alexlebens/site-documentation
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 12 Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:release
alexlebens:0.13.0 alexlebens:0.12.0 alexlebens:0.11.0 alexlebens:0.10.0 alexlebens:0.9.0 alexlebens:0.8.0 alexlebens:0.7.0 alexlebens:0.6.0 alexlebens:0.5.0 alexlebens:0.4.0 alexlebens:0.3.0 alexlebens:0.2.0 alexlebens:0.1.7 alexlebens:0.1.6 alexlebens:0.1.5 alexlebens:0.1.4 alexlebens:0.1.3 alexlebens:0.1.2 alexlebens:0.1.1 alexlebens:0.1.0 alexlebens:0.0.11 alexlebens:0.0.9 alexlebens:0.0.8 alexlebens:0.0.7 alexlebens:0.0.6 alexlebens:0.0.5 alexlebens:0.0.4 alexlebens:0.0.3 alexlebens:0.0.2 alexlebens:0.0.1
..
compare: alexlebens:bac794bdc4f2de7cca9704af3f1c578e7566584a
Branches Tags
alexlebens:main alexlebens:release
alexlebens:0.13.0 alexlebens:0.12.0 alexlebens:0.11.0 alexlebens:0.10.0 alexlebens:0.9.0 alexlebens:0.8.0 alexlebens:0.7.0 alexlebens:0.6.0 alexlebens:0.5.0 alexlebens:0.4.0 alexlebens:0.3.0 alexlebens:0.2.0 alexlebens:0.1.7 alexlebens:0.1.6 alexlebens:0.1.5 alexlebens:0.1.4 alexlebens:0.1.3 alexlebens:0.1.2 alexlebens:0.1.1 alexlebens:0.1.0 alexlebens:0.0.11 alexlebens:0.0.9 alexlebens:0.0.8 alexlebens:0.0.7 alexlebens:0.0.6 alexlebens:0.0.5 alexlebens:0.0.4 alexlebens:0.0.3 alexlebens:0.0.2 alexlebens:0.0.1

1 Commits
main ... bac794bdc4

Author SHA1 Message Date
semantic-release-bot
bac794bdc4 chore(release): 0.12.0 [skip ci] 
# [0.12.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.11.0...0.12.0) (2026-03-30)

### Features

* add more apps ([e13f3e3](e13f3e30e2))
* add more apps ([ef4ff67](ef4ff67818))
* add more apps ([32eacf8](32eacf8df7))
 2026-03-30 02:08:01 +00:00
6 changed files with 26 additions and 126 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -22,7 +22,7 @@ jobs:
RENOVATE_REPOSITORIES: alexlebens/site-documentation
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
LOG_LEVEL: debug
LOG_LEVEL: info
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}

9
CHANGELOG.md
View File

@@ -1,3 +1,12 @@
# [0.12.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.11.0...0.12.0) (2026-03-30)
### Features
* add more apps ([e13f3e3](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/e13f3e30e2a73a712008f65cc5932cbe1e71adb2))
* add more apps ([ef4ff67](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/ef4ff67818d2758e21b9f0076519ca9221f74bb0))
* add more apps ([32eacf8](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/32eacf8df7cd07eaf33a46d9df88e22f22d0cbf6))
# [0.11.0](http://gitea-http.gitea:3000/alexlebens/site-documentation/compare/0.10.0...0.11.0) (2026-03-27)

19
astro.config.mjs
View File

@@ -6,6 +6,8 @@ import sitemap from '@astrojs/sitemap';
import starlight from "@astrojs/starlight";
import starlightThemeRapide from 'starlight-theme-rapide'
import tailwindcss from '@tailwindcss/vite';
const getSiteURL = () => {
if (process.env.SITE_URL) {
return `https://${process.env.SITE_URL}`;
@@ -27,9 +29,6 @@ export default defineConfig({
customCss: [
'./src/styles/custom.css',
],
expressiveCode: {
themes: ['vitesse-light', 'vitesse-dark'],
},
social: [
{
icon: "external",
@@ -55,9 +54,21 @@ export default defineConfig({
autogenerate: { directory: "applications" },
},
],
})
}),
],
markdown: {
syntaxHighlight: false,
},
plugins: {
'@tailwindcss/postcss': {},
},
vite: {
plugins: [tailwindcss()],
},
output: 'static',
adapter: node({

2
package.json
View File

@@ -1,7 +1,7 @@
{
"name": "site-documentation",
"type": "module",
"version": "0.11.0",
"version": "0.12.0",
"scripts": {
"dev": "astro dev",
"build": "astro build",

15
src/content/docs/applications/homepage.mdx
View File

@@ -1,15 +0,0 @@
---
title: Homepage
description: A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations.
hero:
tagline: A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations.
image:
file: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/homepage.webp
actions:
- text: Source
link: https://github.com/gethomepage/homepage
icon: right-arrow
- text: Deployment Chart
link: https://gitea.alexlebens.dev/alexlebens/infrastructure/src/branch/main/clusters/cl01tl/helm/homepage
icon: right-arrow
---

105
src/content/docs/guides/vault-ssh-ca.md
View File

@@ -1,105 +0,0 @@
---
title: Vault SSH Certificate Authority
description: Steps followed to enable using Vault as a CA for ssh login
---
# Setup
[Reference Vault Documentation](https://developer.hashicorp.com/vault/docs/secrets/ssh/signed-ssh-certificates#host-key-signing)
I have set the documenation to use my own defaults and configuration. This also assumes a running and active Vault instance.
## Enable the SSH CA
I followed the defaults mostly in the docs, reference the above link for details. Use either root or a role with permissions for the endpoints.
Start with enabling the mount.
```bash
vault secrets enable -path=ssh-client-signer ssh
```
Generate a key. This will be used only for signing and not for client authentication. Keep it in a secure location, rename the path the key will be written to.
```bash
ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
```
Add the above signing key.
```bash
vault write ssh-client-signer/config/ca private_key="..." public_key="..."
```
## Create Client Role and Key
Once the above is complete, create a role to use to sign your own client cert. I used my common username and configurations. This can also be done in the Vault UI.
```bash
vault write ssh-client-signer/roles/alexlebens -<<"EOH"
{
"algorithm_signer": "rsa-sha2-256",
"allow_user_certificates": true,
"allowed_users": "*",
"allowed_extensions": "permit-pty,permit-port-forwarding",
"default_extensions": {
"permit-pty": ""
},
"key_type": "ca",
"default_user": "alexlebens",
"ttl": "30m0s"
}
EOH
```
## Create Client Key
Generate the ssh key to use to authenticate to your hosts. This is the one to keep in ~/.ssh.
```bash
ssh-keygen -t rsa -C "alexanderlebens@gmail.com"
```
## Configure SSH to use the Key and Cert
SSH will defailt to using the cert when using the matching name "id_rsa_host-cert.pub" as shown in the renewal certificate section. Use the principal as signed by Vault as the User and set the IdentityFile to the Key as generated above.
```
Host ps08rp
Hostname 10.232.1.51
User alexlebens
IdentityFile ~/.ssh/id_rsa_host
```
# Operations
## Prepare Target Host
Download the public cert from the endpoint.
```bash
curl -o /etc/ssh/trusted-user-ca-keys.pem https://vault.alexlebens.net/v1/ssh-client-signer/public_key
```
Then add that file to the sshd config.
```
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
```
### Automation
This step is currently manual as I have few hosts that I need ssh for. The most common tool for automation would be Ansible. But this would only be useful for my RaspberyPis and I plan to migrate those to Talos and Kubernetes in the future.
## Renew Client Certificate
Sign the client cert, on your machine, with the Vault CA.
```bash
vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub
```
I added the following to my .zshrc to make this easier. So now I just run "vault-renew" before I need to ssh.
```
# Vault
export VAULT_ADDR="https://vault.alexlebens.net"
alias vault-renew='vault write -field=signed_key ssh-client-signer/sign/alexlebens public_key=@$HOME/.ssh/id_rsa_host.pub > ~/.ssh/id_rsa_host-cert.pub'
```
### View Cert Details
For troubleshooting purposes or clafification use the follow to inspect the cert.
```bash
ssh-keygen -Lf ~/.ssh/id_rsa_host-cert.pub
```