all repos — site @ 72812b762c6aba86db69fc05d6eda26bb7575aab

source for my site, found at icyphox.sh

pages/blog/pi.md (view raw)

 1---
 2template:
 3slug: pi
 4title: Migrating to the RPi
 5subtitle: Raspberry Pi shenanigans, and other things
 6date: 2020-06-04
 7---
 8
 9I'd ordered the Raspberry Pi 4B (the 4GB variant), sometime early
10this year, thinking I'd get to self-hosting everything on it as soon as
11it arrived. As things turn out, it ended up sitting in its box up until
12two weeks ago -- it took me _that_ long to order an SD card for it. No,
13I didn't have one. Anyway, from there began quite the wild ride.
14
15## flashing the SD card
16
17You'd think this would be easy right? Just plug it into your laptop's SD
18card reader (or microSD), and flash it like you would a USB drive. Well,
19nope. Of the three laptops at home one doesn't have an SD card reader,
20mine -- running OpenBSD -- didn't detect it, and my brother's -- running
21Void -- didn't detect it either. 
22 
23Then it hit me: my phone (my brother's, actually), has an SD card slot
24that actually works. Perhaps I can use the phone to flash the image?
25Took a bit of DDG'ing (ducking?), but we eventually figured out that the
26block-device for the SD on the phone was `/dev/mmcblk1`. Writing to it
27was just the usual `dd` invocation.
28
29## got NAT'd
30
31After the initial setup, I was eager to move my services off the Digital
32Ocean VPS, to the RPi. I set up the SSH port forward through my router
33config, as a test. Turns out my ISP has me NAT'd. The entirety of my
34apartment is serviced by these fellas, and they have us all under
35a CG-NAT. Fantastic.
36
37Evading this means I either lease a public IP from the ISP, or
38I continue using my VPS, and port forward traffic from it via a tunnel.
39I went with option two since it gives me something to do.
40
41## NAT evasion
42
43This was fairly simple to setup with Wireguard and `iptables`. I don't
44really want to get into detail here, since it's been documented aplenty
45online, but in essence you put your VPS and the Pi on the same network,
46and forward traffic hitting your internet facing interface (`eth0`) 
47to the VPN's (`wg0`). Fairly simple stuff.
48
49## setting up Mastodon on the Pi
50
51Mastodon was kind of annoying to get working. My initial plan was to
52port forward only a few selected ports, have Mastodon exposed on the Pi
53at some port via nginx, and then front _that_ nginx via the VPS. So
54basically: Mastodon (localhost on Pi) <-> nginx (on Pi) <-> nginx (on
55VPS, via Wireguard). I hope that made sense.
56
57Anyway, this setup would require having Mastodon run on HTTP, since I'll
58be HTTPS'ing at the VPS. If you think about it, it's kinda like what
59Cloudflare does. But, Mastodon doesn't like running on HTTP. It just
60wasn't working. So I went all in and decided to forward all 80/443
61traffic and serve everything off the Pi.
62
63Getting back to Mastodon -- the initial few hiccups aside, I was able to
64get it running at `toot.icyphox.sh`. However, as a seeker of aesthetics,
65I wanted my handle to be `@icyphox.sh`. Turns out, this can be achieved
66fairly easily. 
67
68Add a new `WEB_DOMAIN` variable to your `.env.production` file, found in
69your Mastodon root dir. Set `WEB_DOMAIN` to your desired domain, and
70`LOCAL_DOMAIN` to the, well, undesired one. In my case:
71
72    WEB_DOMAIN=icyphox.sh
73    LOCAL_DOMAIN=toot.icyphox.sh
74
75Funnily enough, the 
76[official documentation for this](https://github.com/tootsuite/documentation/blob/archive/Running-Mastodon/Serving_a_different_domain.md)
77says the exact opposite, which...doesn't work.
78
79I don't really understand, but whatever it works and now my Mastodon is
80@[x@icyphox.sh](https://toot.icyphox.sh/@x). I'm not complaining. Send
81mail if you know what's going on here.
82
83And oh, here's the protective case [nerd](https://peppe.rs) fashioned
84out of cardboard.
85
86![](https://cdn.icyphox.sh/zn2I3.jpg)