Podman on Chromebook Crostini

For the last several months I have been using a Chromebook as my primary personal machine - for gaming, development and other general computing tasks (maybe I’ll write up a review soon..) As a part of this, I’m heavily leveraging the Linux development environment that is available.

This development environment is a LXD container that runs debian (currently bullseye) with limited permissions to limit the security impact. This container works awesome for running linux apps, which for me means awesome Visual Studio Code support. One of the limitations of this container though, is that Docker does not work in the reduced permission environment, so I needed to set-up Podman (which I prefer anyway.)

Here is the process I used to get Podman up and running, allowing me to run containers that have tools for development (my test target was the PBnJ open source project.)

# Fire up your crosh shell (not linux) by hitting ctrl+alt+t and enter:

vmc start termina

# Enable security nesting with:

lxc config set penguin security.nesting=true

# Restart the lxc container:

lxc restart penguin

# Setup the gids:

lxc exec penguin -- /bin/sh -c "printf '%s\n' '1000:100000:65536' | tee /etc/subuid /etc/subgid"

# Close out with:

exit  
vmc stop termina

# Now let’s install podman with:

sudo apt get install podman

# Finally, before starting up we need to add the following config files:

/etc/containers/storage.conf
    [storage]
    driver = "btrfs"

/etc/containers/containers.conf 
    [containers] 
    keyring=false

# Update /etc/containers/registries.conf to include the following:

unqualified-search-registries = ["docker.io"]

Cloudflare Workers - Routing Made Easy

Hi, just wanted to share something cool I found while working on a side project using Cloudflare Workers. It’s called itty-router-openapi and it’s from Cloudflare themselves.

I’ve been working on a globally distributed server provisioning platform using Cloudflare’s compute (Workers) and storage (KV, R2, Durable Objects.) As part of the API portion of this work, I first rolled my own naive implementation of endpoint routing to get things off the ground. After building up the service further it, was becoming apparent that I would need a proper routing framework.

I first started working on my own framework but that quickly turned into something I really didn’t want to dig into and I (correctly) assumed that this had been solved somewhere else first. The first thing I landed on was itty-router. It’s a micro routing framework that works with Javascript and TypeScript that seemed to fit the bill perfectly for what I needed.

I started rewriting my endpoints using this framework. As I was running into issues, I started searching around for additional documentation or sites when I stumbled upon itty-router-openapi. Seeing that it was intended for use with Workers, been used in production for Cloudflare Radar and had the added support for OpenAPI, I was instantly sold.

I’ve only now started the third re-write using this new library. So far it has been going pretty good but I will try to update soon on how things are going and if I’m still using the framework.