Merge branch 'master' of code.ungleich.ch:ungleich-public/ungleich-staticcms

This commit is contained in:
sanghee 2022-02-16 17:19:23 +01:00
commit a146991ad9
12 changed files with 654 additions and 3 deletions

View file

@ -1,7 +1,13 @@
# This image used for CI. # This image used for CI.
FROM debian:latest FROM alpine:3.15
MAINTAINER Timothée Floure <timothee.floure@ungleich.ch> MAINTAINER ungleich <foss@ungleich.ch>
RUN pip install lektor
RUN mkdir /build /data
COPY . /data
FROM nginx:
RUN apt-get update RUN apt-get update
RUN apt-get install -y make python3-pip imagemagick openssh-client rsync git RUN apt-get install -y make python3-pip imagemagick openssh-client rsync git

8
Dockerfile.debian Normal file
View file

@ -0,0 +1,8 @@
# This image used for CI.
FROM debian:latest
MAINTAINER Timothée Floure <timothee.floure@ungleich.ch>
RUN apt-get update
RUN apt-get install -y make python3-pip imagemagick openssh-client rsync git
RUN pip3 install git+https://github.com/lektor/lektor/

View file

@ -0,0 +1,64 @@
title: Running Django in Kubernetes IPv6 only
---
pub_date: 2021-12-19
---
author: ungleich
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: yes
---
abstract:
How to run Django in IPv6 only Kubernetes clusters
---
body:
## Overview
At ungleich we run quite some amount of
[Django applications](https://www.djangoproject.com/), some for
ourselves, some on behalf of our customers. Most of them are currently
running "natively" on virtual machines. Our objectives are to
* Slowly move our own workload into IPv6 only kubernetes clusters
* Slowly move our customer applications into IPv6 only kubernetes
clusters
* Offer modern Django Hosting based on Kubernetes
## Status 2021-12-19: initial design phase
At the moment we are looking into what we require for running Django
applications inside Kubernetes. Some parts are still open, some are
already set:
* PostgreSQL as the database: this is our standard so far and we don't
plan to change it
Undefined at the moment:
* Where/how to generate and serve static files
* Same container?
* Separate container?
* Backup sidecare
* Restic?
* pg_dump?
* media / upload files
* App server
* uwsgi
* (g)unicorn
### One container providing port 80
* The outside world does not need to know what is running inside
* Thus the django container should:
* Expose port 80
* Serve staticfiles on its own
* One can use *any* of the wsgi/asgi servers
* Will provide example for some of them
## Follow up
If you are interested in Kubernetes or Django, feel free to
[join us on our open chat](/u/projects/open-chat/).

View file

@ -0,0 +1,69 @@
title: Running Workadventure in Kubernetes IPv6 only
---
pub_date: 2021-12-19
---
author: ungleich
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: yes
---
abstract:
The current state of Workadventure in IPv6 only kubernetes
---
body:
## Overview
At ungleich we are often running software in IPv6 only environments
and recently even more in IPv6 only Kubernetes clusters. Today we had
a look at running [WorkAdventure](https://workadventu.re/) in an IPv6
only kubernetes cluster.
## Status: waiting for bugfix
At the moment it looks like as if WorkAdventure cannot run in IPv6
only Kubernetes clusters. The frontend displays the infamous "Network
Error" messages. When checking the backend, it displays an error that
it cannot resolve the redis hostname, which [seems to be a bug in the
resolver
code](https://github.com/thecodingmachine/workadventure/issues/1657),
as the hostname does resolve, albeit only to an IPv6 address.
## The code
As usual you can find our code in the
[ungleich-k8s
repository](https://code.ungleich.ch/ungleich-public/ungleich-k8s/src/branch/master/apps/workadventure),
which contains development iterations at the moment:
* v1: initial conversions from docker-compose using kompose
* v2: Adjust manifests so that pods generally speaking run
* v3: Turned into a helm chart with most services running stable
If you want to give it a spin yourself, here is how to:
* Setup an IPv6 only kubernetes cluster
* Ensure you have helm locally installed
* Ensure you have
* Clone the ungleich-k8s repo (see link above)
* `cd apps/workadventure/`
And use
```
helm upgrade --install workadventure v3/
```
## Next steps
We are currently waiting to hear back from the redis bug report and
will continue developing after the backend is running stable in an
IPv6 only environment.
If you are interested in this development, feel free to
[join us on the open kubernetes chat](/u/projects/open-chat/).

View file

@ -0,0 +1,80 @@
title: IPv6 addresses for free
---
pub_date: 2021-12-23
---
author: ungleich
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: yes
---
abstract:
Do we are do we not need IPv6 addresses for free?
---
body:
## TL;DR
Are you, your organisation or someone you know interested in public, static, addressable IPv6
address space? But have you refrained from getting it because of cost issues?
And/or would you be interested in affordable (free/almost free) IPv6 address space?
If yes, then please reach out to us via:
* E-Mail: ipv6@ungleich.ch
* [Matrix: #ipv6:ungleich.ch](https://IPv6.chat)
* [Twitter: @ungleich](https://twitter.com/ungleich)
With this information:
* Who are you?
* What do you need or plan to use the IPv6 space for?
* Are we allowed to share your information publicly?
* What are your financial constraints?
The last question is mainly to find out why you would not apply to
become an LIR at one of the RIRs. However if you don't want to share,
the last question can be skipped.
Note:
- This is not about routing or connectivity, but merely about
assignment of address space.
## The background: free = ULA
At the moment the only "free" available IPv6 address space is
ULA space. However there is no official ULA registry, even though we
provide a [ULA registry at ungleich](https://ula.ungleich.ch/). We are
not the only ones though, [DN42](https://dn42.dev/howto/Address-Space)
also registers ULA space.
ULA space is not only not officially managed, but also comes with the
drawback that it will never be routed through the Internet.
## Global Unique Addresses (GUA) are paid
Global Unique Addresses, even if not routed or announced in the
Internet, are something you can get from an RIR, if you are a
registered LIR. Being an LIR costs 1400 Euro per year + a one time
fee.
One theory is that every organisation can afford this, but at ungleich
we imagine this is stopping organisations from pursuing GUA.
## This survey
This is why we started this page, to find out which organisations
are looking for IPv6 address space or are using ULA because of cost
issues. Answering this survey helps to find out whether or not there
should be afford to either
* Establish an official ULA registry
* To provide GUA address space for free
So please spread the word - the more answers there are, the easier it
will be to continue the discussion. We plan to publish all answers
that are allowed to be shared publicly in a git repository.

View file

@ -0,0 +1,142 @@
title: To VIIRB or not to VIIRB?
---
pub_date: 2022-01-20
---
author: ungleich network team
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: no
---
abstract:
A diary of our Open Source Router Journey
---
body:
## Introduction
About 1.5 years ago we introduced the
[VIIRB](https://ungleich.ch/u/products/viirb-ipv6-box/) as the world's
smallest IPv6 router, enabling any IPv4 with IPv6. Seamless, real
plug'n'play. Shortly after that the VIIRB was joined
by the [VIWIB](https://ungleich.ch/u/products/viwib-wifi-ipv6-box/),
basically a two port variant of the VIIRB and soon after by the
[VIGIR](https://ungleich.ch/u/products/vigir).
About a year later
[we announced on
twitter](https://twitter.com/ungleich/status/1463937807672655878) that
we are looking at the last and final batch of VIIRBs to be sold. Today
we want to shed some light on this post and introduce you to the
future plans of IPv6 and IPv6 providing routers from ungleich.
## The requirements and development process
All our routers are running unpatched, original upstream
[OpenWrt](https://openwrt.org/) as an operating system. When we
receive the devices, they usually contain a patched vendor version
that we replace for multiple reasons:
- Sometimes the vendor version lacks IPv6 support
- Sometimes the vendor version lacks wireguard support
- We want to have the same look & feel for all devices
- We like to stay as close to upstream Open Source projects as
possible
- Upstream OpenWrt releases are much more trustworthy and easier to maintain
So when we receive a new batch of devices in the ungleich HQ in
Switzerland, the typical process is:
- Check if all devices are included
- Unpack and flash original OpenWrt
- Configure the router with IPv6/NAT64 related settings
- Verify all features work
- Pack it again, ready to be sent for an order
- On order, add the labels, accessory and have it ship out
## The pricing
The whole process for each devices take a bit of time, especially when
taken into all exceptions like defects, errors by the post or return
handling from customers when someone ordered a wrong device.
Instead of taking into account all necessary work and creating a
pricing based on this input, we asked ourselves in the beginning:
```
What is the lowest price we can offer so that we can
enable as many people as possible with IPv6?
```
This led to a bit awkward pricing, which some of our customers
noticed:
The devices themselves *including* an IPv6-VPN are actually cheaper
than the [IPv6 VPN](https://ungleich.ch/u/products/ipv6-vpn/) itself.
How does that make any sense? The short answer is: it doesn't if you
want to make any win.
We did it anyway, because **our primary goal is to bring IPv6 anywhere**.
It's a bit like [HE.net](http://he.net/) offering free IPv6 tunnels -
it does not make any win, but you do it nonetheless.
## The future of VIIRB, VIWIB and co.
At some point you have to ask yourself, does it (financially) make
sense what we do?
And the answer is "Jein" (a German combination of "Ja" + "Nein"):
* Financially it doesn't
* For supporting IPv6 deployments world wide: it does
To continue providing VIIRB and VIWIB, we have decided on two
strategies:
### Introducing the "Fair Price"
Instead of abandoning the VIIRB like we planned or our low price, we
are adding a new price for the VIIRB and VIWIB that covers all our
costs. We call this price the "Fair Price" and with that we are not
losing money on each device.
We keep the original prices up and to make the pricing more clear, we
call them now "Sponsored Price".
Obviously we encourage everyone who can to buy the devices at the fair
price, but if you can't, we will continue to sponsor IPv6 deployments.
### Adding VIIRB+VIWIB Sponsoring package
Secondly we know offer VIIRB and VIWIB sponsoring packages: If you
think what we do is a good thing and you would like to support it, we
now offer VIIRB+VIWIB sponsoring packages that cover the difference
between the selling price and the real costs for the devices, leading
to a zerosum for ungleich.
The sponsor packages work as follows:
* You select a number of VIIRB/VIWIBs you would like to sponsor
* You can opt-in to send us stickers from your organisation that we
include with the VIIRBs/VIWIBs that you sponsored
* You can opt-in to be publicly named on a IPv6 deployment sponsor list
So from today on, we offer the following sponsorship packages:
* [Sponsor 5 VIIRBs/VIWIBs](https://linksanghee) - 435 CHF
* [Sponsor 10 VIIRBs/VIWIBs](https://linksanghee) - 870 CHF
* [Sponsor 20 VIIRBs/VIWIBs](https://linksanghee) - 1740 CHF
* [Sponsor 50 VIIRBs/VIWIBs](https://linksanghee) - 4350 CHF
* [Sponsor 100 VIIRBs/VIWIBs](https://linksanghee) - 8700 CHF
We would love if you spread the word about it so that we can continue
sending the smallest IPv6 router out into the world.
## More IPv6
We hope with our continued efforts we can support more IPv6
deployments out there. In the meantime, if you want to talk more about
IPv6, feel free to join [our open IPv6.chat](https://IPv6.chat).

View file

@ -0,0 +1,117 @@
title: 100: the number of servers at ungleich
---
pub_date: 2022-02-14
---
author: ungleich devops team
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: yes
---
abstract:
A long way until here
---
body:
## The day of celebration, 2022-02-14
Today is the day that we put **server100** online in our data center.
Server100. Who would have thought that when we started our journey
with the Data Center Light around 2017?
Just on this Valentine's day, we have actually received 2 new servers
to support the growing storage needs of our customers, so server100 is
celebrating in the data center with server101.
## Big data
You might remember this slogan from the 2017's, "Big data" or "what
can you do if you have a lot of data". We see big data a bit
differently. We don't ever analyse our customer data or sell it to
third parties, because we know that for every of our customers privacy
is an important.
No, at ungleich big data means "storing a lot of data". And that is
what server100 and server101 are going to do: each of them will
**provide around 400 Terabyte** of storage.
This is a bit of a special case in our infrastructure, as these
servers are dedicated to specific customers. Usually, all of our
storage is provided by our Ceph clusters, but in this case these
machines are providing independent storage.
## Kubernetes + IPv6 everywhere
They are however integrated into our kubernetes clusters so that the
actual workload is scheduled via kubernetes to these specific hosts.
As usual, the servers are running in IPv6 only networks, but have
access to the Internet via NAT64.
## More about server100
So, what kind of server is this server100 anyway? It is a 24 bay,
Supermicro X9QRi-F with 64 cores and 512GB RAM. It is connected to our
network with 2x 10 Gbit/s network cards running LACP bonding. Not only
in terms of computing it is big, it is with it's 1620W PSU also one of
the "heaviest" servers in our data center (the average PSU is
rated somewhere in the 1000W area).
Some more insights coming from the terminal:
```
[17:33] server100.place10:~# cat /proc/cpuinfo | grep ^process | wc -l
64
[17:33] server100.place10:~# free -g
total used free shared buff/cache available
Mem: 503 0 502 0 1 501
Swap: 0 0 0
```
Obviously, the uptime is not yet that high...
```
[17:46] server100.place10:~# uptime
17:46:42 up 1:37, load average: 0.00, 0.00, 0.00
```
... neither are the measured temperatures:
```
root@2157f4626763:/# ipmitool sensor | grep degrees
CPU1 Temp | 27.000 | degrees C | ok | 0.000 | 0.000 | 0.000 | 97.000 | 100.000 | 102.000
CPU2 Temp | 28.000 | degrees C | ok | 0.000 | 0.000 | 0.000 | 97.000 | 100.000 | 102.000
CPU3 Temp | 28.000 | degrees C | ok | 0.000 | 0.000 | 0.000 | 97.000 | 100.000 | 102.000
CPU4 Temp | 27.000 | degrees C | ok | 0.000 | 0.000 | 0.000 | 97.000 | 100.000 | 102.000
PCH Temp | 43.000 | degrees C | ok | -11.000 | -8.000 | -5.000 | 90.000 | 95.000 | 100.000
System Temp | 16.000 | degrees C | ok | -9.000 | -7.000 | -5.000 | 80.000 | 85.000 | 90.000
Rear Left Temp | 17.000 | degrees C | ok | -9.000 | -7.000 | -5.000 | 80.000 | 85.000 | 90.000
Rear Right Temp | 14.000 | degrees C | ok | -9.000 | -7.000 | -5.000 | 80.000 | 85.000 | 90.000
root@2157f4626763:/#
```
With the addition of server100 and server101 we are about to
crack the 10 TiB RAM barrier. Prior to the deployment of these two, a
total of 8 TiB had been deployed in the Data Center Light.
As you can see, we have a lot of fun with our latest servers. And this
brings us to the important point: celebration.
## Celebration
Over the years we learned many great stories and have done many great
projects together with our customers and partners. Many of them have
turned into friends and we know the spirit of each and every project
that came to us.
In this sense we want to celebrate reaching that big number
with you and will give a 100% discount on any hosting order of 100 CHF
or more for the first month.
Checkout the details on the [100 servers - 100 percent
discount](/u/offers/100-servers-100-percent-discount) page. And now,
happy 100 everyone!
If you feel like celebrating, you can also join us on our [open chat](/u/projects/open-chat).

Binary file not shown.

After

Width:  |  Height:  |  Size: 130 KiB

View file

@ -0,0 +1,40 @@
title: 100 servers = 100 percent discount
---
subtitle: Time to celebrate
---
_model: product
---
_hidden: no
---
_discoverable: yes
---
headline2: 100% green
---
headline3: 100% good
---
headline1: 100 servers
---
header_background_color: #ef92bd
---
header_text_color: text-light
---
nav_classes: navbar-dark
---
oCHANGEMEimage: /u/image/cards/zerocarbon-valentine.jpg
---
description1:
## Celebrating 100 servers
Today [we deployed
server100](/u/blog/2022-02-14-100-servers-at-ungleich) at ungleich and
want to celebrate this with you:
In the next 100 days, we will give the first 100 hosting orders of 100
CHF or more, 100% discount for the first month.
This offer is valid from today on until 2022-05-25.
## The fine print
This offer is not valid for service hours or hardware orders.

View file

@ -0,0 +1,98 @@
_discoverable: no
---
_hidden: no
---
title: ungleich spam and scam fees v0.1
---
subtitle: Unsolicited, Fake, Spam or Scam request fees
---
description1:
## Introduction
Sending unsolicited emails to any @ungleich.ch or related email
address causes costs for our staff.
For this reason we charge the following fees, if you send us either
* Unsolicited emails for marketing or advertisement purposes
* Unsolicited emails impersonating other people or organisations
* Unsolicited emails with vague or unclear payment requests
Explicitly *not* part of this fee are **all regular communications**.
See below for details.
<div class="table-responsive mt-4">
<table class="table colored-table table-bordered">
<tr>
<th>Fee type</th>
<th>1st encounter</th>
<th>2nd encounter</th>
<th>Every further encounter</th>
</tr>
<tr>
<th>Rate</th>
<td>2220 CHF</td>
<td>5500 CHF</td>
<td>10000 CHF/email</td>
</tr>
<tr>
<th>Payment due within</th>
<td>3 business days</td>
<td>2 business days</td>
<td>1 business days</td>
</tr>
<tr>
<th>Late payment fee</th>
<td>20% per late day</td>
<td>40% per late day</td>
<td>80% per late day</td>
</tr>
</table>
</div>
If not otherwise stated, fees accumulate and are not deductable.
## Am I a scammer/spammer / am I sending unsolicited emails?
The following examples show typical cases that we are charging with
this fee.
### Unsolicited marketing or advertisement
In case you are advertising your product to us without prior explicit
request from our side, you are spamming and subject to the
### Impersonation
If you claim to be somebody else than you really are, you are subject
to the fee. Typical impersonation claims are pretending to be a
government entity, a company or (weathly) private person.
Note: we do respect anyone who needs or wants to stay anonymous. We do
not consider using an imaginary name as impersonating, especially if
it is for safety issues.
### Vague or unclear payment requests
If you are sending us payment requests for whatever service, product
or tax and do not specify what product, service or consumption this
refers to, you are subject to our spam fee.
This includes general payment requests ("fake bills"),
unspecific payment requests ("money requested for an undefined
product/service") as well as
specific unidentifiable payment requests ("requests that reference IDs
or references that are not known to us").
## Fee reasoning
As the research of the actual sender as well as
verifying the (il-)legitimate cause of the request require significant
resources, our fees are reflecting the need of those resources.
## Versions
### 0.1
This version is in effect from 2022-01-12.

View file

@ -26,6 +26,6 @@ matrix account on our Open Chat page](/u/projects/open-chat).
## Other chat rooms ## Other chat rooms
Note: there is also an #ipv6 channel on Freenode. We are currently Note: there is also an #ipv6 channel on libera.chat. We are currently
trying to figure out whether we can bridge IPv6.chat into the IRC room trying to figure out whether we can bridge IPv6.chat into the IRC room
to combine them. to combine them.

View file

@ -47,6 +47,33 @@ Create a micro django project that does the following:
* If you are visiting it via IPv6, it will show a friendly cat picture * If you are visiting it via IPv6, it will show a friendly cat picture
* No other features required, design up to you * No other features required, design up to you
### Hack 4: Mini Marketplace
This project is designed to check your skills as a Django developer.
Create a django project that provides the following features:
* User login + registration
* A logged in user can create items to sell
* An item to sell has a name, description and can have 1-5 pictures
attached, and obviously a price
* There should be one page with all items that are able to be sold
(can be seen without login)
* There should be one page with all items that have been sold
* A logged in user can buy an item from another user
* Users should be able to write messages to each other in a reasonable
way (not to anyone, think about what makes sense)
* You do not need to implement real world payment services
### Hack 5: Mini Marketplace with Matrix communication
* Based on hack 4
* However instead of using your internal messaging, you are going to
use the Matrix protocol
* Whenever users want to talk to each other, create a matrix room for
them
* For each article that is being sold, create a matrix room in which
users can discuss the item
## Jobs ## Jobs