summaryrefslogtreecommitdiff
path: root/docs/server
diff options
context:
space:
mode:
authorjoshua <joshua@joshuayun.com>2023-12-29 23:18:01 -0500
committerjoshua <joshua@joshuayun.com>2023-12-29 23:18:01 -0500
commitbe0a9dfcbd5ea62eca32f3cebb104ae39855a4f2 (patch)
tree05e8c68e2adb022e7b6d3b0ecf3799aaf1f795ec /docs/server
parent801b59c05ac3c12e74a5f77c0d5d6f898ef55912 (diff)
downloadwiki-be0a9dfcbd5ea62eca32f3cebb104ae39855a4f2.tar.gz
updated wiki on how to make server
Diffstat (limited to 'docs/server')
-rw-r--r--docs/server/cgit.md141
-rw-r--r--docs/server/ddns.md49
-rw-r--r--docs/server/server.md130
3 files changed, 320 insertions, 0 deletions
diff --git a/docs/server/cgit.md b/docs/server/cgit.md
new file mode 100644
index 0000000..72db5ed
--- /dev/null
+++ b/docs/server/cgit.md
@@ -0,0 +1,141 @@
+# Cgit with gitolite and caddy
+
+## Setup
+
+Install dependencies.
+
+ # apt install cgit python-is-python3 python3-pygments python3-markdown docutils-common groff perl
+
+Make a git user.
+
+ sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
+
+Allow ssh passwordless login.
+
+ usermod -p '*' username
+
+## Gitolite
+
+Install the [gitolite](https://gitolite.com/gitolite/install.html) package from the repository directly.
+
+### Configuration with cgit
+
+Configuration of gitolite is done by modifying `$HOME/.gitolite.rc`.
+
+To work correctly with cgit, gitweb and cgit configuration options need to work with gitolite.
+
+Change:
+
+ GIT_CONFIG_KEYS => '',
+
+To:
+
+ GIT_CONFIG_KEYS => '.*',
+
+To have permissions work correctly,
+
+Change:
+
+ UMASK => 0077,
+
+To:
+
+ UMASK => 0027,
+
+In the `ENABLE` field, add gitweb and cgit to the list.
+
+### Usage
+
+Detailed usage of gitolite can be found [here](https://gitolite.com/gitolite/basic-admin.html)
+
+### Repository ignore
+
+After cgit is configured, cgit can be told to ignore a repo with this syntax.
+
+ repo gitolite-admin
+ config cgit.ignore=1
+
+### Adding Hooks to gitolite
+
+This [page](https://gitolite.com/gitolite/cookbook#adding-other-non-update-hooks) details how to add hooks to your repositories.
+
+Example hook that updates a website every git push. Make sure this directory is owned by git.
+
+ #!/bin/sh
+ GIT_WORK_TREE=/desired/website/directory git checkout -f
+
+
+## Cgit
+
+### Running cgit with caddy
+
+Install the [fcgiwrap](https://packages.debian.org/bookworm/fcgiwrap) package.
+
+Create a systemd service that wraps cgit with FastCGI.
+
+ # systemctl edit --full --force cgit.service
+
+<!-- tsk -->
+
+ [Unit]
+ Description=CGI web interface to the Git SCM
+ After=network.target
+
+ [Service]
+ Type=exec
+ ExecStart=fcgiwrap -f -p "/usr/lib/cgit/cgit.cgi" -s tcp:127.0.0.1:8999
+
+ [Install]
+ WantedBy=multi-user.target
+
+<!-- tsk -->
+
+ # systemctl start cgit
+
+Add cgit configuration to caddy.
+
+ git.joshuayun.com {
+ handle_path /cgit-css/* {
+ root * /usr/share/cgit/
+ file_server
+ }
+
+ handle {
+ reverse_proxy localhost:8999 {
+ transport fastcgi {
+ env DOCUMENT_ROOT /usr/lib/cgit/
+ env SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi
+ }
+ }
+ }
+ }
+
+
+## Cgit configuration
+
+More detailed documentation can be found on the cgitrc(5) [manual](https://linux.die.net/man/5/cgitrc).
+
+enable-git-config is used to allow for gitweb.* configurations in gitolite, e.g. description, owner.
+
+
+ enable-git-config=1
+
+project-list sets where cgit looks for projects, this list is the one updated by gitolite
+
+ project-list=/home/git/projects.list
+
+scan-path sets where the actual git repositories live
+
+ scan-path=/home/git/repositories
+
+## References
+
+[SixFoisNeuf](https://www.sixfoisneuf.fr/posts/setting-up-cgit-with-caddy2/) Used this blog to run cgit using fcgiwrap rather than a caddy plugin. The entire cgit with caddy section was using his work.
+
+[Mateja Maric](https://matejamaric.com/blog/git-server/) Used this blog to help configure cgitrc, gitolite.rc
+
+[Luke Hsiao](https://luke.hsiao.dev/blog/cgit-caddy-gitolite/) Used the git user creation command from this blog.
+
+[Omar Polo (yumh)](https://www.omarpolo.com/post/cgit-gitolite.html) Used this blog to help configure cgitrc for hidden repos.
+
+[Bryan Brattlof](https://bryanbrattlof.com/cgit-nginx-gitolite-a-personal-git-server/) Not much used here, kept as reference.
diff --git a/docs/server/ddns.md b/docs/server/ddns.md
new file mode 100644
index 0000000..f81f5d7
--- /dev/null
+++ b/docs/server/ddns.md
@@ -0,0 +1,49 @@
+# DDNS Setup
+
+## Porkbun API
+
+Follow this [porkbun](https://kb.porkbun.com/article/190-getting-started-with-the-porkbun-api) guide on enabling the api for your domain.
+
+## ddns-updater
+
+[ddns-updater](https://github.com/qdm12/ddns-updater) is the program used to update Porkbun's A record of your domain.
+
+### Docker install
+
+Install the [docker](https://docs.docker.com/engine/install/debian/) package from official docker repositories.
+
+### Setup
+
+Create a directory with config.json inside, and make sure that its owner has a uid of 1000.
+
+ mkdir data
+ touch data/config.json
+ # Owned by user ID of Docker container (1000)
+ chown -R 1000 data
+ # all access (for creating json database file data/updates.json)
+ chmod 700 data
+ # read access only
+ chmod 400 data/config.json
+
+Configuration for porkbun in config.json
+
+ {
+ "settings": [
+ {
+ "provider": "porkbun",
+ "domain": "domain.com",
+ "host": "@",
+ "api_key": "PORKBUN SECRET KEY",
+ "secret_api_key": "PORKBUN API KEY",
+ "ip_version": "ipv4"
+ }
+ ]
+ }
+
+Optional `"ttl"` paramter specifing A record TTL not included.
+
+### Usage
+ docker run -d -p 8000:8000/tcp -v "$(pwd)"/data:/updater/data qmcgaw/ddns-updater
+
+This will start a docker container that will start updating the DNS records.
+Status updates can be seen in a web server by going to localhost:8000.
diff --git a/docs/server/server.md b/docs/server/server.md
new file mode 100644
index 0000000..a5381f4
--- /dev/null
+++ b/docs/server/server.md
@@ -0,0 +1,130 @@
+# Homelab Server Setup
+
+This page describes how I setup my personal webserver
+
+I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support
+
+## Linux Distribution Used
+
+Debian 12 Bookworm.
+
+Update the system.
+
+ # apt update
+ # apt upgrade
+
+## SSH
+
+Generate ssh keys
+
+ ssh-keygen -t [keytype]
+
+Add ssh keys to `~/.ssh/authorized_keys`
+
+ ssh-copy-id -i /path/to/pubkey [user@]machine
+
+### Optional security enhancements
+
+Change the port in `/etc/sshd_config` to a nonstandard port to harden security.
+
+ Port 1234
+
+Disable password login in `/etc/sshd_config/`
+
+ PubkeyAuthentication yes
+ ChallengeResponseAuthentication no
+ PasswordAuthentication no
+ KbdInteractiveAuthentication no
+ UsePAM no
+
+Disable XForwarding
+
+ X11Forwarding no
+
+Disable remote root login
+
+ PermitRootLogin no
+
+## DDNS
+
+Setup [Dyanmic DNS (ddns) with Porkbun and ddns-updater](ddns.md).
+
+## Caddy
+
+Install the [Caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) package from Caddy directly.
+
+## Cgit & gitolite
+
+Setup [cgit with gitolite and caddy](cgit.md).
+
+## Radicale
+
+Install the [Radicale](https://packages.debian.org/bookworm/radicale) package.
+
+Start the Radicale service.
+
+ systemctl enable radicale.service
+ systemctl start radicale.service
+
+Generate secure passwords using htpasswd.
+
+ # Create a new htpasswd file with the user "user1"
+ $ htpasswd -c /path/to/users user1
+ New password:
+ Re-type new password:
+ # Add another user
+ $ htpasswd /path/to/users user2
+ New password:
+ Re-type new password:
+
+Edit configuration to add users
+
+ [auth]
+ type = htpasswd
+ htpasswd_filename = /path/to/users
+ # encryption method used in the htpasswd file
+ htpasswd_encryption = md5
+
+Add configuration to caddy.
+
+ caldav.joshuayun.com {
+ handle_path /* {
+ reverse_proxy localhost:5232 {
+ header_up X-Script-Name /radicale
+ }
+ }
+ handle_path /radicale/* {
+ reverse_proxy localhost:5232 {
+ header_up X-Script-Name /radicale
+ }
+ }
+ }
+
+
+## Webdav
+
+Add the Webdav module to Caddy.
+
+ sudo caddy add-package github.com/mholt/caddy-webdav
+ sudo systemctl restart caddy
+
+Add Webdav to the Caddy configuration
+
+Example configuration with protected file browsing, see the [github](https://github.com/mholt/caddy-webdav) for more configurations.
+
+
+ webdav.joshuayun.com {
+ @get method GET
+ root * WEBDAV_PATH
+ route {
+ basicauth {
+ joshua CADDY_HASH
+ }
+ file_server @get browse
+ webdav
+ }
+ }
+
+To generate the hash:
+
+ caddy hash-password