git clone git://git.garbash.com/alex/www
Log | Files | Refs | README | LICENSE

commit 919edaa7de8337515764875c3c724be1a1570d62
parent ecc2e192e4c02d422c6a654ef244fb3e01d08b37
Author: alex <alex@garbash.com>
Date:   Wed, 22 Sep 2021 00:10:35 -0400

notes: Add txt notes detailing set up of each service

These may one day become part of a larger wiki, but for now I think
it's valuable and fun to share them as simple notes :)

Mindex.html | 8++++----
Anotes/001-domain-name.txt | 17+++++++++++++++++
Anotes/002-install.txt | 43+++++++++++++++++++++++++++++++++++++++++++
Anotes/003-httpd.txt | 28++++++++++++++++++++++++++++
Anotes/004-mail-server.txt | 15+++++++++++++++
5 files changed, 107 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html @@ -16,8 +16,8 @@ <h2>Done:</h2> <ul> -<li>HTTP(S) server</li> -<li>Email (SPF, DKIM, etc)</li> -<li>OpenBSD install on Linode</li> -<li>Awesome domain name :)</li> +<li><a href="notes/004-mail-server.txt">Email (SPF, DKIM, etc)</a></li> +<li><a href="notes/003-httpd.txt">HTTP(S) server</a></li> +<li><a href="notes/002-install.txt">OpenBSD install on Linode</a></li> +<li><a href="notes/001-domain-name.txt">Awesome domain name :)</a></li> </ul> diff --git a/notes/001-domain-name.txt b/notes/001-domain-name.txt @@ -0,0 +1,17 @@ +001-domain-name -- Fri Sep 17, 2021 + +garbash the word was all ~anthony's idea. + +It came out of a PR review as a self-deprecating take on his bash +(which actually turned out to be mine). + +We laughed and I realized the domain was for sale, so I snagged it +and resolved to find its purpose later. + +I've always wanted to be part of a tilde community, but struggle +opening up to strangers on the internet. Starting a tilde with a +friend, however, felt much more promising. All the ascii and none +of the awkwardness! + +So here we are a week later, standing up this site. Hope you enjoy +your stay! diff --git a/notes/002-install.txt b/notes/002-install.txt @@ -0,0 +1,43 @@ +002-install -- Tues Sept 21, 2021 + +I'm a huge fan of OpenBSD. The simplicity of the system, the cohesive +feel it has, the proactive stance on security... when we decided we'd +set up a tilde, I knew I wanted it to be on OpenBSD. + +The only problem? My preferred registrar (Linode) doesn't support it! + +Fortunately there's a comprehensive post on the Linode forum of how to +do it [1]. + +It took us ~45m, the longest OpenBSD install I've had since I first +flashed it on an old thinkpad. 40m of that was waiting for the node to +boot and reboot, etc (we kept messing up the configuration). + +1. Create a New Linode (any OS will do) +2. Once booted, shut it down +3. Under the "Storage" tab delete the ext4 partitions +4. Create two new disks, both "Raw" format: + - One labeled "install", 1GB (could do less) + - One labeled "os", the rest of the space +5. Boot in "Rescue" mode +6. In the serial console, wget the minirootXX.img + - Check the sha256 against the SHA256 file + - Check the signature using signify (on a different machine that + has signify) +7. Find the install disk with `lsblk` +8. Flash the img using: `dd if=minirootXX.img of=/dev/sdX bs=1M` +9. In the Configurations tab, create a new one: + - Full Virtualization + - Select a Kernel > Direct Disk + - /dev/sda - os + - /dev/sdb - install + - boot from sdb +10. Reboot into configuration, install OpenBSD from serial console +11. Halt/shutdown, and change configuration to boot from sda +12. Rejoice! + +In our case, our main problem was that we skipped the "Direct Disk" +kernel step so we were booting a Linux kernel and trying to load the +img... it panic'd every time! Took us a few boots to figure that out :) + +[1]: https://www.linode.com/community/questions/10329/openbsd-on-linode diff --git a/notes/003-httpd.txt b/notes/003-httpd.txt @@ -0,0 +1,28 @@ +003-httpd -- Tues Sept 21, 2021 + +One of the first things I do when I set up a machine is set up +httpd(8) and grab a HTTPS cert via acme-client(8). + +Here's a quick rundown (though reading the man pages is worth +the time!). + + # sed 's/example.com/garbash.com/g' \ + /etc/examples/httpd.conf > /etc/httpd.conf + # sed 's/example.com/garbash.com/g' \ + /etc/examples/acme-client.conf > /etc/acme-client.conf + +Then go in and edit the files to add aliases if needed! + +To get the certs for the first time: + + # rcctl enable httpd + # rcctl start httpd + # acme-client -v garbash.com # get certs + # rcctl reload httpd # load certs + +Finally, to keep the certs up to date, add the following to the +crontab: + + # crontab -e + ... + ~ * * * * acme-client garbash.com && rcctl reload httpd diff --git a/notes/004-mail-server.txt b/notes/004-mail-server.txt @@ -0,0 +1,15 @@ +004-mail-server -- Tues Sept 21, 2021 + +We threw this together late in our first pairing session to set +up the site. I think having a solid email server is an important +part of standing up a site (allows forwarding cron email to an +inbox that's read, etc). And of course giving out email accounts +is crucial to attract people to a tilde ;) + +The setup mostly followed Gilles' excellent post [1], but I replaced +the rspamd bits with opensmtpd-filter-dkimsign, which is super +simple to set up (see the README that comes with the installed pkg). + +I'll post the whole config soon once we get git hosting set up! + +[1]: https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/