Domain Driven Architecture

Activities on federated star

Thu, 30 Nov 2023 00:00:00 +0100

We are on the way to implement the feature “federated star / unstar” activity end to end. The goal is to convince the codeberg team to switch this feature on as soon as possible.

At the moment we are implementing the good path. We’ve reached “create user from response” (see sequence diagram at codeberg.org ) - so you can expect the first curl-experiment-announcement in near future.

In parallel we start the discussion which new threats might be introduced with this feature. If you are interested in hacking or security, feel welcome to contribute to the threat discussion at: https://codeberg.org/forgejo/forgejo/issues/1854 .

Considerations on Mapping and Architectural decisions

Wed, 28 Feb 2024 00:00:00 +0100

This month we discussed how a federated Person should be mapped to a local FederatedUser representation. Having a reliable mapping will be very important to trace code- / issue- and other ownerships.

I am very glad about the constructive & good discussion and many cool inputs. If you are interested in the federation related architecture you can have a sneak preview here: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Next an final step on our way to “fereated Stars” will be “UI star triggers a federated Like Activity (in case of mirrored repos?)” - stay tuned for next month step :-).

Data-driven unit testing with data-test

Thu, 29 Aug 2019 00:00:00 +0200

We at DomainDrivenArchitecture do a lot of testing and we really appreciate test driven development. With test driven development we get good shaped APIs and ensure our projects are working as intended. As we eat our own dog food we love to have happy and satisfied customers.

But there are also downsides of doing test first. Our DevOps projects (for example dda-serverspec-crate) consists of large config maps. As a result, the maps representing input and expected output data of the tests were getting bigger and therefore hard to read. Only a small amount of the test code was actually calling the function under test.

dda-pallet series: 3-Convention over Configuration

Fri, 20 Oct 2017 00:00:00 +0200

Our goal is a development environment properly set up straight away from the beginning - and additionally to be able to adjust your setup as you like. We are using dda-pallet to describe this infrastructure as clojure code. This blog is part of the “dda-pallet” series and will show step by step how to setup a clojure IDE:

Provision existing Targets
Compose crates
Convention over Configuration with Domain Driven Design.
Execute Pallet local
Plugin Operational Services
Test-driven DevOps

Last time we cloned some git repositories into a created user home in our future IDE. Today we will proceed with the dda-managed-vm crate.

dda-pallet uses gnupg protected credentials

Mon, 24 Oct 2016 00:00:00 +0200

In DevOps systems we’ve many places were credentials are needed. Often these credentials provide access to many servers or whole datacenters. So if they get compromised, this would be one of the maximum credible security accidents.

Considerations

So having a good security concept for credentials will be essential to any DevOps system. For dda-pallet we took the following decisions:

We use proven tooling: We’re using GnuPG (https://gnupg.org/) , Bouncy Castle (http://bouncycastle.org/ ) and clj-pgp (https://github.com/greglook/clj-pgp) . This security toolchain is also used by Leinigen in order to sign code.
We need tools to en- and de-crypt credentials manually: We will use the REPL for this.
We will use credentials only in the most secure way in dda-pallet. This means
unlock secret keys at the last possible point in time before usage.
don’t store unencrypted credentials, keys on the target system.
passphrases are never stored.
should review log-output for compromising outputs.

If you’re searching for a more in-depth reasoning, you will find our analysis and decisions in more detail. Let’s do a roundtrip for our credentials handling:

DevOps Business Value

Mon, 08 Aug 2016 00:00:00 +0200

Maybe it’s a simple question but did you ever have think about “what makes the business value of DevOps”?

There is one obvious answer: Automation makes installations more repeatable, scalable and faster. Automation drives our world since more than a thousand years, and it will continue to be valuable. But beside this high level answer, there is also an answer with more DevOps insight:

“The DevOps BusinessValue depends strongly on the right level of Abstraction”

Even More Progress on Merging

Fri, 24 May 2024 00:00:00 +0200

Since our last blog post, two more PRs have been merged on the way to federated stars in Forgejo. In addition, the 5th PR is already in progress.

As all these smaller PRs are subparts of our larger PR for federation of star activities, the current progress can be seen in the reducing number of “Files Changed” in the large PR:

Federated staring open for test

Sat, 30 Dec 2023 00:00:00 +0100

Hey, we ar on our way to implement federated stars. We created a test instance to show the new feature - an now you can test federation live :-)

The repo ready to receive your star is located at: https://federated-repo.prod.meissa.de/me/star-me
Post a star activity at: https://federated-repo.prod.meissa.de/api/swagger#/activitypub/activitypubRepository & press the `Try It Out`` button. The input can look like:

Put “1” in to the repo & add the following payload

{
  "id": "https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12",
  "type": "Star",
  "source": "forgejo",
  "actor": "https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/14",
  "object": "https://federated-repo.prod.meissa.de/api/v1/activitypub/repository-id/1"
}

As every user can only put one star, we created 12 users for your experiment on our instance "actor": "https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/2-13",. But if you are on a forgejo instance having active activitypub/user-id api you can insert also your foreign-instance-user-uri here.
Press execute & visit again the repo (https://federated-repo.prod.meissa.de/me/star-me ) and enjoy your star :-)

At the moment we discuss threats arising by this feature. If you are interested we will be happy to get your 2 cents here: https://codeberg.org/forgejo/forgejo/issues/1854

Federated staring with Like Activity

Tue, 30 Jan 2024 00:00:00 +0100

We did the next step. We now use a plain Like Activity for expressing the Star action. In addition we fixed some bugs, made error responses more meaningful, improved security by validating every input we get on federation & mitigate identified threats (SlowLories, Replay Attacks, Block by future StartTime).

DOS attacks we now mitigate in our k8s ingress. Find the code in our PR for c4k-forgejo .

At https://federated-repo.prod.meissa.de/me/star-me you can try out the current code the same way as described above with the following activity (maybe find an unused user by alternating the actors user-id).

From container to a running k8s

Sat, 09 Oct 2021 00:00:00 +0200

This tutorial shows how to set up a running k8s system by using the k3s distribution within just some minutes. Additionally, it provides a rudimentary introduction to some selected k8s key concepts.

As an example container we use a httpd webserver container (rather than nginx, in order to avoid confusion with nginx-ingress), but of course you may use any other container instead.

For k8s we use k3s , a lightweight but complete k8s distribution, which is also suitable for production environments.

Gopass Quick-Reference

Wed, 29 Jan 2020 00:00:00 +0100

Gopass is a password-manager suitable for individuals and especially for teams. Key features include:

Encrypted storage of secrets (each secret is stored in its own file)
Encryption by GPG (GnuPG)
Versioning by GIT (in git repositories)

A secret in gopass can consist of a single value, such as a password, or multiple fields containing additional information like a username, URL, etc.

File structure of gopass

Gopass stores all secrets in separate files in a directory structure. The files are encrypted for certain gpg-ids. The gpg-ids used for the encryption are stored in files named .gpg-id.
More precisely, a file .gpg-id contains all public gpg-ids (in fact their fingerprints) which are used to encrypt all the files in the same folder and all subfolders. If there is another .gpg-id file in a subfolder, it “overwrites” on its turn the keys of this subfolder and sub-subfolders.

How To: Federated Stars

Wed, 05 Jun 2024 00:00:00 +0200

With the final PR the first star federation feature will be completely added to Forgejo. You can check out the PR that contains an overview over the new feature: https://codeberg.org/forgejo/forgejo/pulls/1680

The feature allows you to define following repositories such as origin of mirrors or forks. If then the mirror or fork gets a star by someone, the origin repository will also get a star via federated ActivityPub like activity. Please note, however, that for now only the star activity is federated. The unstar activity is not yet federated.

HowTo: Setup forgejo runner and create basic actions

Wed, 30 Jul 2025 00:00:00 +0200

The forgejo actions feel very familliar to the CI of a well known git service. They are complete with env vars, secret handling, packages artifacts and releases. You can even self-host the runners and connect them to your forgejo instance (or even your account on codeberg.org). This HowTo will explain the setup of the runner in a k3s environment with an existing forgejo deployment and give some basic ideas on how to create a forgejo actions workflow touching some basics on the way.

HowTo: SSO Forgejo with keycloak

Wed, 04 Mar 2026 00:00:00 +0100

Keycloak OpenID connect authentication allows users to log in to Forgejo using their Keycloak credentials. This article explains how to set up Keycloak as an authentication provider in Forgejo.

Authentication

First use case to integrate is authentication. Authentication tells the integrated Forgejo who the user is. Under the hood this will login existing users and in addition register unknown ones.

Keycloak: Setup Client

We will setup the keycloak client Forgejo will connect to.

Keycloak: Migrate away from Bitnami

Mon, 16 Feb 2026 00:00:00 +0100

We used the Bitnami distribution for keycloak and to be honest this was an intuitive decision. I think the reason was, most of the How-Tos we found are based on Bitnami’s Helm Chart.

Instead of helm, we use our own Convention 4 Kubernetes or short c4k - just because we believe in Using a programming language if you do software. Helm template language we consider not to be a programming language.

Mulitmodule Build in Clojure

Thu, 14 Jul 2016 00:00:00 +0200

When using clojure & lein for larger systems composed of many modules, you may know the multibuild problem - it’s ugly and boring to release / test / ancient all your modules one after another manually! And it has to be done ordered by dependency!

On the other hand, you may insist on having multiple modules, because it’s handy to have independent release cycles or different access policies.

Thats exactly our situation at dda-pallet (a clojure dev-ops-system we maintain).

Progress on Merging

Wed, 15 May 2024 00:00:00 +0200

We proudly announce the second PR on the way to federated star in forgejo is merged.

It is a real pleasure to contribute to forgejo. We got many cool and improving review comments. This increases the quality of our code - we thank you :-).

As you can see, we divide our large feature request step by step:

Seamless Notebookcloud

Tue, 04 Nov 2014 00:00:00 +0100

Whoever has started to develop with virtual machines will know the advantages after a short time . A short list of these advantages is:

Instant IDE for software development projects: Configuring an IDE is very time consuming. These efforts however are hidden in most cases. After the first install there will be a long ramp-up time till each developer has reached good efficiency.
Freedom: from the underlying hardware and operating system used. Developing with Linux, although on company computers only Windows is installed? Or do you want to use a Windows environment on a Mac operating system? All this is possible.
Riskless work with different configurations: Who can claim that he can fearlessly try a Tool xy - just as a short test? Often there will be left over parts from such test installations - maybe there is a config-file left, a dll or some changed package dependencies. Using VMs you can easily snapshot or copy your VM. So a save reset always is possible.
Tests for large infrastructures: You develop client / server software , or want to integrate web services? Do you want to research bugs from your production system? By using VMs this is all possible on your own computer, mobile and usable on the go.

However… there are some negative aspects also.

Simplify Setup of Repository Federation

Thu, 04 Apr 2024 00:00:00 +0200

We are approaching the discussion to get our feature merged :-)

Since the last blog post, among other minor improvements, we have improved the setup of federated repositories.

In order to setup a federated repo, it is necesary to provide the ActivityPub URL (containing the repo id) in the settings of the repo. However before, it was not obvious how to get this URL.

Now, the ActivityPub URL can simply be shown in the Federation Settings of the repo. From there, just copy-paste it into the desired repo settings. In the following video you can see the star federation in action with improved setup:

Testing the cloud with dda-cloudspec

Sun, 24 Jun 2018 00:00:00 +0200

Testing entire infrastructures can be challenging especially when the infrastructure consists not only of container and server images.

Consequently, testing networks is the next important step in the process of testing infrastructures. We are currently using our dda-serverspec-crate for executing simultaneous tests on localhost or remote hosts by ssh on mulitple targets. Beside testing installed files or packages we’ve added the ability to do networking tests in addition. Imagine executing curl or netcat on a remote server connected over ssh.

Ui-Work for Sending Like Activities

Wed, 27 Mar 2024 00:00:00 +0100

Currently we are working on the functionality to send like activities to federated repositories triggered by a users star action on UI.

In the settings of a repository there is now a field allowing to define its federated repositories (that is just intended to be a workaround till “following” on repositories is implemented):

In the following video you can see the star federation in action:

Upcoming Federate User Activities

Thu, 14 Aug 2025 00:00:00 +0200

With the final PR the next large federation feature “Federated User Activities” will be completely added to Forgejo. You can check out the PR that contains an overview over the new feature: https://codeberg.org/forgejo/forgejo/pulls/4767

The feature allows you to follow other users across the fediverse without leaving your beloved Forgejo UI. To be honest, the other direction might be way more interesting. You will be able to follow the activities of a Forgejo user from all over the federated world. You will get informed if this user creates a new repository, opens an pull request or works on an issue.