Install Doctor Blog

Articles by the Install Doctor team and community

Integrating JumpCloud with pfSense

Acquire certificate required for connecting JumpCloud to pfSense.

JumpCloud LDAPS Certificate (goes under Certificates tab)

echo -n | openssl s_client -connect ldap.jumpcloud.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.ldap.pem

Certificate Authority (goes under CAs tab)

echo -n | openssl s_client -connect ldap.jumpcloud.com:636 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.chain.pem
Continue reading ->

Single Sign-On Authentication System

Single Sign-On (SSO) is a key feature in many enterprises. With it, you can protect all your web services by leveraging authentication methods that are already integrated into your code landscape or freely available from tech giants like Google, Microsoft, Facebook, and Twitter. Install Doctor paves the way from integrating SSO into your devices by making it incredibly easy to integrate SSO solutions like CloudFlare Teams and Ory.sh.

Coming soon..

Be sure to register for our newsletter for more details on our Single Sign-On capabilities.

Continue reading ->

Install Doctor Self-Service Portal

If you want an efficient development team, you should make it as easy as possible for your developers to develop. One way you can do this is by packaging pre-made operating systems, complete with all the bells and whistles so your developers do not have to fuss over things like adb missing from the PATH. Our Self-Service Portal addresses this issue by integrating with your cloud provider so that your team can access fully-configured environments, optimized for working with your codebase at will.

Coming soon..

Be sure to register for the newsletter to be informed about details on our Self-Service Portal.

Continue reading ->

[NSFW] How Install Doctor Came to Be (An Illustrated Story)

Persistence is key when designing any product. However, sometimes persistence, if tainted, can lead to unexplainable peculiar events. In some cases, from the perspective of a viewer of multiple timelines, these peculiar events can lead to both the birth and destruction of products like Install Doctor.

Coming soon..

Be sure to register for the newsletter to be informed about when this story is published.

Continue reading ->

The Immutable Golden Image Read-Only File System

Security experts are talking about reducing the attack footprint. The attack footprint basically boils down to all sections of 0s and 1s that are vulnerable to attack. Some people even go as far as basing their code on frameworks that have less code (like Xen with Qubes). However, regardless of how small the attack footprint is, once a successful attack is launched then your system is done. Poof. To address this, Install Doctor is introducing a new method for ensuring the integrity of parts of the attack footprint by introducing a feature that ensures the integrity of a system by storing the initial state of an operating system on a read-only file system.

Coming soon..

Be sure to subscribe to our newsletter to be informed about this simple invention.

Continue reading ->

Gas Station, the Predecessor of Install Doctor

When we began on our quest for our code-defined set of instructions to headlessly provision full workstations without having to micro-optimize settings after deployment, Ansible seemed to fit. However, we came up with a better solution.

Beginning with Ansible

Ansible is the de-facto standard for achieving what we were trying to do. This fit with our philosophy of, “choose the best software but heavily lean towards widely-accepted derivatives.” It did not hurt that it had advanced features like the ability to determine the idempotence of scripts. It also has a great testing framework called Molecule that we did quite a bit of work adding support for testing Archlinux, CentOS, Debian, Fedora, macOS, Ubuntu, and Windows all at the same time (example code here). We used Ansible for years while we slowly added more and more software to our unique stack.

Ansible Shortcomings

However, after using Ansible for awhile, Ansible’s shortcomings became apparent. For starters, you can achieve a lot more with less code using regular shell scripts. It makes things a lot more manageable when there is less code. Our original project called Gas Station included hundreds of roles and hundreds of variables used for customization. The codebase was huge!

Replacing Ansible with Chezmoi

We ended up introducing the use of Chezmoi to manage dotfiles. It includes must-have features like built-in encryption methods, templating features, and diffs for when files change. We liked it so much that we transitioned the entire project to Chezmoi by incorporating a special install-program script that makes cross-OS installtions easier. It makes the installations easier because you can define installation instructions in such a way that the user can run the command install-program android-studio on any operating system. It works by relying a software.yml software definition file and then selecting the preferred installation method based on the operating system. This made it possible to replace Ansible roles with dozens of files with single lines of code. It also made it ridiculously easy to add new pieces of software to our stack.

Chezmoi is Easier

In my opinion, Chezmoi is a lot easier to grasp. It took a few days to get the hang of, rather than weeks, even months for understanding Ansible. It, like Ansible, is wildly popular on GitHub. Another one of our philosophy’s is, “choose software with a lot of GitHub stars,” so Chezmoi seemed to fit. It is also hands-down probably the best way to manage dotfiles. Our dotfiles are a core part of our project which includes outstanding examples of feature-packed settings for Bash and ZSH sessions.

Chezmoi Encourages Bash / PowerShell Scripting

Chezmoi also allowed us to transition to the use of Bash scripts (as well as some PowerShell scripts, in the case of Windows). We still leverage Ansible in some cases though. Although, we are trying to transition away from it completely, our custom installer (install-program) supports Ansible roles as a package manager source. Ansible is a powerful framework and it is certainly important for deploying software over SSH. It might be ideal for deploying software on a group of a 100+ VPS. However, when provisioning a single device (or even a small group of them), you might want to just give bash <(curl -sSL https://install.doctor/start)> a try instead of investing the additional overhead that Ansible requires.

Ansible Roles Still Available

We plan on releasing all of our tested Ansible roles to Ansible Galaxy for public consumption but for now, if you are interested, you can check out the roles/ folder in the Gas Station project.

Continue reading ->

About the Install Doctor Blog

Our articles are written by the Install Doctor team and community. If you would like to post on our blog, you can do so by opening up a pull request against our website's repository on GitHub. There, you can also browse through our site's source code which is a modified version of the Capacitor's open-source website project. If you would like to base your next website off of this modified version of the Capacitor website that removes the Prismic dependency (among a few other features), then please join our community and ask for help.