From 9c0efddd0f39b1ad702a99a7146063afb82a58a8 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Thu, 25 Oct 2018 12:32:54 -0400 Subject: [PATCH] add lxd info --- wiki/pages/administration.md | 78 ++++++++++++++++++++++++++++++++++- wiki/pages/code-of-conduct.md | 4 +- wiki/pages/domains.md | 42 +++++++++---------- wiki/pages/irc.md | 2 +- wiki/pages/services.md | 7 +++- wiki/pages/tildeblogs.md | 2 +- wiki/pages/tildepages.md | 6 +-- 7 files changed, 111 insertions(+), 30 deletions(-) diff --git a/wiki/pages/administration.md b/wiki/pages/administration.md index 64bfa3b..4a155c8 100644 --- a/wiki/pages/administration.md +++ b/wiki/pages/administration.md @@ -12,7 +12,12 @@ category: ## adding users -1. generate a random password (12-20 characters, no spaces) +> this is deprecated. use the new [makeuser](https://tildegit.org/team/makeuser/src/branch/bash-edition) script + +1. generate a random password + ``` + pwgen -1B 15 + ``` 1. create a new user account: ``` @@ -110,3 +115,74 @@ Here's how to fix it: 07:12 <~khuxkm> then `sudo prlimit --pid --nproc 1000000:100000000` 07:12 <~khuxkm> then do what you need to do 07:12 <~khuxkm> then exit the bash session + + +## lxd + +this is the process that i use to create lxd containers for users. + +you need two things from the user: an ssh public key (on their ~team shell) and a [distro choice](https://us.images.linuxcontainers.org/) + + +1. create the container + ``` + # debian + lxc launch images:debian/stretch + # ubuntu + lxc launch ubuntu: + ``` + +1. make sure the container has an sshd running + ``` + lxc exec bash + # might have to adjust this if the image is not a debian-derivative + root@ $ apt install openssh-server + ``` + +1. copy the user's ssh pubkey to root on the container + ``` + lxc exec bash + mkdir -m 700 .ssh + echo "pubkey" >> ~/.ssh/authorized_keys + chmod 600 ~/.ssh/authorized_keys + ``` + +> now the user can run `ssh root@.lxd` to get a shell inside their container +> the .lxd dns resolver is provided by the lxd daemon itself through dnsmasq + +### make the container public + +> check with the user and find out what they want the container to be available as (which domain) +> nginx matches concrete `server_name`s first, so you can replace the `*.tilde.team` match + +1. copy user-lxd.template + ``` + cd /etc/nginx/sites-available + sudo cp user-lxd.template .tilde.team + sudo vim .tilde.team + ``` + +1. replace the username + ``` + :%s///g + :wq + ``` + +1. enable the vhost + ``` + cd /etc/nginx/sites-enabled + sudo ln -s ../sites-available/.tilde.team . + ``` + +1. reload nginx + ``` + # make sure the configs look ok + sudo nginx -t + sudo service nginx reload + ``` + +bam! now `.tilde.team` will forward requests to the container. + +make sure that the user is running some kind of webserver on port 80 inside the container! + +feel free to add other configs to their vhost or use any of the other [tildepage domains](?page=tildepages) \ No newline at end of file diff --git a/wiki/pages/code-of-conduct.md b/wiki/pages/code-of-conduct.md index 2bd5a39..a70dc07 100644 --- a/wiki/pages/code-of-conduct.md +++ b/wiki/pages/code-of-conduct.md @@ -9,12 +9,12 @@ category: # code of conduct -**tl;dr** learn by doing and helping. be excellent to each other. have fun! +> **tl;dr** learn by doing and helping. be excellent to each other. have fun! ## 1. purpose -a primary goal of tilde.team is to be inclusive to the largest number of contributors, with the most varied and diverse backgrounds possible. as such, we are committed to providing a friendly, safe and welcoming environment for all, regardless of gender, sexual orientation, ability, ethnicity, socioeconomic status, and religion (or lack thereof). +a primary goal of tilde.team is to be inclusive to the largest number of contributors, with the most varied and diverse backgrounds possible. as such, we are committed to providing a friendly, safe and welcoming environment for all. this code of conduct outlines our expectations for all those who participate in our community, as well as the consequences for unacceptable behavior. diff --git a/wiki/pages/domains.md b/wiki/pages/domains.md index b2ad735..f3d7712 100644 --- a/wiki/pages/domains.md +++ b/wiki/pages/domains.md @@ -9,28 +9,28 @@ category: # tilde.team domains -because [~ben](https://tilde.team/~ben/) hoards domain names, you can use the following domains are associated with tilde.team somehow: +because [~ben](https://tilde.team/~ben/) hoards domain names, the following domains are associated with tilde.team and/or the tildeverse somehow: -* nand.pub - not sure yet -* nand.sh - alias -* nand.team - not sure yet -* nand.zone - not sure yet -* ttm.sh - url shortener -* tild3.org - alias -* tild3.club - alias -* tilde.chat - irc net -* tilde.life - redirect -* tilde.news - redirect -* tilde.ninja - redirect -* tilde.pizza - redirect -* tilde.site - alias -* tilde.wtf - redirect -* tilde.zone - mastodon and related stuff -* tildegit.org - gitea -* tilderadio.org - tildeverse radio -* tildeteam.org - alias -* tildenet.org - redirect to tilde.chat -* tildeverse.org - the tildeverse! +* [nand.pub](https://nand.pub/) - not sure yet +* [nand.sh](https://nand.sh/) - alias +* [nand.team](https://nand.team/) - not sure yet +* [nand.zone](https://nand.zone/) - not sure yet +* [ttm.sh](https://ttm.sh/) - url shortener +* [tild3.org](https://tild3.org/) - alias +* [tild3.club](https://tild3.club/) - alias +* [tilde.chat](https://tilde.chat/) - irc net +* [tilde.life](https://tilde.life/) - redirect +* [tilde.news](https://tilde.news/) - redirect +* [tilde.ninja](https://tilde.ninja/) - redirect +* [tilde.pizza](https://tilde.pizza/) - redirect +* [tilde.site](https://tilde.site/) - alias +* [tilde.wtf](https://tilde.wtf/) - redirect +* [tilde.zone](https://tilde.zone/) - mastodon and related stuff +* [tildegit.org](https://tildegit.org/) - gitea +* [tilderadio.org](https://tilderadio.org/) - tildeverse radio +* [tildeteam.org](https://tildeteam.org/) - alias +* [tildenet.org](https://tildenet.org/) - redirect to tilde.chat +* [tildeverse.org](https://tildeverse.org/) - the tildeverse! aliases can be used as-is, where redirects will simply change to a tilde.team url. diff --git a/wiki/pages/irc.md b/wiki/pages/irc.md index afafce5..fbc1db7 100644 --- a/wiki/pages/irc.md +++ b/wiki/pages/irc.md @@ -9,7 +9,7 @@ category: # [tildeverse irc](https://tilde.chat) -hi tildizens! +hi teammates! the tilde.chat irc network is available at tilde.chat:+6697 (with ssl) diff --git a/wiki/pages/services.md b/wiki/pages/services.md index e39a098..68b7155 100644 --- a/wiki/pages/services.md +++ b/wiki/pages/services.md @@ -9,7 +9,7 @@ category: # tilde.team services -i'll keep this wiki page updated with the services that are running on our little vps box :) +i'll keep this wiki page updated with the services that we run and maintain :) ### our deployed projects @@ -50,3 +50,8 @@ i'll keep this wiki page updated with the services that are running on our littl * [bbj](https://tildegit.org/team/bbj) ([web mirror here](https://bbj.tilde.team)) - forked from [desvox/bbj](https://github.com/desvox/bbj) * [gopher proxy](https://gopher.tilde.team) +### tildeverse service + +tilde.team hosts several services for the tildeverse. + +see [tildeverse.org](https://tildeverse.org) for more info. diff --git a/wiki/pages/tildeblogs.md b/wiki/pages/tildeblogs.md index 2e98e9d..c066680 100644 --- a/wiki/pages/tildeblogs.md +++ b/wiki/pages/tildeblogs.md @@ -1,7 +1,7 @@ --- author: ~ben published: true -title: tildeblogs +title: tildeblogs with bashblog description: tildeblogs information category: - main diff --git a/wiki/pages/tildepages.md b/wiki/pages/tildepages.md index fa3ce95..2c336f1 100644 --- a/wiki/pages/tildepages.md +++ b/wiki/pages/tildepages.md @@ -24,7 +24,7 @@ see also the [master list of domains](?page=domains). this means you can access your user page from any of the following url formats, substituting domain and username: -* `https://domain/~username/` -* `https://domain/u/username/` -* `https://username.domain/` +* `https://domain.tld/~username/` +* `https://domain.tld/u/username/` +* `https://username.domain.tld/`