servnest
/
system
Archived
1
0
Fork 0

Split current documentation in multiple files

This commit is contained in:
Miraty 2021-08-29 21:18:03 +02:00
parent d0e18be3d1
commit 14ca097799
34 changed files with 192 additions and 146 deletions

View File

@ -1,3 +1,36 @@
# Niver configuration
# Niver
This repository contains configuration files required by Niver or it's dependencies.
Niver's sources ares split between 3 repositories:
* [`system`](https://code.antopie.org/Niver/system): Documentation and configuration files you'll need to setup a Niver server
* [`niver-php`](https://code.antopie.org/Niver/niver-php): The Web interface in PHP
* [`maniver`](https://code.antopie.org/Niver/maniver): The Rust privileged program to do root actions from niver-php
## Installation
Install Debian 11 (bullseye) <https://www.debian.org/>.
The following steps assumes you've done the following:
```
# apt install sudo git
# git clone https://code.antopie.org/Niver/system /root/niver-system
```
1. [ufw.md](ufw.md) UFW (optionnal, not required for a working setup)
2. [openssh.md](openssh.md) OpenSSH
3. [quota.md](quota.md) Quota
4. [knot.md](knot.md) Knot DNS
5. [tor.md](tor.md) Tor
6. [twins.md](twins.md) Twins
7. [nginx.md](nginx.md) Nginx
8. [certbot.md](certbot.md) Certbot
9. [php.md](php.md) PHP-FPM
10. [maniver.md](maniver.md) maniver
11. [niver-php.md](niver-php.md) niver-php
## Create system users
```
# useradd -U -r -s /usr/sbin/nologin <username>
```

5
certbot.md Normal file
View File

@ -0,0 +1,5 @@
# Certbot
```
# apt install certbot python3-certbot-nginx
```

52
gmnisrv.md Normal file
View File

@ -0,0 +1,52 @@
# gmnisrv
```
# apt install git make pkg-config libssl-dev scdoc
$ git clone https://git.sr.ht/~sircmpwn/gmnisrv # Download gmnisrv sources
$ mkdir gmnisrv/build
$ cd gmnisrv/build
$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
$ make # Build gmnisrv
# make install # Install gmnisrv binary and manpages on the system
# useradd -U -r -s /usr/sbin/nologin gmnisrv # Add the gmnisrv system user and group
# vim /etc/systemd/system/gmnisrv.service
```
```
[Unit]
Description=Gmnisrv, a Gemini server
After=network.target
Wants=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/gmnisrv
Restart=always
User=gmnisrv
Group=gmnisrv
WorkingDirectory=/srv/ht
[Install]
WantedBy=multi-user.target
```
```
# systemctl daemon-reload
# mkdir -p /srv/gmi/niver.4.niv.re
# echo "This is a testing Gemini capsule" > /srv/gmi/niver.4.niv.re/index.gmi
# mkdir /var/lib/gemini
# chmod -R 700 /var/lib/gemini
# chown -R gmnisrv:gmnisrv /var/lib/gemini
# vim /etc/gmnisrv.ini
```
```
# Space-separated list of hosts
listen=0.0.0.0:1965 [::]:1965
[:tls]
# Path to store certificates on disk
store=/var/lib/gemini
[niver.4.niv.re]
root=/srv/gmi/niver.4.niv.re
```

View File

@ -1,144 +0,0 @@
# Niver setup on Debian 11 (bullseye)
```
# apt install tor knot openssh-server sudo nginx certbot python3-certbot-nginx php7.4-fpm php-sqlite3 quota
```
## Create system users
```
# useradd -U -r -s /usr/sbin/nologin <username>
```
## Twins
```
$ wget https://golang.org/dl/go1.16.7.linux-amd64.tar.gz -o go.tar.gz
$ tar -xf go.tar.gz
$ go/bin/go get code.rocketnine.space/tslocum/twins
$ cp go/bin/twins /usr/local/bin/
```
## maniver
Installation
```
# apt install gcc git
$ git clone https://code.antopie.org/Niver/maniver && cd maniver
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
# chown root:php-niver /usr/local/bin/maniver
# chmod 750 /usr/local/bin/maniver
```
Update
```
$ git fetch
$ rustup update
$ cargo update
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
```
## gmnisrv
```
# apt install git make pkg-config libssl-dev scdoc
$ git clone https://git.sr.ht/~sircmpwn/gmnisrv # Download gmnisrv sources
$ mkdir gmnisrv/build
$ cd gmnisrv/build
$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
$ make # Build gmnisrv
# make install # Install gmnisrv binary and manpages on the system
# useradd -U -r -s /usr/sbin/nologin gmnisrv # Add the gmnisrv system user and group
# vim /etc/systemd/system/gmnisrv.service
```
```
[Unit]
Description=Gmnisrv, a Gemini server
After=network.target
Wants=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/gmnisrv
Restart=always
User=gmnisrv
Group=gmnisrv
WorkingDirectory=/srv/ht
[Install]
WantedBy=multi-user.target
```
```
# systemctl daemon-reload
# mkdir -p /srv/gmi/niver.4.niv.re
# echo "This is a testing Gemini capsule" > /srv/gmi/niver.4.niv.re/index.gmi
# mkdir /var/lib/gemini
# chmod -R 700 /var/lib/gemini
# chown -R gmnisrv:gmnisrv /var/lib/gemini
# vim /etc/gmnisrv.ini
```
```
# Space-separated list of hosts
listen=0.0.0.0:1965 [::]:1965
[:tls]
# Path to store certificates on disk
store=/var/lib/gemini
[niver.4.niv.re]
root=/srv/gmi/niver.4.niv.re
```
## SFTP
```
# groupadd ht
```
## Quota
```
# quotacheck -cm /
# vim /etc/fstab
```
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 usrquota,grpquota,errors=remount-ro 0 1
## Knot DNS
```
# sudo -u knot knotc conf-init
# sudo -u knot knotc conf-import <path to default niver knot conf>
```
## Nginx
Generate a self-signed certificate for default Nginx site.
```
# openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
```
## Niver-PHP
```
# chown -R root:root /usr/local/share/niver
# chmod -R u=rwX,go=rX /usr/local/share/niver
# mkdir /etc/nginx/ht
# chown -R php-niver:php-niver /etc/nginx/ht
# chmod -R 775 /etc/nginx/ht
```
Increase `session.gc_maxlifetime` in /etc/php/7.4/fpm/php.ini to avoid sessions being cleared too soon.
## Tor
This command only exist on Debian
```
# tor-instance-create niver
```

7
knot.md Normal file
View File

@ -0,0 +1,7 @@
# Knot DNS
```
# apt install knot
# sudo -u knot knotc conf-init
# sudo -u knot knotc conf-import <path to default niver knot conf>
```

21
maniver.md Normal file
View File

@ -0,0 +1,21 @@
# maniver
Installation
```
# apt install gcc
$ git clone https://code.antopie.org/Niver/maniver && cd maniver
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
# chown root:php-niver /usr/local/bin/maniver
# chmod 750 /usr/local/bin/maniver
```
Update
```
$ git fetch
$ rustup update
$ cargo update
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
```

12
nginx.md Normal file
View File

@ -0,0 +1,12 @@
# Nginx
```
# apt install nginx libnginx-mod-http-headers-more-filter
```
`libnginx-mod-http-headers-more-filter` is required in order to make `more_set_headers` instructions work
Generate a self-signed certificate for default Nginx site.
```
# openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
```

11
niver-php.md Normal file
View File

@ -0,0 +1,11 @@
# Niver-PHP
```
# chown -R root:root /usr/local/share/niver
# chmod -R u=rwX,go=rX /usr/local/share/niver
# mkdir /etc/nginx/ht
# chown -R php-niver:php-niver /etc/nginx/ht
# chmod -R 775 /etc/nginx/ht
```
Increase `session.gc_maxlifetime` in /etc/php/7.4/fpm/php.ini to avoid sessions being cleared too soon.

6
openssh.md Normal file
View File

@ -0,0 +1,6 @@
# OpenSSH
```
# apt install openssh-server
# groupadd ht
```

5
php.md Normal file
View File

@ -0,0 +1,5 @@
# PHP
```
# apt install php7.4-fpm php-sqlite3
```

9
quota.md Normal file
View File

@ -0,0 +1,9 @@
# Quota
```
# apt install quota
# quotacheck -cm /
# vim /etc/fstab
```
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 usrquota,grpquota,errors=remount-ro 0 1

10
tor.md Normal file
View File

@ -0,0 +1,10 @@
# Tor
`tor-instance-create` is specific to Debian
```
# apt install tor
# tor-instance-create niver
# systemctl start tor@niver
# systemctl enable tor@niver
```

8
twins.md Normal file
View File

@ -0,0 +1,8 @@
# Twins
```
$ wget https://golang.org/dl/go1.16.7.linux-amd64.tar.gz -o go.tar.gz
$ tar -xf go.tar.gz
$ go/bin/go get code.rocketnine.space/tslocum/twins
$ cp go/bin/twins /usr/local/bin/
```

11
ufw.md Normal file
View File

@ -0,0 +1,11 @@
# Firewall
```
# apt install ufw
# ufw allow in 22 # SSH
# ufw allow in 53 # DNS
# ufw allow in 80 # Display an error message for unsecure HTTP
# ufw allow in 443 # HTTPS
# ufw allow in 1965 # Gemini
# ufw enable
```