# [ServNest](https://servnest.niv.re/) setup with Compose ## Use with Podman ### Preparation Set the following in `~/.config/containers/containers.conf` (or `/etc/containers/containers.conf`): ```toml [containers] no_hosts=true ``` ```shell ./reset.sh # (re)initialize data cp data/reg/servnest.test.zone.default data/reg/servnest.test.zone cp data/reg/test.servnest.test.zone.default data/reg/test.servnest.test.zone ./upstream.sh # download and verify upstream software git clone https://code.antopie.org/servnest/sernvest/ core sqlite3 core/db/servnest.db < core/db/schema.sql echo "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';" | sqlite3 core/db/servnest.db msgfmt core/locales/fr/C/LC_MESSAGES/messages.po -o core/locales/fr/C/LC_MESSAGES/messages.mo cp core/config.template.ini core/config.ini mkdir data/ht/uri/ht.servnest.test ./permissions.sh ``` ### Build Add `--no-cache` after `build` to update packages. ```shell # build base images podman-compose -f compose.yaml -f base.yaml build alpine podman-compose -f compose.yaml -f base.yaml build php # build every other service images podman-compose build ``` ### TLS certificates ```shell podman-compose run -u root core certbot register podman-compose run -u root core certbot register --test-cert podman-compose run -u root core cat /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/regr.json podman-compose run -u root core find /etc/letsencrypt/accounts/ -name regr.json -exec cat {} \; # Set CAA records for servnest.test and ht.servnest.test podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest.ini" -d "servnest.test" podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest.ini" -d "ht.servnest.test" podman-compose exec -u root core certbot certonly --config "/etc/letsencrypt/servnest-dns.ini" -d "*.ht.servnest.test" --cert-name "*.ht.servnest.test" # Update certificates paths in conf/nginx/ ``` ### Run Optionally, to enable the `knot-secondary` service, uncomment `notify:` lines in `knot.conf`, then: ```shell podman-compose --profile=secondary up knot knot-secondary # generate QUIC keys ./setup-xoq.sh # setup mutual XFR over QUIC ``` ```shell podman-compose --podman-run-args="--replace" up --detach # start containers podman-compose logs # get logs ``` ### Test ```shell podman-compose exec core sh -c 'php$PHP_VERSION /srv/servnest/core/jobs/check.php' ``` #### Test without public IP Before running `check.php`: - Set [`local_only_check`](https://servnest.niv.re/back/configuration#local_only_check) to `false` in `config.ini`. - Add the following configuration to `/etc/hosts` on the host system: ``` ::1 servnest.test ::1 ht.servnest.test ::1 sftp.servnest.test ``` - For `ht`, the subdomain and dedicated site tests will fail anyway. ### Bugs When running `up`, the only expected error messages are: > [sftpgo] | WRN provider initialized but data loading failed: stat sftpgo.db: no such file or directory > [tor] | [warn] You are running Tor as root. You don't need to, and you probably shouldn't. Podman Compose 1.2.0 randomly fails to start some services (see [issue 921](https://github.com/containers/podman-compose/issues/921)). The workaround is to retry multiple times. ### Delete old images ```shell podman images prune ``` ### Reset ```shell podman container rm --all podman image rm --all podman rm $(podman container list --external -q) docker rm $(docker ps -qa) docker image rm -f $(docker image list -q) ``` ## Use with rootless Docker ```shell export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock ``` Then use the instructions for Podman but replace `podman` with `docker` in command names. ## License This project is published under the Cooperative Nonviolent Public License No Attributions, version 7 or any later version (CNPL-NAv7+), as found in [`LICENSE.md`](LICENSE.md) or at .