💾 Archived View for gemini.temperedtea.eu › technology › 20210906.gmi captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Back

Configuring an ArchLinux server

Starting point: minimal archlinux as installed on a Hetzner server without any user data (yet)

Encrypt user accounts

Prepare for the encryption of the user account "git", which is supposed to be empty. Run as root:

pacman -S ecryptfs-utils rsync lsof sudo binutils wget curl fakeroot which vi emacs screen
useradd -m -s /bin/bash git

modprobe ecryptfs

passwd git

ecryptfs-migrate-home -u git

If successful, login as git with the password that you've set and run:

ecryptfs-mount-private

Open /etc/pam.d/system-auth and modify the file as described in https://wiki.archlinux.org/index.php/ECryptfs, section "auto-mounting"

Note that if you don't want the home directory to automatically unmount after you logout as this user, you can skip the line:

session           [success=1 default=ignore]  pam_succeed_if.so service = systemd-user quiet              

Reference site on the ArchLinux wiki

Create a regular user with sudo privileges

useradd -m -s /bin/bash USERNAME

usermod --append --groups wheel USERNAME
visudo

Uncomment the line:

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

Setup git

pacman -S git

Please note that I don't use git LFS. If you do, you'll also have to install it.

If you like, you can then also enable password-less login:

cat ~/.ssh/id_rsa.pub | ssh git@YOUR_IP "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

Setup gemini

pacman -S gcc make cmake amfora
useradd -m -s /bin/bash USERNAME

Run as a user with sudo privileges (but not root). This uses yay and topgrade for the installation of AUR packages - of course, you can use any other AUR package manager of your choice or none at all:

git clone https://aur.archlinux.org/yay.git
cd yay
makepgk -si
yay topgrade
yay agate

Configure the agate service (here for two hosts):

sudo emacs -nw /etc/systemd/system/agate.service

[Unit]
Description=agate
After=network.target

[Service]
User=USERNAME
Type=simple
ExecStart=/usr/bin/agate  --certs  /home/USERNAME/certs/ --content /home/USERNAME/gemini/ --hostname HOST1 --hostname HOST2 --addr [::]:1965 --addr 0.0.0.0:1965  --lang en-GB

[Install]
WantedBy=default.target

Then activate the service:

sudo systemctl restart agate
sudo systemctl enable agate

Run as gemini user:

mkdir certs
mkdir gemini

Description of Agate usage