feat: Add more findings to the firefly install

Add more content to firefly post.
Also deleted road to k8s as I have no intention to pursue that project
any longer.

2 files changed, 68 insertions, 110 deletions

diff --git a/content/posts/2020-07-13-k8s.md b/content/posts/2020-07-13-k8s.md
deleted file mode 100644
index 8b706c1..0000000
--- a/content/posts/2020-07-13-k8s.md
+++ /dev/null
@@ -1,79 +0,0 @@
----
-title: "Road to local k8s"
-date: 2020-07-13
-tags: ['kubernetes', 'linux', 'fedora']
----
-
-# Goal
-
-The goal is to deploy kubernetes on my local networks, and keep everything as
-reproducible as possible.
-
-# Stack
-
-I\'ll use Fedora Core OS, Matchbox and Terraform [^1], a match the requirements
-for Tectonic [^2]
-
-## Steps
-
--   Network Setup DHCP/TFTP/DNS [^3]
--   Matchbox [^4]
--   PXE network boot environment
--   Terraform Tectonic [^5]
-
-## Network Setup DHCP/TFTP/DNS
-
-First learning the basics again:
-
--   <https://linuxhint.com/install_dhcp_server_ubuntu/>
--   <https://www.youtube.com/watch?v=XQ3T14SIlV4>
-
-To check open ports
-
-```shell
-lsof -Pni | grep LISTEN
-```
-
-Run the provided [^6] image with `dnsmasq` and PXE toolkit
-
-``` {.bash org-language="sh"}
-docker run --rm --cap-add=NET_ADMIN --net=host quay.io/coreos/dnsmasq \
-  -d -q \
-  --dhcp-range=192.168.1.3,192.168.1.254 \
-  --enable-tftp --tftp-root=/var/lib/tftpboot \
-  --dhcp-match=set:bios,option:client-arch,0 \
-  --dhcp-boot=tag:bios,undionly.kpxe \
-  --dhcp-match=set:efi32,option:client-arch,6 \
-  --dhcp-boot=tag:efi32,ipxe.efi \
-  --dhcp-match=set:efibc,option:client-arch,7 \
-  --dhcp-boot=tag:efibc,ipxe.efi \
-  --dhcp-match=set:efi64,option:client-arch,9 \
-  --dhcp-boot=tag:efi64,ipxe.efi \
-  --dhcp-userclass=set:ipxe,iPXE \
-  --dhcp-boot=tag:ipxe,http://matchbox.example.com:8080/boot.ipxe \
-  --address=/matchbox.example/192.168.1.2 \
-  --log-queries \
-  --log-dhcp
-```
-
-## Matchbox
-
-## PXE network boot environment
-
-## Terraform Tectonic
-
-------------------------------------------------------------------------
-
-# Links
-
-[^1]: <https://coreos.com/tectonic/docs/latest/install/bare-metal/metal-terraform.html>
-
-[^2]: <https://coreos.com/tectonic/docs/latest/install/bare-metal/requirements.html>
-
-[^3]: <https://coreos.com/matchbox/docs/latest/network-setup.html>
-
-[^4]: <https://coreos.com/matchbox/docs/latest/deployment.html>
-
-[^5]: <https://coreos.com/tectonic/releases/>
-
-[^6]: <https://github.com/poseidon/matchbox/tree/v0.7.0/contrib/dnsmasq>
diff --git a/content/posts/2022-07-18-firefly-install.md b/content/posts/2022-07-18-firefly-install.md
index 6c7a649..2381660 100644
--- a/content/posts/2022-07-18-firefly-install.md
+++ b/content/posts/2022-07-18-firefly-install.md
@@ -15,7 +15,8 @@ kept without containers, and first candidate being Firefly[^1]. I have it
 currently running on container but let's install in a distribution.
 
 For the distro of choice I'll pick alpine, for its small footprint and the use
-of OpenRC (nothing against systemd though).
+of OpenRC (nothing against systemd though), and it will help me later to better
+understand how to properly setup an alpine image on container environment.
 
 *I don't want to extend this tutorial to cover every single part, so for the
 next steps I'll assume that you have a running instance of PostgreSQL and
@@ -24,7 +25,7 @@ Alpine.*
 ## Dependencies
 
 First we need to install all the necessary packages to get firefly running.
-Let's go through them and check are they are used for.
+Let's go through them and check what they are used for.
 
 ```shell
 apk add curl tar gzip
@@ -38,9 +39,10 @@ apk add composer
 ```
 
  Composer is a dependency manager for PHP. It is required to download the
- dependencies of the project.
+ dependencies of the project, as the source code from tar ball does have all its
+ dependencies included.
 
- Now we need to download the list of dependencies list in the site[^2].
+ Now we need to download the dependencies listed in the site[^2].
 
 ```
  Extra packages
@@ -56,7 +58,7 @@ apk add composer
     PHP whatever database you're gonna use.
 ```
 
-For those we have the following alpine packages:
+And for those I could gather the following alpine packages:
 
 ```shell
 apk add \
@@ -71,9 +73,9 @@ apk add \
     php8-pgsql
 ```
 
-But that is not everything, I don't know if I lack knowledge in the PHP stack
-but the application will later complain about a lot of missing dependencies,
-those being:
+But that is not everything. I don't know if I lack knowledge in the PHP stack
+but the application will later complain about some other missing dependencies.
+Those being:
 
 ```shell
 apk add \
@@ -89,8 +91,8 @@ apk add \
 ```
 
 A tip that may as well help you later. Some of those not listed packages are
-described in the their project for the docker image[^3] and its base image[^4].
-It can also help with describing the necessary steps.
+described in their docker repository[^3] and its base image[^4]. It can also
+help with describing some other necessary steps.
 
 As the next step we need to install the pieces of software that will actually
 run the project:
@@ -129,7 +131,7 @@ cd /var/www/firefly
 composer install --prefer-dist --no-dev --no-scripts
 ```
 
-## Config files
+## Configurations
 
 ### Firefly
 
@@ -155,14 +157,14 @@ To generate a random key just run:
 head /dev/urandom | LC_ALL=C tr -dc 'A-Za-z0-9' | head -c 32 && echo
 ```
 
-Once you have set it up we need to bootstrap the project:
+Once you have set it up we need to bootstrap the project. First we need to
+update the cached configuration.
 
 ```shell
 php artisan config:cache
 ```
 
-To update the cached configuration. If everything is setup properly the process
-finish successfully.
+Second we need to migrate and seed the database:
 
 ```shell
 php artisan firefly-iii:create-database
@@ -170,26 +172,28 @@ php artisan migrate:refresh --seed
 php artisan firefly-iii:upgrade-database
 ```
 
-To bootstrap the database.
+If everything is setup properly the processes finish successfully.
+
 
 ### Permission
 
 Now comes the part where we should be careful. So far we (or at least I) have
-been setting up everything as root but that is not ideal. We want to restrict as
-much as possibly permission to the processes, it should only see do what it
-meant to. So to minimize the effect of the process we will make it run as a user
-with almost no permission, and for purpose we will create a `www-data` user.
-Quite often that user is already create if not run the following command:
+been setting up everything as root but that is not ideal. Usually we want to
+restrict as much as possible the permissions of processes, it should only see do
+what it meant to. So to minimize the area of effect of the process we will make
+it run as a user with almost no permission, and for purpose of running the
+php-fpm we will create a `www-data` user. Quite often that user is already
+created and if it is not, run the following command:
 
 ```shell
 adduser www-data --disabled-password
 ```
 
 Add `--ingroup www-data` if it complains if the groups exists.
-`--disabled-password` so we don't allow login with password, because it is not
-meant to be logged with.
+`--disabled-password` is given so we don't allow login with password, because it
+is not meant to be logged with.
 
-Once the user is created we need to change the which user the process runs one.
+Once the user is created we need to change the which user the process runs on.
 By default it uses a `nobody` which is a user with no permission except those
 which every other user has. Update the user given in the
 `/etc/php8/php-fpm.d/www.conf` file.
@@ -221,13 +225,13 @@ chown -R www-data:www-data /var/www/
 
 ### Nginx
 
-We will need to edit the nginx config file to find and run the project, add
-the following server inside of `/etc/nginx/http.d/`, by default nginx will read
-all `.config` inside of that folder. Just like the www folder this is more a
-personal choice, you have some room to choose where you want to config this
-server.
+We will need to edit the nginx config file to find and run the project. Add the
+following server inside of `/etc/nginx/http.d/`, by default nginx will read all
+`.conf` inside of that folder. Just like the www folder this is more of a
+personal choice, you have some room to choose where you want to store the config
+file.
 
-```shell
+```nginx
 # /etc/nginx/http.d/firefly.conf
 
 server {
@@ -277,12 +281,45 @@ nicely return the error.
 
 ```ini
 # /var/wwww/firefly/.env
-# ...
-
 APP_DEBUG=true
 APP_LOG_LEVEL=debug
 ```
 
+## Bonus config with socket
+
+Another thing to look at is where php-fpm is running the service. I think by
+default on alpine it runs on `http://127.0.0.1:9000` but it can also be running
+on a socket, check the `www.conf` file for the `listen` property:
+
+Config for http
+```
+listen = 127.0.0.1:9000
+```
+
+Config for socket
+```
+listen = /run/php-fpm8/fpm.sock
+```
+
+If you want you can set it up to run on socket. You will need to change two
+things. First, update the www.conf file to run the process on a socket, and to
+change the owner of the socket file. This is important so later nginx is capable
+of reading/writing the file. On the `/etc/php8/php-fpm.d/www.conf` update it:
+
+```shell
+listen = /run/php-fpm8/fpm.sock
+listen.owner = nginx
+listen.group = nginx
+listen.mode = 0660
+```
+
+Second, change the nginx to connect to socket instead of an tcp connection,
+update the following property:
+
+```nginx
+fastcgi_pass unix:/run/php-fpm8/fpm.sock;
+```
+
 [^1]: https://www.firefly-iii.org/
 [^2]: https://docs.firefly-iii.org/firefly-iii/installation/self_hosted/?mtm_campaign=docu-internal&mtm_kwd=self_hosted
 [^3]: https://dev.azure.com/Firefly-III/_git/MainImage