💾 Archived View for gemini.temperedtea.eu › technology › 20210906.gmi captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Starting point: minimal archlinux as installed on a Hetzner server without any user data (yet)
Prepare for the encryption of the user account "git", which is supposed to be empty. Run as root:
pacman -S ecryptfs-utils rsync lsof sudo binutils wget curl fakeroot which vi emacs screen useradd -m -s /bin/bash git modprobe ecryptfs passwd git ecryptfs-migrate-home -u git
If successful, login as git with the password that you've set and run:
ecryptfs-mount-private
Open /etc/pam.d/system-auth and modify the file as described in https://wiki.archlinux.org/index.php/ECryptfs, section "auto-mounting"
Note that if you don't want the home directory to automatically unmount after you logout as this user, you can skip the line:
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
Reference site on the ArchLinux wiki
useradd -m -s /bin/bash USERNAME usermod --append --groups wheel USERNAME visudo
Uncomment the line:
## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL) ALL
pacman -S git
Please note that I don't use git LFS. If you do, you'll also have to install it.
If you like, you can then also enable password-less login:
cat ~/.ssh/id_rsa.pub | ssh git@YOUR_IP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
pacman -S gcc make cmake amfora useradd -m -s /bin/bash USERNAME
Run as a user with sudo privileges (but not root). This uses yay and topgrade for the installation of AUR packages - of course, you can use any other AUR package manager of your choice or none at all:
git clone https://aur.archlinux.org/yay.git cd yay makepgk -si yay topgrade yay agate
Configure the agate service (here for two hosts):
sudo emacs -nw /etc/systemd/system/agate.service
[Unit] Description=agate After=network.target [Service] User=USERNAME Type=simple ExecStart=/usr/bin/agate --certs /home/USERNAME/certs/ --content /home/USERNAME/gemini/ --hostname HOST1 --hostname HOST2 --addr [::]:1965 --addr 0.0.0.0:1965 --lang en-GB [Install] WantedBy=default.target
Then activate the service:
sudo systemctl restart agate sudo systemctl enable agate
Run as gemini user:
mkdir certs mkdir gemini