garbash-www

archive of ~alex garbash.com page
git clone git://git.alexkarle.com.com/garbash-www
Log | Files | Refs | README | LICENSE
commit 919edaa7de8337515764875c3c724be1a1570d62 (patch)
parent ecc2e192e4c02d422c6a654ef244fb3e01d08b37
Author: alex <alex@garbash.com>
Date:   Wed, 22 Sep 2021 00:10:35 -0400

notes: Add txt notes detailing set up of each service

These may one day become part of a larger wiki, but for now I think
it's valuable and fun to share them as simple notes :)

Diffstat:

Mindex.html | 8++++----


Anotes/001-domain-name.txt | 17+++++++++++++++++


Anotes/002-install.txt | 43+++++++++++++++++++++++++++++++++++++++++++


Anotes/003-httpd.txt | 28++++++++++++++++++++++++++++


Anotes/004-mail-server.txt | 15+++++++++++++++


5 files changed, 107 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html
@@ -16,8 +16,8 @@
 
 <h2>Done:</h2>
 <ul>
-<li>HTTP(S) server</li>
-<li>Email (SPF, DKIM, etc)</li>
-<li>OpenBSD install on Linode</li>
-<li>Awesome domain name :)</li>
+<li><a href="notes/004-mail-server.txt">Email (SPF, DKIM, etc)</a></li>
+<li><a href="notes/003-httpd.txt">HTTP(S) server</a></li>
+<li><a href="notes/002-install.txt">OpenBSD install on Linode</a></li>
+<li><a href="notes/001-domain-name.txt">Awesome domain name :)</a></li>
 </ul>
diff --git a/notes/001-domain-name.txt b/notes/001-domain-name.txt
@@ -0,0 +1,17 @@
+001-domain-name -- Fri Sep 17, 2021
+
+garbash the word was all ~anthony's idea.
+
+It came out of a PR review as a self-deprecating take on his bash
+(which actually turned out to be mine).
+
+We laughed and I realized the domain was for sale, so I snagged it
+and resolved to find its purpose later.
+
+I've always wanted to be part of a tilde community, but struggle
+opening up to strangers on the internet. Starting a tilde with a
+friend, however, felt much more promising. All the ascii and none
+of the awkwardness!
+
+So here we are a week later, standing up this site. Hope you enjoy
+your stay!
diff --git a/notes/002-install.txt b/notes/002-install.txt
@@ -0,0 +1,43 @@
+002-install -- Tues Sept 21, 2021
+
+I'm a huge fan of OpenBSD. The simplicity of the system, the cohesive
+feel it has, the proactive stance on security... when we decided we'd
+set up a tilde, I knew I wanted it to be on OpenBSD.
+
+The only problem? My preferred registrar (Linode) doesn't support it!
+
+Fortunately there's a comprehensive post on the Linode forum of how to
+do it [1].
+
+It took us ~45m, the longest OpenBSD install I've had since I first
+flashed it on an old thinkpad. 40m of that was waiting for the node to
+boot and reboot, etc (we kept messing up the configuration).
+
+1. Create a New Linode (any OS will do)
+2. Once booted, shut it down
+3. Under the "Storage" tab delete the ext4 partitions
+4. Create two new disks, both "Raw" format:
+   - One labeled "install", 1GB (could do less)
+   - One labeled "os", the rest of the space
+5. Boot in "Rescue" mode
+6. In the serial console, wget the minirootXX.img
+   - Check the sha256 against the SHA256 file
+   - Check the signature using signify (on a different machine that
+     has signify)
+7. Find the install disk with `lsblk`
+8. Flash the img using: `dd if=minirootXX.img of=/dev/sdX bs=1M`
+9. In the Configurations tab, create a new one:
+   - Full Virtualization
+   - Select a Kernel > Direct Disk
+   - /dev/sda - os
+   - /dev/sdb - install
+   - boot from sdb
+10. Reboot into configuration, install OpenBSD from serial console
+11. Halt/shutdown, and change configuration to boot from sda
+12. Rejoice!
+
+In our case, our main problem was that we skipped the "Direct Disk"
+kernel step so we were booting a Linux kernel and trying to load the
+img... it panic'd every time! Took us a few boots to figure that out :)
+
+[1]: https://www.linode.com/community/questions/10329/openbsd-on-linode
diff --git a/notes/003-httpd.txt b/notes/003-httpd.txt
@@ -0,0 +1,28 @@
+003-httpd -- Tues Sept 21, 2021
+
+One of the first things I do when I set up a machine is set up
+httpd(8) and grab a HTTPS cert via acme-client(8).
+
+Here's a quick rundown (though reading the man pages is worth
+the time!).
+
+	# sed 's/example.com/garbash.com/g' \
+	    /etc/examples/httpd.conf > /etc/httpd.conf
+	# sed 's/example.com/garbash.com/g' \
+	    /etc/examples/acme-client.conf > /etc/acme-client.conf
+
+Then go in and edit the files to add aliases if needed!
+
+To get the certs for the first time:
+
+	# rcctl enable httpd
+	# rcctl start httpd
+	# acme-client -v garbash.com   # get certs
+	# rcctl reload httpd           # load certs
+
+Finally, to keep the certs up to date, add the following to the
+crontab:
+
+	# crontab -e
+	...
+	~ * * * * acme-client garbash.com && rcctl reload httpd
diff --git a/notes/004-mail-server.txt b/notes/004-mail-server.txt
@@ -0,0 +1,15 @@
+004-mail-server -- Tues Sept 21, 2021
+
+We threw this together late in our first pairing session to set
+up the site. I think having a solid email server is an important
+part of standing up a site (allows forwarding cron email to an
+inbox that's read, etc). And of course giving out email accounts
+is crucial to attract people to a tilde ;)
+
+The setup mostly followed Gilles' excellent post [1], but I replaced
+the rspamd bits with opensmtpd-filter-dkimsign, which is super
+simple to set up (see the README that comes with the installed pkg).
+
+I'll post the whole config soon once we get git hosting set up!
+
+[1]: https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/