Paul Tibbetts Profile Photo

Paul Tibbetts

DevOps Engineer

Pangolin on a Pi

    Pangolin works on my IPv6 only Pi 🎉

    I’ve got some tidying up to do, then it needs a write-up.

    Pangolin on a Pi project progress

    Most things in tech play out like that scene from Malcom in the Middle, where Hal’s trying to do one thing and then he needs to do another, and another, until he’s forgotten where he started.

    Pangolin on a Pi started off as a quick little test that turned into a week long adventure.

    Pangolin

    Pangolin is an app that lets you tunnel into a private network, securely, from the outer internet. This means you can run your own apps and services at home and use Pangolin to let your friends and family connect to them.

    You can do the same thing with Cloudflare tunnels except that way Cloudflare can read everything that goes through the tunnel and they don’t want you using it for movies, so you’re not supposed to use it for Jellyfin or Plex.

    I’m not planning on using it for Jellyfin, but I like that the option’s there with Pangolin, and that it’s hosted on my own server.

    Hosting

    Except it’s not my own server, because I don’t have one of those huge internet cables like the big companies do, so I have to rent access to one from them.

    It doesn’t need to be a big server, only 1GB of RAM and 1 vCPU, which you can get for $1 per month if you go with RackNerd.

    Which is great if you live in the US, since you’re close to any one of the 6 data centres you can choose from for that offer, but I don’t, I live all the way across the pond.

    UK Hosting

    The closer this server is to where I am the better. In the UK server hosting mainly happens in London, which is close enough to me to be super fast, even if there are other places I could choose.

    Like Manchester, which is closer to me than London. I was surprised to find they had their own data centres I could host from. I could only find one company that offered it publicly though, which was ran by an American company.

    I don’t want to talk about recent events, but I don’t want to spend my money with a company that pays its taxes to a government that just bombed the country my friend’s family lives in. I’m not getting involved in any of this. I will choose a different company.

    Preferably one in the UK; as I’ve aged I’ve realised it’s up to us to keep this island afloat.

    Mythic Beasts

    A quick Reddit search led me to Mythic Beasts, an independent, privately owned company based in the UK, with lots of good reviews.

    They even had a blog, and it didn’t take long to find a post titled “Supporting the Open Rights Group”.

    Yep, that’s all I need to read, I’m hosting my server here with these beasts.

    Pi?

    Mythic Beasts have their own rack of Raspberry Pis you can rent from.

    Hosting on someone else’s computer isn’t a natural fit for the self-hosted way of doing things. But doing it on a Pi? That feels better for some reason.

    Time to do a little test…Rick & Morty quick adventure meme 1/2: Rick & Morty stand in a school hallway next to a glowing green portal, with the caption LETS GO. IN AND OUT. 20 MINUTE ADVENTURE.

    Terraform Provider?

    I could have just clicked on the website to order a Pi. Maybe I should have.

    Mythic Beasts have an API, so you can script your order and the management of the Pi, not that it needs much management. What they don’t have, which surprised me a little, is a Terraform Provider.

    A Terraform Provider is the bit that connects Terraform, an industry standard tool for writing down servers as code, to the API of the server provider.

    An ex member of staff started one using the older version of the Terraform Provider code, but they had archived it and since left the company.

    Which gave me an idea.

    I will write one!

    I was looking for a chance to practise writing Go, as well as create a project to put on my GitHub, which had gotten a little quiet recently, and now I’d found one.

    How hard could it be?

    WHY AREN’T THE DOCS ACCURATE?!

    A small gripe, if I may, is that it helps if your API documentation is accurate. The docs I was reading were mostly accurate, and I could get around whatever differences there were, but it had been a while since I’d coded against someone else’s API and I’d forgotten this happens.

    IPv6?

    Since there are no more IPv4 addresses left the Pis are IPv6 only. Mythic Beasts host proxies that let you get into the Pis from IPv4 connections, which works for websites, but Pangolin needs a different type of access.

    Newt?

    Pangolin is the website part of the project, it’s the bit the users see and is hosted on the Pi. It works by letting only the right users into the secure Wireguard tunnel that goes into your home network.

    The thing that you host at home that sets up the other side of the tunnel is called Newt. It uses Wireguard for the tunnel, and that speaks to the Pi on a particular port which isn’t proxied by Mythic Beasts.

    Another proxy?

    Maybe you could get another proxy for this, but then you’re hosting a tunnel for your tunnel.

    So no.

    IPv6!

    You don’t need a proxy if you can connect to the Pi through IPv6.

    Except I couldn’t.

    I’ve known for years that we’ve ran out of IPv4 addresses and that they’re being passed around from company to company for larger and larger amounts of money.

    Somehow IPv4 still works and we’re still using it, so I always thought I could deal with it when it became a problem.

    Like it just had.

    Rick & Morty meme 2/2: One week later I now have IPv6 working at home which means I can connect to the Pi without a proxy 🎉.

    I will write up what I did another time, this quick update is over 1,000 words already.

    The next steps are:

    • install Newt on my home server
    • connect it to the Pi
    • profit