Author: alex <firstname.lastname@example.org>
Date: Wed, 22 Sep 2021 00:10:35 -0400
notes: Add txt notes detailing set up of each service
These may one day become part of a larger wiki, but for now I think
it's valuable and fun to share them as simple notes :)
5 files changed, 107 insertions(+), 4 deletions(-)
diff --git a/index.html b/index.html
@@ -16,8 +16,8 @@
-<li>Email (SPF, DKIM, etc)</li>
-<li>OpenBSD install on Linode</li>
-<li>Awesome domain name :)</li>
+<li><a href="notes/004-mail-server.txt">Email (SPF, DKIM, etc)</a></li>
+<li><a href="notes/003-httpd.txt">HTTP(S) server</a></li>
+<li><a href="notes/002-install.txt">OpenBSD install on Linode</a></li>
+<li><a href="notes/001-domain-name.txt">Awesome domain name :)</a></li>
diff --git a/notes/001-domain-name.txt b/notes/001-domain-name.txt
@@ -0,0 +1,17 @@
+001-domain-name -- Fri Sep 17, 2021
+garbash the word was all ~anthony's idea.
+It came out of a PR review as a self-deprecating take on his bash
+(which actually turned out to be mine).
+We laughed and I realized the domain was for sale, so I snagged it
+and resolved to find its purpose later.
+I've always wanted to be part of a tilde community, but struggle
+opening up to strangers on the internet. Starting a tilde with a
+friend, however, felt much more promising. All the ascii and none
+of the awkwardness!
+So here we are a week later, standing up this site. Hope you enjoy
diff --git a/notes/002-install.txt b/notes/002-install.txt
@@ -0,0 +1,43 @@
+002-install -- Tues Sept 21, 2021
+I'm a huge fan of OpenBSD. The simplicity of the system, the cohesive
+feel it has, the proactive stance on security... when we decided we'd
+set up a tilde, I knew I wanted it to be on OpenBSD.
+The only problem? My preferred registrar (Linode) doesn't support it!
+Fortunately there's a comprehensive post on the Linode forum of how to
+do it .
+It took us ~45m, the longest OpenBSD install I've had since I first
+flashed it on an old thinkpad. 40m of that was waiting for the node to
+boot and reboot, etc (we kept messing up the configuration).
+1. Create a New Linode (any OS will do)
+2. Once booted, shut it down
+3. Under the "Storage" tab delete the ext4 partitions
+4. Create two new disks, both "Raw" format:
+ - One labeled "install", 1GB (could do less)
+ - One labeled "os", the rest of the space
+5. Boot in "Rescue" mode
+6. In the serial console, wget the minirootXX.img
+ - Check the sha256 against the SHA256 file
+ - Check the signature using signify (on a different machine that
+ has signify)
+7. Find the install disk with `lsblk`
+8. Flash the img using: `dd if=minirootXX.img of=/dev/sdX bs=1M`
+9. In the Configurations tab, create a new one:
+ - Full Virtualization
+ - Select a Kernel > Direct Disk
+ - /dev/sda - os
+ - /dev/sdb - install
+ - boot from sdb
+10. Reboot into configuration, install OpenBSD from serial console
+11. Halt/shutdown, and change configuration to boot from sda
+In our case, our main problem was that we skipped the "Direct Disk"
+kernel step so we were booting a Linux kernel and trying to load the
+img... it panic'd every time! Took us a few boots to figure that out :)
diff --git a/notes/003-httpd.txt b/notes/003-httpd.txt
@@ -0,0 +1,28 @@
+003-httpd -- Tues Sept 21, 2021
+One of the first things I do when I set up a machine is set up
+httpd(8) and grab a HTTPS cert via acme-client(8).
+Here's a quick rundown (though reading the man pages is worth
+ # sed 's/example.com/garbash.com/g' \
+ /etc/examples/httpd.conf > /etc/httpd.conf
+ # sed 's/example.com/garbash.com/g' \
+ /etc/examples/acme-client.conf > /etc/acme-client.conf
+Then go in and edit the files to add aliases if needed!
+To get the certs for the first time:
+ # rcctl enable httpd
+ # rcctl start httpd
+ # acme-client -v garbash.com # get certs
+ # rcctl reload httpd # load certs
+Finally, to keep the certs up to date, add the following to the
+ # crontab -e
+ ~ * * * * acme-client garbash.com && rcctl reload httpd
diff --git a/notes/004-mail-server.txt b/notes/004-mail-server.txt
@@ -0,0 +1,15 @@
+004-mail-server -- Tues Sept 21, 2021
+We threw this together late in our first pairing session to set
+up the site. I think having a solid email server is an important
+part of standing up a site (allows forwarding cron email to an
+inbox that's read, etc). And of course giving out email accounts
+is crucial to attract people to a tilde ;)
+The setup mostly followed Gilles' excellent post , but I replaced
+the rspamd bits with opensmtpd-filter-dkimsign, which is super
+simple to set up (see the README that comes with the installed pkg).
+I'll post the whole config soon once we get git hosting set up!