all repos — site @ 5261a32bfabc512dbbd4d969a0ecba19dac07213

source for my site, found at icyphox.sh

pages/txt/pi.txt (view raw)

 1   04 June, 2020
 2
 3Migrating to the RPi
 4
 5Raspberry Pi shenanigans, and other things
 6
 7   I'd ordered the Raspberry Pi 4B (the 4GB variant), sometime early this
 8   year, thinking I'd get to self-hosting everything on it as soon as it
 9   arrived. As things turn out, it ended up sitting in its box up until
10   two weeks ago -- it took me that long to order an SD card for it. No, I
11   didn't have one. Anyway, from there began quite the wild ride.
12
13flashing the SD card
14
15   You'd think this would be easy right? Just plug it into your laptop's
16   SD card reader (or microSD), and flash it like you would a USB drive.
17   Well, nope. Of the three laptops at home one doesn't have an SD card
18   reader, mine -- running OpenBSD -- didn't detect it, and my brother's
19   -- running Void -- didn't detect it either.
20
21   Then it hit me: my phone (my brother's, actually), has an SD card slot
22   that actually works. Perhaps I can use the phone to flash the image?
23   Took a bit of DDG'ing (ducking?), but we eventually figured out that
24   the block-device for the SD on the phone was /dev/mmcblk1. Writing to
25   it was just the usual dd invocation.
26
27got NAT'd
28
29   After the initial setup, I was eager to move my services off the
30   Digital Ocean VPS, to the RPi. I set up the SSH port forward through my
31   router config, as a test. Turns out my ISP has me NAT'd. The entirety
32   of my apartment is serviced by these fellas, and they have us all under
33   a CG-NAT. Fantastic.
34
35   Evading this means I either lease a public IP from the ISP, or I
36   continue using my VPS, and port forward traffic from it via a tunnel. I
37   went with option two since it gives me something to do.
38
39NAT evasion
40
41   This was fairly simple to setup with Wireguard and iptables. I don't
42   really want to get into detail here, since it's been documented aplenty
43   online, but in essence you put your VPS and the Pi on the same network,
44   and forward traffic hitting your internet facing interface (eth0) to
45   the VPN's (wg0). Fairly simple stuff.
46
47setting up Mastodon on the Pi
48
49   Mastodon was kind of annoying to get working. My initial plan was to
50   port forward only a few selected ports, have Mastodon exposed on the Pi
51   at some port via nginx, and then front that nginx via the VPS. So
52   basically: Mastodon (localhost on Pi) <-> nginx (on Pi) <-> nginx (on
53   VPS, via Wireguard). I hope that made sense.
54
55   Anyway, this setup would require having Mastodon run on HTTP, since
56   I'll be HTTPS'ing at the VPS. If you think about it, it's kinda like
57   what Cloudflare does. But, Mastodon doesn't like running on HTTP. It
58   just wasn't working. So I went all in and decided to forward all
59   ^80/[443] traffic and serve everything off the Pi.
60
61   Getting back to Mastodon -- the initial few hiccups aside, I was able
62   to get it running at toot.icyphox.sh. However, as a seeker of
63   aesthetics, I wanted my handle to be @icyphox.sh. Turns out, this can
64   be achieved fairly easily.
65
66   Add a new WEB_DOMAIN variable to your .env.production file, found in
67   your Mastodon root dir. Set WEB_DOMAIN to your desired domain, and
68   LOCAL_DOMAIN to the, well, undesired one. In my case:
69WEB_DOMAIN=icyphox.sh
70LOCAL_DOMAIN=toot.icyphox.sh
71
72   Funnily enough, the [1]official documentation for this says the exact
73   opposite, which...doesn't work.
74
75   I don't really understand, but whatever it works and now my Mastodon is
76   @[2]x@icyphox.sh. I'm not complaining. Send mail if you know what's
77   going on here.
78
79   And oh, here's the protective case [3]nerd fashioned out of cardboard.
80
81   raspberry pi case
82
83References
84
85   1. https://github.com/tootsuite/documentation/blob/archive/Running-Mastodon/Serving_a_different_domain.md
86   2. https://toot.icyphox.sh/@x
87   3. https://peppe.rs/