Ikiwiki Setup

Created by Steven Baltakatei Sandoval on 2020-12-14T19:48Z under a CC BY-SA 4.0 license and last updated on 2020-12-14T20:28Z.

Background

I decided to add TLS functionality to my personal blog at a domain that I own https://reboil.com. For the past few years it has been a static markdown-based git-versioned website hosted in an Amazon S3 bucket using Amazon's Route 53 service to permit webpages to appear like they are being fetched from reboil.com. However, this setup does not permit pages to be secured by TLS encryption as most webpages are. Therefore, a few years ago I decided to look for a method of posting my blog in such a way that was secured by TLS.

Many blogging services exist if you are okay with the encryption keys being hosted by servers you don't control. Some blogging software permits individuals to avoid using third-party servers (ex: Wordpress).

I forget where exactly I heard of it, but I found that a hardware-software package called "Freedombox" existed with the intention of permitting individuals to replace third parties necessary for common "cloud" services such as file-sharing, chatting, git repository hosting, and blogging. One service that a "Freedombox" provides is blogging via Ikiwiki.

I found that the Ikiwiki instance that Freedombox installs into itself (I find the web user interface convenient) comes preconfigured to version control posts using git. Also, posts can be made by creating a markdown text file in a particular directory followed by running the git push command as the root user in Freedombox.

I also found that a Freedombox can automatically create its own TLS certificates and get them signed via Let's Encrypt so most web browsers can communicate with the Freedombox through a connection secured by encryption. Let's Encrypt certificates are private-public key pairs whose private keys are always retained on the local machine and not shared with any third-parties! This meant that I was able to fulfill my goal of creating a blogging server physically located within my own room. With the Freedombox's Dynamic DNS service and FreeDNS, I am able to also make sure even the occasional public IP change caused by my internet service provider's dynamic IP allocation algorithm won't interrupt availability of my blog for long.

Since a Freedombox is basically a headless Debian machine, experience I have gained since 2017 in using Debian directly apply to help me. For example, I learned how to install packages via apt which I found works on a Freedombox. I learned how to log remotely into a headless Debian machine via ssh and a PGP subkey loaded onto a USB smartcard. I learned how to use emacs and magit to synchronize my git commits with a remote server (another function a Freedombox provides via gitweb). I learned how to version control my dotfiles using yadm. I learned how to use git to version control my static websites such as my existing blog. I learned recently that Ikiwiki's git compatibility also theoretically permits me to maintain a continuity of my existing blog git repo in a new repo (I imagine I'll save and commit a git bundle of my old blog into the new Ikiwiki git repo).

So, all this has led me to be confident enough to move my blog to this ikiwiki blog. Since my old blog posts use markdown and Ikiwiki permits posts to be published via git push and creation of markdown files in a specific directory, I should be able to easily migrate my existing static webpage blog posts to ikiwiki. :D.

Future action items

Today the blog has been moved. Now I just need to construct a workflow that will allow me to sign my blog commits with my personal PGP smartcard. I think one way would be to:

  1. Initially mirror the ikiwiki blog git repo to a remote server (ex: my personal Freedombox gitweb server).

  2. Set up a cron job that automatically and periodically pulls commits from my personal remote git server and pushes them so ikiwiki is triggered to render the markdown files into static webpages that are publicly available.

  3. Clone the blog git repo on my personal server to a personal workstation (or three). Using the USB smartcard plugged into my personal workstation, I can create, commit, sign, and push blog posts to my personal git server.

Thus, I will won't have to plug my USB smartcard into the physical Freedombox. All posts can be signed with my PGP key, reducing the probability that posts are made by an impostor and increasing the value of my observations that I publish to my blog.

This work by Steven Baltakatei Sandoval is licensed under CC BY-SA 4.0