updated wiki on how to make server

3 files changed, 320 insertions, 0 deletions

diff --git a/docs/server/cgit.md b/docs/server/cgit.md
new file mode 100644
index 0000000..72db5ed
--- /dev/null
+++ b/docs/server/cgit.md
@@ -0,0 +1,141 @@
+# Cgit with gitolite and caddy
+
+## Setup
+
+Install dependencies.
+
+	# apt install cgit python-is-python3 python3-pygments python3-markdown docutils-common groff perl
+
+Make a git user.
+
+	sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
+
+Allow ssh passwordless login.
+
+	usermod -p '*' username
+	
+## Gitolite
+
+Install the [gitolite](https://gitolite.com/gitolite/install.html) package from the repository directly.
+
+### Configuration with cgit
+
+Configuration of gitolite is done by modifying `$HOME/.gitolite.rc`.
+
+To work correctly with cgit, gitweb and cgit configuration options need to work with gitolite.
+
+Change:
+
+	GIT_CONFIG_KEYS  =>  '',
+	
+To:
+
+	GIT_CONFIG_KEYS  =>  '.*',
+
+To have permissions work correctly,
+
+Change:
+
+	UMASK  =>  0077,
+	
+To:
+
+	UMASK  =>  0027,
+	
+In the `ENABLE` field, add gitweb and cgit to the list.
+
+### Usage
+
+Detailed usage of gitolite can be found [here](https://gitolite.com/gitolite/basic-admin.html)
+
+### Repository ignore
+
+After cgit is configured, cgit can be told to ignore a repo with this syntax.
+
+	repo gitolite-admin
+		config cgit.ignore=1
+
+### Adding Hooks to gitolite
+
+This [page](https://gitolite.com/gitolite/cookbook#adding-other-non-update-hooks) details how to add hooks to your repositories.
+
+Example hook that updates a website every git push. Make sure this directory is owned by git.
+
+	#!/bin/sh
+	GIT_WORK_TREE=/desired/website/directory git checkout -f
+	
+	
+## Cgit
+
+### Running cgit with caddy
+
+Install the [fcgiwrap](https://packages.debian.org/bookworm/fcgiwrap) package.
+
+Create a systemd service that wraps cgit with FastCGI.
+
+	# systemctl edit --full --force cgit.service
+	
+<!-- tsk -->
+
+	[Unit]
+	Description=CGI web interface to the Git SCM
+	After=network.target
+	
+	[Service]
+	Type=exec
+	ExecStart=fcgiwrap -f -p "/usr/lib/cgit/cgit.cgi" -s tcp:127.0.0.1:8999
+	
+	[Install]
+	WantedBy=multi-user.target
+	
+<!-- tsk -->
+
+	# systemctl start cgit
+	
+Add cgit configuration to caddy.
+
+	git.joshuayun.com {
+        	handle_path /cgit-css/* {
+        	        root * /usr/share/cgit/
+        	        file_server
+        	}
+
+        	handle {
+        	        reverse_proxy localhost:8999 {
+        	                transport fastcgi {
+        	                        env DOCUMENT_ROOT /usr/lib/cgit/
+        	                        env SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi
+        	                }
+        	        }
+        	}
+	}
+
+
+## Cgit configuration
+
+More detailed documentation can be found on the cgitrc(5) [manual](https://linux.die.net/man/5/cgitrc).
+
+enable-git-config is used to allow for gitweb.* configurations in gitolite, e.g. description, owner.
+
+
+	enable-git-config=1
+
+project-list sets where cgit looks for projects, this list is the one updated by gitolite
+
+	project-list=/home/git/projects.list
+	
+scan-path sets where the actual git repositories live
+
+	scan-path=/home/git/repositories
+
+## References
+
+[SixFoisNeuf](https://www.sixfoisneuf.fr/posts/setting-up-cgit-with-caddy2/) Used this blog to run cgit using fcgiwrap rather than a caddy plugin. The entire cgit with caddy section was using his work.
+
+[Mateja Maric](https://matejamaric.com/blog/git-server/) Used this blog to help configure cgitrc, gitolite.rc
+
+[Luke Hsiao](https://luke.hsiao.dev/blog/cgit-caddy-gitolite/) Used the git user creation command from this blog.
+
+[Omar Polo (yumh)](https://www.omarpolo.com/post/cgit-gitolite.html) Used this blog to help configure cgitrc for hidden repos.
+
+[Bryan Brattlof](https://bryanbrattlof.com/cgit-nginx-gitolite-a-personal-git-server/) Not much used here, kept as reference.
diff --git a/docs/server/ddns.md b/docs/server/ddns.md
new file mode 100644
index 0000000..f81f5d7
--- /dev/null
+++ b/docs/server/ddns.md
@@ -0,0 +1,49 @@
+# DDNS Setup
+
+## Porkbun API
+
+Follow this [porkbun](https://kb.porkbun.com/article/190-getting-started-with-the-porkbun-api) guide on enabling the api for your domain.
+
+## ddns-updater
+
+[ddns-updater](https://github.com/qdm12/ddns-updater) is the program used to update Porkbun's A record of your domain.
+
+### Docker install
+
+Install the [docker](https://docs.docker.com/engine/install/debian/) package from official docker repositories.
+
+### Setup
+
+Create a directory with config.json inside, and make sure that its owner has a uid of 1000.
+
+	mkdir data
+	touch data/config.json
+	# Owned by user ID of Docker container (1000)
+	chown -R 1000 data
+	# all access (for creating json database file data/updates.json)
+	chmod 700 data
+	# read access only
+	chmod 400 data/config.json
+
+Configuration for porkbun in config.json
+
+	{
+	  "settings": [
+	    {
+	      "provider": "porkbun",
+	      "domain": "domain.com",
+	      "host": "@",
+	      "api_key": "PORKBUN SECRET KEY",
+	      "secret_api_key": "PORKBUN API KEY",
+	      "ip_version": "ipv4"
+	    }
+	  ]
+	}
+	
+Optional `"ttl"` paramter specifing A record TTL not included.
+
+### Usage
+	docker run -d -p 8000:8000/tcp -v "$(pwd)"/data:/updater/data qmcgaw/ddns-updater
+	
+This will start a docker container that will start updating the DNS records.
+Status updates can be seen in a web server by going to localhost:8000.
diff --git a/docs/server/server.md b/docs/server/server.md
new file mode 100644
index 0000000..a5381f4
--- /dev/null
+++ b/docs/server/server.md
@@ -0,0 +1,130 @@
+# Homelab Server Setup
+
+This page describes how I setup my personal webserver
+
+I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support
+
+## Linux Distribution Used
+
+Debian 12 Bookworm.
+
+Update the system.
+
+	# apt update
+	# apt upgrade
+
+## SSH
+
+Generate ssh keys
+
+	ssh-keygen -t [keytype]
+
+Add ssh keys to `~/.ssh/authorized_keys`
+
+	ssh-copy-id -i /path/to/pubkey [user@]machine
+
+### Optional security enhancements
+
+Change the port in `/etc/sshd_config` to a nonstandard port to harden security.
+
+	Port 1234
+
+Disable password login in `/etc/sshd_config/`
+
+	PubkeyAuthentication yes
+	ChallengeResponseAuthentication no
+	PasswordAuthentication no
+	KbdInteractiveAuthentication no
+	UsePAM no
+
+Disable XForwarding
+
+	X11Forwarding no
+
+Disable remote root login
+
+	PermitRootLogin no
+
+## DDNS
+
+Setup [Dyanmic DNS (ddns) with Porkbun and ddns-updater](ddns.md).
+
+## Caddy
+
+Install the [Caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) package from Caddy directly.
+
+## Cgit & gitolite
+
+Setup [cgit with gitolite and caddy](cgit.md).
+
+## Radicale
+
+Install the [Radicale](https://packages.debian.org/bookworm/radicale) package.
+
+Start the Radicale service.
+
+	systemctl enable radicale.service
+	systemctl start radicale.service
+
+Generate secure passwords using htpasswd.
+
+	# Create a new htpasswd file with the user "user1"
+	$ htpasswd -c /path/to/users user1
+	New password:
+	Re-type new password:
+	# Add another user
+	$ htpasswd /path/to/users user2
+	New password:
+	Re-type new password:
+
+Edit configuration to add users
+
+	[auth]
+	type = htpasswd
+	htpasswd_filename = /path/to/users
+	# encryption method used in the htpasswd file
+	htpasswd_encryption = md5
+
+Add configuration to caddy.
+
+	caldav.joshuayun.com {
+		handle_path /* {
+			reverse_proxy localhost:5232 {
+			header_up X-Script-Name /radicale
+			}
+		}
+		handle_path /radicale/* {
+			reverse_proxy localhost:5232 {
+				header_up X-Script-Name /radicale
+			}
+		}
+	}
+
+
+## Webdav
+
+Add the Webdav module to Caddy.
+
+	sudo caddy add-package github.com/mholt/caddy-webdav
+	sudo systemctl restart caddy
+
+Add Webdav to the Caddy configuration
+
+Example configuration with protected file browsing, see the [github](https://github.com/mholt/caddy-webdav) for more configurations.
+
+
+	webdav.joshuayun.com {
+		@get method GET
+		root * WEBDAV_PATH
+		route {
+			basicauth {
+				joshua CADDY_HASH
+			}
+			file_server @get browse
+			webdav
+		}
+	}
+
+To generate the hash:
+
+	caddy hash-password