Initial commit

This commit is contained in:
aewens 2019-02-18 18:26:25 +01:00
commit bff952b5ee
12 changed files with 443 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
public_html/requests/*.txt

26
LICENSE Normal file
View File

@ -0,0 +1,26 @@
Copyright (c) 2019 Austin Ewens. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

3
README.md Normal file
View File

@ -0,0 +1,3 @@
# site
Site for tilde.center

23
center-le-ssl.conf Normal file
View File

@ -0,0 +1,23 @@
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin aewens@tilde.center
ServerName tilde.center
ServerAlias www.tilde.center
DocumentRoot /var/www/tilde.center/public_html
ErrorLog /var/www/tilde.center/error.log
CustomLog /var/www/tilde.center/access.log combined
<Directory "/var/www/tilde.center/public_html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
DirectoryIndex index.php index.html
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/tilde.center/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tilde.center/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/tilde.center/chain.pem
</VirtualHost>
</IfModule>

21
center.conf Normal file
View File

@ -0,0 +1,21 @@
<VirtualHost *:80>
ServerAdmin aewens@tilde.center
ServerName tilde.center
ServerAlias www.tilde.center
DocumentRoot /var/www/tilde.center/public_html
ErrorLog /var/www/tilde.center/error.log
CustomLog /var/www/tilde.center/access.log combined
<Directory "/var/www/tilde.center/public_html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
DirectoryIndex index.php index.html
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.tilde.center [OR]
RewriteCond %{SERVER_NAME} =tilde.center
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

1
public_html/.htaccess Executable file
View File

@ -0,0 +1 @@
Options -Indexes

146
public_html/css/style.css Executable file
View File

@ -0,0 +1,146 @@
* {
margin: 0;
padding: 0;
list-style-type: none;
box-sizing: border-box;
}
html,
body {
position: relative;
width: 100%;
font-family: sans-serif;
font-size: 1em;
background: #789;
color: #fff;
line-height: 1em;
}
main {
padding: 4em 2em 2em;
}
header pre {
margin-top: 10px;
text-align: center;
/*color: #def;*/
/*background: #567;*/
}
ul:not(.point-free) li:before {
content: "\00b7\00a0";
}
a {
color: #def;
font-style: italic;
}
a:hover {
cursor: pointer;
color: #eff;
}
h1,
h2,
h3,
li,
p,
blockquote,
label,
input,
button,
textarea {
margin-bottom: 1em;
line-height: 1.5em;
}
blockquote {
padding-left: 1em;
border-left: 5px solid #fff;
}
article {
width: 70%;
display: inline-block;
}
aside {
width: 29%;
display: inline-block;
vertical-align: top;
}
form.signup {
width: 90%;
margin: 0 auto 2em;
}
form.signup input:not([type=checkbox]),
form.signup textarea {
width: 100%;
padding: 0.25em;
font-size: 1em;
}
form.signup button {
width: 100%;
padding: 1em 2em;
font-size: 1em;
background: #567;
color: #fff;
outline: none;
border: 2px solid #def;
}
form.signup button:hover {
cursor: pointer;
background: #678;
border-color: #eff;
}
form.signup pre {
font-size: 1.2em;
line-height: 1.2em;
}
#users {
margin-top: 2em;
}
nav {
position: fixed;
top: 0;
width: 100%;
padding: 1em;
background: #567;
}
nav ul {
width: 100%;
}
nav ul li {
display: inline-block;
}
.point-free li {
margin-bottom: 0;
padding: 0 1em;
}
.left {
float: left;
text-align: left;
}
.right {
float: right;
text-align: right;
}
.clearfix:after {
content: "";
display: table;
clear: both;
}

131
public_html/index.php Executable file
View File

@ -0,0 +1,131 @@
<?php
#ini_set("display_errors", 1);
#ini_set("display_startup_errors", 1);
#error_reporting(E_ALL);
$ldap = ldap_connect("ldaps://center") or die("[CRITICAL]: Could not connect to LDAP");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if (!($bind = ldap_bind($ldap))) {
die("[CRITICAL]: Could not bind to LDAP");
}
$base_dn = "dc=tilde,dc=center";
$filter = "(objectClass=*)";
$userFilter = "(objectClass=posixAccount)";
$sr = ldap_search($ldap, $base_dn, $filter);
$usr = ldap_search($ldap, $base_dn, $userFilter);
$entries = ldap_get_entries($ldap, $sr);
$users = ldap_get_entries($ldap, $usr);
ldap_close($ldap);
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="tilde.center, a public unix group focused around decentralization, federation, and home-brewed open source projects">
<meta name="author" content="Austin Ewens, ~aewens">
<meta name="theme-color" content="#778899">
<link rel="canonical" href="https://tilde.center">
<title>tilde.center</title>
<link rel="stylesheet" type="text/css" href="https://tilde.center/css/style.css">
</head>
<body>
<main>
<header>
<pre>
_ _ _ _ _
| |_(_) | __| | ___ ___ ___ _ __ | |_ ___ _ __
| __| | |/ _` |/ _ \ / __/ _ \ '_ \| __/ _ \ '__|
| |_| | | (_| | __/| (_| __/ | | | || __/ |
\__|_|_|\__,_|\___(_)___\___|_| |_|\__\___|_|
</pre>
</header>
<article>
<h1>Philosophy</h1>
<p>The Tilde Center (~center) project consists of three core elements:</p>
<ul>
<li>Decentralization</li>
<li>Federation</li>
<li>Home-brewed open source projects (HBOSP)</li>
</ul>
<p>The current goal for this project is to create a system that will allow maintainers to easily setup and deploy their own ~center servers to join its network. To help explain the focus of the project, the following will outline the meaning behind the three core elements.</p>
<h2>Decentralized</h2>
<p>The decentralized factor means that users experience from being on one server should not differ from another. Any user that has joined the ~center network will be able to log into all ~center servers, access any share data they set, and have access to the services they were using on another. In this way, if a server maintainer stop hosting their tilde server there will be nothing lost to the ~center users, they would just login from a different node in the network.</p>
<h3>Accounts</h3>
<p>As mentioned above, having an account on one ~center server means having an account on all ~center servers. This will be accomplished using an LDAP database, which can also be leveraged as a single sign on (SSO) solution for any services made for the platform.</p>
<h3>Storage</h3>
<p>To help mitigate against any barriers of entry to being a ~center server, user data will also be distributed but through a size limited shared directory for each user (e.g. in each users $HOME directory, they will have a directory that can hold X megabytes of data). These shared directories will sync changes to the other servers (probably through rsync or something like it) so users can carry dotfiles and other kind of files / configurations to the other ~center servers. For larger files, the mechanism for doing so will be decided later on.</p>
<h3>Services</h3>
<p>There will also be a shared SQLite database(s) that will be synced across the ~center servers for services to utilize, along with the services / programs / scripts themselves being synced across as well.</p>
<h2>Federation</h2>
<p>To keep the ~center experience across the servers continuous they would need to communicate with one another. This will be accomplished through TCP socket servers and clients that adhere to the same specification (the details of which will be determined later) to dispatch intentions and requests from other servers. The dispatcher can then hand-off the intentions and/or requests to the appropriate services / programs / scripts to perform the needed actions (e.g. calling user creation scripts, heartbeats, informing a new server joined the ~center network, etc).</p>
<h3>Accounts</h3>
<p>While creating an account on ~center gives you an account on all the servers in its network, each ~center is run by its own server admin. For this reason, a server admin for a ~center instance can choose to ban a user from their node, the reason for which can then be sent to the other admins of the ~center network to decide if they want to take the same action (e.g. to prevent things like spam bots getting out of control).</p>
<h3>Synchronization</h3>
<p>For components like the LDAP user database, to allow for server admins to ban a user from their instance without automatically banning them from all instances, the LDAP database cannot just be synced across all nodes. Instead, actions performed against the LDAP database can be dispatched to the other servers to be applied to their own LDAP databases.</p>
<p>To ensure events like password changes do not expose sensitive data to security threats like man-in-the-middle attacks, these communications through the dispatcher will be encrypted and signed so that the receiving server can both verify the authenticity of the message and keep its contents safe from attackers.</p>
<h3>Governance</h3>
<p>No system is perfect, and with anyone being able to join the ~center network it allows for “bad agents” to join the network that could try to send malicious intents / requests to the dispatchers of other servers or act against the wishes of the community. For this reason, a governance system will be put in place so that the community and/or server administrators can vote to block / ignore messages from nodes run by bad agents as a means to police the ~center network.</p>
<h2>Home-Brewed Open Source Projects</h2>
<p>Richard Feynman said:</p>
<blockquote>“what I cannot create, I do not understand”</blockquote>
<p> and this philosophy is at the core of the ~center project. The intention behind the ~center project is not to try and create a perfect machine that you can bravely run in a production environment, but rather to embrace the joy of creation and make something amazing together. It may become a monstrosity of buggy scripts all haphazardly cobbled together, but it will be our monster. The ~center project belongs to its community, so it is so important that it is also created by its community. In this way, a piece of it will belong to each of us as we can know it is here because of something we did. While decentralization and federation are goals the community can strive for, the HBOSP factor of the project is what ultimately brings the community together towards a common goal, making it ourselves.</p>
<p>Also, its more fun to try and reinvent the wheel for its own sake.</p>
<p><em>~aewens</em></p>
</article>
<aside>
<h1>Users</h1>
<div id="users"><?php
foreach($users as $user) {
$uid = $user["uid"][0];
if (!strlen($uid)) continue;
echo "<p><a href='/~" . $uid . "/'>~" . $uid . "</a></p>";
}
?></div>
</aside>
</main>
<nav>
<ul class="point-free">
<li>Tilde Center</li>
<!--li>Home</li>
<li>Wiki</li>
<li>Docs</li>
<li>User Portal</li-->
<li class="right clearfix">
<?php if (!isset($_GET["signed"])) { ?>
Want to join? <a href="signup.php">Sign up!</a>
<?php } else { ?>
Request sent! Keep an eye on your email
<?php } ?>
</li>
</ul>
</nav>
</body>
</html>

1
public_html/requests/.htaccess Executable file
View File

@ -0,0 +1 @@
Deny from all

View File

@ -0,0 +1,5 @@
#!/bin/bash
REQS=/var/www/tilde.center/public_html/requests
cp -v $REQS/requests.txt $REQS/requests-$(date --iso-8601).txt
echo "" > $REQS/requests.txt

2
public_html/robots.txt Executable file
View File

@ -0,0 +1,2 @@
User-Agent: *
Disallow: signup.php

83
public_html/signup.php Executable file
View File

@ -0,0 +1,83 @@
<?php
if (isset($_POST["signup"]) && isset($_POST["iamhuman"])) {
$file = "/var/www/tilde.center/public_html/requests/requests.txt";
echo getcwd() . "<br>";
echo file_exists($file) . "<br>";
$username = $_POST["username"];
$email = $_POST["email"];
$sshkey = $_POST["sshkey"];
$interest = $_POST["interest"];
$requests = fopen($file, "a") or die("[ERROR]: Cannot save request");
$data = $username . "\n" . $email . "\n" . $sshkey . "\n" . $interest . "\n----\n";
fwrite($requests, $data);
fclose($requests);
header("Location: /?signed=1");
exit();
}
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="tilde.center, a public unix group focused around decentralization, federation, and home-brewed open source projects">
<meta name="author" content="Austin Ewens, ~aewens">
<meta name="theme-color" content="#778899">
<link rel="canonical" href="https://tilde.center">
<title>Sign Up | tilde.center</title>
<link rel="stylesheet" type="text/css" href="https://tilde.center/css/style.css">
</head>
<body>
<main>
<header>
<pre>
_ _ _ _ _
| |_(_) | __| | ___ ___ ___ _ __ | |_ ___ _ __
| __| | |/ _` |/ _ \ / __/ _ \ '_ \| __/ _ \ '__|
| |_| | | (_| | __/| (_| __/ | | | || __/ |
\__|_|_|\__,_|\___(_)___\___|_| |_|\__\___|_|
</pre>
</header>
</main>
<form class="signup" action="signup.php" method="post">
<h1>Sign Up</h1>
<p>Fill out this form and you will get an email with your account information (within 24 hours)</p>
<label>Desired username (alphanumeric)</label><br>
<input type="text" name="username" pattern="[a-z0-9]+" required>
<label>Contact email (for sending account info)</label><br>
<input type="email" name="email" required>
<label>SSH public key*</label><br>
<textarea name="sshkey" rows="5" required></textarea>
<label>Why did you want to join?</label><br>
<textarea name="interest" rows="5"></textarea>
<button id="submit" type="submit" name="signup">Submit</button>
<p>* If you do not have an SSH public key, you can create one using:</p>
<pre>$ ssh-keygen -t rsa</pre>
<pre># press enter to all</pre>
<pre>$ cat ~/.ssh/id_rsa.pub</pre>
<pre># ^-- this is your SSH public key</pre>
</form>
<nav class="left">
<span><a href="index.php">return home</a></span>
</nav>
</body>
<script>
var br = document.createElement("br"),
humanTest = document.createElement("input"),
humanLabel = document.createElement("label"),
submitButton = document.getElementById("submit"),
parentNode = submitButton.parentNode;
humanLabel.innerHTML = "Are you human? ";
humanTest.setAttribute("type", "checkbox");
humanTest.setAttribute("name", "iamhuman");
humanTest.setAttribute("required", "required");
parentNode.insertBefore(br, submitButton);
parentNode.insertBefore(humanTest, br);
parentNode.insertBefore(humanLabel, humanTest);
</script>
</html>