania does not really save on “simplicity”, so I decided to look for another approach.
How about serving them on the fly? This is how most of the world does it, should be straightforward. The usual OpenStreetMap stack consists of:
- PostGIS with all the data, and the tools to keep it up to date.
- mapnik, a map renderer library written in C++.
renderd
: a daemon that renders map tiles. Uses mapnik.mod_tile
: An Apache module that connects torenderd
and spits the tiles out in HTTP.
I have no interest in maintaining Apache for just the base maps, so mod_tile
would need to be replaced. go_tile
is a good candidate. During my
earlier pre-generation phases I found that image/webp
are about half the size
of PNG. I could not resist looking into image/webp
, so now mod_tile
can
now render image/webp
and go_tile
can use it.
At this point I realized my personal stack is unfit for this project: if I put out something for the world to see, I want it to keep working for years. Serving the base tiles is just part of the problem, but already includes many more moving parts than I would like to maintain on my crumbling servers. So I shelved the “city boundaries” and devoted my attention to “personal infrastructure”.
Project 3a: home lab “infrastructure”
At the beginning of Summer I had been running two Debian servers waiting for an upgrade. They have been configured by two thousand lines of Ansible YAMLs, which was painful. Painful enough, so I wrote my own DNS and HTTP servers just to avoid configuration with yaml.
In an unrelated conversation with my ex-colleague and good friend Ken Micklas, he suggested taking a more serious look into NixOS. It immediately clicked, and, as a result, I spent most of the screen time dabbing at Nix and migrating my servers. Time will tell if it was a great long-term decision, but it looks pretty good now.
As of writing, I have the following on a small Odroid H2+ computer in my closet:
- This web server (jakstys.lt).
- Syncthing to synchronize documents, photos and podcasts between my laptop, phone and server.
- My code hosting instance, which is also a “single sign-on” provider. I authenticate to Headscale, Grafana and Gitea using it. I still have separate passwords for IRC and Matrix. IRC has no SSO for being IRC, and for Matrix it’s “on the roadmap” for a while now.
- Home VPN for all my devices.
- Prometheus + Grafana, accessible only via the personal VPN.
- IRC bouncer, so I can visit
#zig
on libera.chat. - Matrix server, so I can still visit NixOS channels. Blog post about my declining usage of Matrix is coming soon.
- Automatic updates with automatic rollbacks when upgrades fail.
- DNS server. Here is the zone config and the server config. This allows me to not use the “free” DNS providers (I have used one before, but had to move after a day-long outage). Having my own DNS server allows me to have letsencrypt certificates with DNS verification.
- All on an encrypted root file system in ZFS, with nightly backups to rsync.net. The encrypted file system allowed me the liberty to add private data on the server: family photos, chat histories, later — host a password manager for my family.
DNS server is a reason why I run another server. The second server is an AArch64 virtual machine in Hetzner for €3.98/month which serves two purposes:
- The DNS server.
- Remote unlocking of the home machine’s root partition. The servers keep trying to ping and unlock each other in case either of them reboots (hopefully not both at the same time).
Project 3b: home and vacation
Originally I planned to take some time off and do all those projects. But after a couple of weeks it turned out that I am unfit for such schedule. Day ends and I do not feel like I have achieved more than I would normally have if I were employed. So at mid-August I started actively interviewing. It is ongoing now; I expect to have a job again sooner than I originally thought.
I will keep you posted! Next — Matrix.