Install d.rymcg.tech

Install dependencies

Run this on the Raspberry Pi
sudo apt-get update && \
sudo apt-get install -y bash build-essential gettext \
     git openssl apache2-utils xdg-utils jq sshfs \
     wireguard curl inotify-tools w3m && \
( cd $(mktemp -d) && wget -O step-cli.deb \
  https://dl.smallstep.com/cli/docs-cli-install/latest/step-cli_$(dpkg --print-architecture).deb && \
  sudo dpkg -i step-cli.deb && rm -f step-cli.deb )

Clone the git repository

Run this on the Raspberry Pi
git clone https://github.com/EnigmaCurry/d.rymcg.tech.git \
    ${HOME}/git/vendor/enigmacurry/d.rymcg.tech

cd ${HOME}/git/vendor/enigmacurry/d.rymcg.tech

Configure Bash shell integration

Configure the pi user’s ~/.bashrc file:

Run this on the Raspberry Pi
cat <<'EOF' >> ~/.bashrc
export EDITOR=nano

## d.rymcg.tech cli tool:
export PATH=${PATH}:${HOME}/git/vendor/enigmacurry/d.rymcg.tech/_scripts/user
eval "$(d.rymcg.tech completion bash)"
__d.rymcg.tech_cli_alias d

## Add d.rymcg.tech alias for each Docker context:
__d.rymcg.tech_context_alias pi
__d.rymcg.tech_context_alias sentry

EOF
Tip

Set EDITOR to your preferred console text editor.

Once finished, logout of the Pi and log back in.

Now you should have a new alias named d that controls the d.rymcg.tech toolset. Check out the main help screen:

Run this on the Raspberry Pi
d
(stdout)
## Main d.rymcg.tech sub-commands - Optional arguments are printed in brackets [OPTIONAL_ARG]
cd [SUBDIR]                   Enter a sub-shell and go to the ROOT_DIR directory (or given subdirectory)
make [PROJECT] [ARGS ...]     Run a `make` command for the given d.rymcg.tech project name
context                       View or set the current Docker context
new-context                   Create a new Docker context
tmp-context                   Use a temporary Docker context in a sub-shell
config                        Configure the current Docker context
ssh [COMMAND ...]             Run command or shell on active docker context SSH host
completion                    Setup TAB completion in your shell
install                       Install an app interactively
install-docker                Install Docker Engine on the host
status                        Show status of all installed services
audit                         Print security audit of running containers

## Documentation sub-commands:
help                          Show this help screen
list                          List available d.rymcg.tech projects
                              (not including external projects, unless you symlink them into ROOT_DIR)
readme                        Open the main d.rymcg.tech README.md in your browser
readme [PROJECT]              Open the README.md for the given project name
readme digitalocean           Open root documentation file: DIGITALOCEAN.md
readme security               Open root documentation file: SECURITY.md
readme aws                    Open root documentation file: AWS.md
readme license                Open root documentation file: LICENSE.txt
readme raspberry_pi           Open root documentation file: RASPBERRY_PI.md
readme makefile_ops           Open root documentation file: MAKEFILE_OPS.md

There are two additional aliases created for each of the Docker contexts:

  • pi
  • sentry

These aliases can be used to directly interact with that particular context without requiring the use of setting the context first (e.g., d context use is unnecessary). These aliases will be used throughout this book.

You can see how they each of the aliases are constructed:

Run this on the Raspberry Pi
alias d
alias pi
alias sentry
(stdout)
alias d='D_RYMCG_TECH_CLI_ALIAS=d d.rymcg.tech '
alias pi='D_RYMCG_TECH_CONTEXT_ALIAS=pi d.rymcg.tech tmp-context pi d.rymcg.tech'
alias sentry='D_RYMCG_TECH_CONTEXT_ALIAS=sentry d.rymcg.tech tmp-context sentry d.rymcg.tech'

Full tab completion is supported for all of the aliases.

Run the main config

Run this on the Raspberry Pi
pi config

Follow the interactive prompts to finish configuration

Install script-wizard

(stdout)
This utility can automatically install a required helper tool called script-wizard.
See https://github.com/enigmacurry/script-wizard

Do you wish to automatically install script-wizard into `_scripts/script-wizard`? (Y/n): y

script-wizard is required dependency that can be downloaded and installed automatically. script-wizard makes interactive input and selection wizards in Bash a lot nicer.

Acknowledge the detected Docker context

(stdout)
? This will make a configuration for the current docker context (pi). Proceed? (Y/n)  y

Choose the root domain name for this server

(stdout)
ROOT_DOMAIN: Enter the root domain for this context (e.g., d.example.com)

: pi.example.com

Instead of pi.example.com you should type the actual domain name (or subdomain name) that you want to use as the root domain for all of your services on this server.

For example, if you entered example.com, you will later install apps (e.g., whoami) with subdomains like whoami.example.com. Choosing a deeper subdomain has the benefit of being able to share a single root domain name amongst several Docker instances, therefore with the example of pi.example.com the service would be deployed like whoami.pi.example.com, and a second Docker instance could use pi2.example.com, with services like whoami.pi2.example.com.

Choose to save generated passwords.json files by default

(stdout)
Every time you configure HTTP Basic Authentication, you are asked if you wish to save the cleartext passwords
into passwords.json (in each project directory). If you were to press Enter without answering the question,
the default answer is No (displayed as y/N). You may change the default response to Yes (displayed as Y/n).
? Do you want to save cleartext passwords in passwords.json by default? (y/N)  y

This question is in regards to the integrated HTTP Basic Auth setting, which allows you to store the plain text credentials in the file named passwords.json in the various project directories. This is a convenience feature, but you may not want it. It’s not really a security concern, because the same password is also availalbe in the .env file for the project anyway, so go ahead and enable it.