Split current documentation in multiple files

README.md

@@ -1,3 +1,36 @@
-# Niver configuration
+# Niver
 
-This repository contains configuration files required by Niver or it's dependencies.
+Niver's sources ares split between 3 repositories:
+
+* [`system`](https://code.antopie.org/Niver/system): Documentation and configuration files you'll need to setup a Niver server
+* [`niver-php`](https://code.antopie.org/Niver/niver-php): The Web interface in PHP
+* [`maniver`](https://code.antopie.org/Niver/maniver): The Rust privileged program to do root actions from niver-php
+
+## Installation
+
+Install Debian 11 (bullseye) <https://www.debian.org/>.
+
+The following steps assumes you've done the following:
+
+```
+# apt install sudo git
+# git clone https://code.antopie.org/Niver/system /root/niver-system
+```
+
+1. [ufw.md](ufw.md) UFW (optionnal, not required for a working setup)
+2. [openssh.md](openssh.md) OpenSSH
+3. [quota.md](quota.md) Quota
+4. [knot.md](knot.md) Knot DNS
+5. [tor.md](tor.md) Tor
+6. [twins.md](twins.md) Twins
+7. [nginx.md](nginx.md) Nginx
+8. [certbot.md](certbot.md) Certbot
+9. [php.md](php.md) PHP-FPM
+10. [maniver.md](maniver.md) maniver
+11. [niver-php.md](niver-php.md) niver-php
+
+## Create system users
+
+```
+# useradd -U -r -s /usr/sbin/nologin <username>
+```

certbot.md

@@ -0,0 +1,5 @@
+# Certbot
+
+```
+# apt install certbot python3-certbot-nginx
+```

gmnisrv.md

@@ -0,0 +1,52 @@
+# gmnisrv
+
+```
+# apt install git make pkg-config libssl-dev scdoc
+$ git clone https://git.sr.ht/~sircmpwn/gmnisrv # Download gmnisrv sources
+$ mkdir gmnisrv/build
+$ cd gmnisrv/build
+$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
+$ make # Build gmnisrv
+# make install # Install gmnisrv binary and manpages on the system
+# useradd -U -r -s /usr/sbin/nologin gmnisrv # Add the gmnisrv system user and group
+# vim /etc/systemd/system/gmnisrv.service
+```
+
+```
+[Unit]
+Description=Gmnisrv, a Gemini server
+After=network.target
+Wants=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/gmnisrv
+Restart=always
+User=gmnisrv
+Group=gmnisrv
+WorkingDirectory=/srv/ht
+
+[Install]
+WantedBy=multi-user.target
+```
+```
+# systemctl daemon-reload
+# mkdir -p /srv/gmi/niver.4.niv.re
+# echo "This is a testing Gemini capsule" > /srv/gmi/niver.4.niv.re/index.gmi
+# mkdir /var/lib/gemini
+# chmod -R 700 /var/lib/gemini
+# chown -R gmnisrv:gmnisrv /var/lib/gemini
+# vim /etc/gmnisrv.ini
+```
+
+```
+# Space-separated list of hosts
+listen=0.0.0.0:1965 [::]:1965
+
+[:tls]
+# Path to store certificates on disk
+store=/var/lib/gemini
+
+[niver.4.niv.re]
+root=/srv/gmi/niver.4.niv.re
+```

install.md

@@ -1,144 +0,0 @@
-# Niver setup on Debian 11 (bullseye)
-
-```
-# apt install tor knot openssh-server sudo nginx certbot python3-certbot-nginx php7.4-fpm php-sqlite3 quota
-```
-
-## Create system users
-
-```
-# useradd -U -r -s /usr/sbin/nologin <username>
-```
-
-## Twins
-
-```
-$ wget https://golang.org/dl/go1.16.7.linux-amd64.tar.gz -o go.tar.gz
-$ tar -xf go.tar.gz
-$ go/bin/go get code.rocketnine.space/tslocum/twins
-$ cp go/bin/twins /usr/local/bin/
-```
-
-## maniver
-
-Installation
-```
-# apt install gcc git
-$ git clone https://code.antopie.org/Niver/maniver && cd maniver
-$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
-$ cargo build --release
-# cp target/release/maniver /usr/local/bin/
-# chown root:php-niver /usr/local/bin/maniver
-# chmod 750 /usr/local/bin/maniver
-```
-
-Update
-```
-$ git fetch
-$ rustup update
-$ cargo update
-$ cargo build --release
-# cp target/release/maniver /usr/local/bin/
-```
-
-## gmnisrv
-
-```
-# apt install git make pkg-config libssl-dev scdoc
-$ git clone https://git.sr.ht/~sircmpwn/gmnisrv # Download gmnisrv sources
-$ mkdir gmnisrv/build
-$ cd gmnisrv/build
-$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
-$ make # Build gmnisrv
-# make install # Install gmnisrv binary and manpages on the system
-# useradd -U -r -s /usr/sbin/nologin gmnisrv # Add the gmnisrv system user and group
-# vim /etc/systemd/system/gmnisrv.service
-```
-
-```
-[Unit]
-Description=Gmnisrv, a Gemini server
-After=network.target
-Wants=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/gmnisrv
-Restart=always
-User=gmnisrv
-Group=gmnisrv
-WorkingDirectory=/srv/ht
-
-[Install]
-WantedBy=multi-user.target
-```
-```
-# systemctl daemon-reload
-# mkdir -p /srv/gmi/niver.4.niv.re
-# echo "This is a testing Gemini capsule" > /srv/gmi/niver.4.niv.re/index.gmi
-# mkdir /var/lib/gemini
-# chmod -R 700 /var/lib/gemini
-# chown -R gmnisrv:gmnisrv /var/lib/gemini
-# vim /etc/gmnisrv.ini
-```
-
-```
-# Space-separated list of hosts
-listen=0.0.0.0:1965 [::]:1965
-
-[:tls]
-# Path to store certificates on disk
-store=/var/lib/gemini
-
-[niver.4.niv.re]
-root=/srv/gmi/niver.4.niv.re
-```
-
-
-## SFTP
-
-```
-# groupadd ht
-```
-
-## Quota
-
-```
-# quotacheck -cm /
-# vim /etc/fstab
-```
-
-UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 usrquota,grpquota,errors=remount-ro 0 1
-
-## Knot DNS
-
-```
-# sudo -u knot knotc conf-init
-# sudo -u knot knotc conf-import <path to default niver knot conf>
-```
-
-## Nginx
-
-Generate a self-signed certificate for default Nginx site.
-```
-# openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
-```
-
-## Niver-PHP
-
-```
-# chown -R root:root /usr/local/share/niver
-# chmod -R u=rwX,go=rX /usr/local/share/niver
-# mkdir /etc/nginx/ht
-# chown -R php-niver:php-niver /etc/nginx/ht
-# chmod -R 775 /etc/nginx/ht
-```
-
-Increase `session.gc_maxlifetime` in /etc/php/7.4/fpm/php.ini to avoid sessions being cleared too soon.
-
-## Tor
-
-This command only exist on Debian
-```
-# tor-instance-create niver
-```

knot.md

@@ -0,0 +1,7 @@
+# Knot DNS
+
+```
+# apt install knot
+# sudo -u knot knotc conf-init
+# sudo -u knot knotc conf-import <path to default niver knot conf>
+```

maniver.md

@@ -0,0 +1,21 @@
+# maniver
+
+Installation
+```
+# apt install gcc
+$ git clone https://code.antopie.org/Niver/maniver && cd maniver
+$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
+$ cargo build --release
+# cp target/release/maniver /usr/local/bin/
+# chown root:php-niver /usr/local/bin/maniver
+# chmod 750 /usr/local/bin/maniver
+```
+
+Update
+```
+$ git fetch
+$ rustup update
+$ cargo update
+$ cargo build --release
+# cp target/release/maniver /usr/local/bin/
+```

nginx.md

@@ -0,0 +1,12 @@
+# Nginx
+
+```
+# apt install nginx libnginx-mod-http-headers-more-filter
+```
+
+`libnginx-mod-http-headers-more-filter` is required in order to make `more_set_headers` instructions work
+
+Generate a self-signed certificate for default Nginx site.
+```
+# openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
+```

niver-php.md

@@ -0,0 +1,11 @@
+# Niver-PHP
+
+```
+# chown -R root:root /usr/local/share/niver
+# chmod -R u=rwX,go=rX /usr/local/share/niver
+# mkdir /etc/nginx/ht
+# chown -R php-niver:php-niver /etc/nginx/ht
+# chmod -R 775 /etc/nginx/ht
+```
+
+Increase `session.gc_maxlifetime` in /etc/php/7.4/fpm/php.ini to avoid sessions being cleared too soon.

openssh.md

@@ -0,0 +1,6 @@
+# OpenSSH
+
+```
+# apt install openssh-server
+# groupadd ht
+```

php.md

@@ -0,0 +1,5 @@
+# PHP
+
+```
+# apt install php7.4-fpm php-sqlite3
+```

quota.md

@@ -0,0 +1,9 @@
+# Quota
+
+```
+# apt install quota
+# quotacheck -cm /
+# vim /etc/fstab
+```
+
+UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 usrquota,grpquota,errors=remount-ro 0 1

tor.md

@@ -0,0 +1,10 @@
+# Tor
+
+`tor-instance-create` is specific to Debian
+
+```
+# apt install tor
+# tor-instance-create niver
+# systemctl start tor@niver
+# systemctl enable tor@niver
+```

twins.md

@@ -0,0 +1,8 @@
+# Twins
+
+```
+$ wget https://golang.org/dl/go1.16.7.linux-amd64.tar.gz -o go.tar.gz
+$ tar -xf go.tar.gz
+$ go/bin/go get code.rocketnine.space/tslocum/twins
+$ cp go/bin/twins /usr/local/bin/
+```

ufw.md

@@ -0,0 +1,11 @@
+# Firewall
+
+```
+# apt install ufw
+# ufw allow in 22 # SSH
+# ufw allow in 53 # DNS
+# ufw allow in 80 # Display an error message for unsecure HTTP
+# ufw allow in 443 # HTTPS
+# ufw allow in 1965 # Gemini
+# ufw enable
+```