add lxd info
This commit is contained in:
parent
54a8023c16
commit
9c0efddd0f
|
@ -12,7 +12,12 @@ category:
|
|||
|
||||
## adding users
|
||||
|
||||
1. generate a random password (12-20 characters, no spaces)
|
||||
> this is deprecated. use the new [makeuser](https://tildegit.org/team/makeuser/src/branch/bash-edition) script
|
||||
|
||||
1. generate a random password
|
||||
```
|
||||
pwgen -1B 15
|
||||
```
|
||||
|
||||
1. create a new user account:
|
||||
```
|
||||
|
@ -110,3 +115,74 @@ Here's how to fix it:
|
|||
07:12 <~khuxkm> then `sudo prlimit --pid <pid> --nproc 1000000:100000000`
|
||||
07:12 <~khuxkm> then do what you need to do
|
||||
07:12 <~khuxkm> then exit the bash session
|
||||
|
||||
|
||||
## lxd
|
||||
|
||||
this is the process that i use to create lxd containers for users.
|
||||
|
||||
you need two things from the user: an ssh public key (on their ~team shell) and a [distro choice](https://us.images.linuxcontainers.org/)
|
||||
|
||||
|
||||
1. create the container
|
||||
```
|
||||
# debian
|
||||
lxc launch images:debian/stretch <username>
|
||||
# ubuntu
|
||||
lxc launch ubuntu: <username>
|
||||
```
|
||||
|
||||
1. make sure the container has an sshd running
|
||||
```
|
||||
lxc exec <username> bash
|
||||
# might have to adjust this if the image is not a debian-derivative
|
||||
root@<username> $ apt install openssh-server
|
||||
```
|
||||
|
||||
1. copy the user's ssh pubkey to root on the container
|
||||
```
|
||||
lxc exec <username> bash
|
||||
mkdir -m 700 .ssh
|
||||
echo "pubkey" >> ~/.ssh/authorized_keys
|
||||
chmod 600 ~/.ssh/authorized_keys
|
||||
```
|
||||
|
||||
> now the user can run `ssh root@<username>.lxd` to get a shell inside their container
|
||||
> the .lxd dns resolver is provided by the lxd daemon itself through dnsmasq
|
||||
|
||||
### make the container public
|
||||
|
||||
> check with the user and find out what they want the container to be available as (which domain)
|
||||
> nginx matches concrete `server_name`s first, so you can replace the `*.tilde.team` match
|
||||
|
||||
1. copy user-lxd.template
|
||||
```
|
||||
cd /etc/nginx/sites-available
|
||||
sudo cp user-lxd.template <username>.tilde.team
|
||||
sudo vim <username>.tilde.team
|
||||
```
|
||||
|
||||
1. replace the username
|
||||
```
|
||||
:%s/<user>/<username>/g
|
||||
:wq
|
||||
```
|
||||
|
||||
1. enable the vhost
|
||||
```
|
||||
cd /etc/nginx/sites-enabled
|
||||
sudo ln -s ../sites-available/<username>.tilde.team .
|
||||
```
|
||||
|
||||
1. reload nginx
|
||||
```
|
||||
# make sure the configs look ok
|
||||
sudo nginx -t
|
||||
sudo service nginx reload
|
||||
```
|
||||
|
||||
bam! now `<username>.tilde.team` will forward requests to the container.
|
||||
|
||||
make sure that the user is running some kind of webserver on port 80 inside the container!
|
||||
|
||||
feel free to add other configs to their vhost or use any of the other [tildepage domains](?page=tildepages)
|
|
@ -9,12 +9,12 @@ category:
|
|||
|
||||
# code of conduct
|
||||
|
||||
**tl;dr** learn by doing and helping. be excellent to each other. have fun!
|
||||
> **tl;dr** learn by doing and helping. be excellent to each other. have fun!
|
||||
|
||||
|
||||
## 1. purpose
|
||||
|
||||
a primary goal of tilde.team is to be inclusive to the largest number of contributors, with the most varied and diverse backgrounds possible. as such, we are committed to providing a friendly, safe and welcoming environment for all, regardless of gender, sexual orientation, ability, ethnicity, socioeconomic status, and religion (or lack thereof).
|
||||
a primary goal of tilde.team is to be inclusive to the largest number of contributors, with the most varied and diverse backgrounds possible. as such, we are committed to providing a friendly, safe and welcoming environment for all.
|
||||
|
||||
this code of conduct outlines our expectations for all those who participate in our community, as well as the consequences for unacceptable behavior.
|
||||
|
||||
|
|
|
@ -9,28 +9,28 @@ category:
|
|||
|
||||
# tilde.team domains
|
||||
|
||||
because [~ben](https://tilde.team/~ben/) hoards domain names, you can use the following domains are associated with tilde.team somehow:
|
||||
because [~ben](https://tilde.team/~ben/) hoards domain names, the following domains are associated with tilde.team and/or the tildeverse somehow:
|
||||
|
||||
* nand.pub - not sure yet
|
||||
* nand.sh - alias
|
||||
* nand.team - not sure yet
|
||||
* nand.zone - not sure yet
|
||||
* ttm.sh - url shortener
|
||||
* tild3.org - alias
|
||||
* tild3.club - alias
|
||||
* tilde.chat - irc net
|
||||
* tilde.life - redirect
|
||||
* tilde.news - redirect
|
||||
* tilde.ninja - redirect
|
||||
* tilde.pizza - redirect
|
||||
* tilde.site - alias
|
||||
* tilde.wtf - redirect
|
||||
* tilde.zone - mastodon and related stuff
|
||||
* tildegit.org - gitea
|
||||
* tilderadio.org - tildeverse radio
|
||||
* tildeteam.org - alias
|
||||
* tildenet.org - redirect to tilde.chat
|
||||
* tildeverse.org - the tildeverse!
|
||||
* [nand.pub](https://nand.pub/) - not sure yet
|
||||
* [nand.sh](https://nand.sh/) - alias
|
||||
* [nand.team](https://nand.team/) - not sure yet
|
||||
* [nand.zone](https://nand.zone/) - not sure yet
|
||||
* [ttm.sh](https://ttm.sh/) - url shortener
|
||||
* [tild3.org](https://tild3.org/) - alias
|
||||
* [tild3.club](https://tild3.club/) - alias
|
||||
* [tilde.chat](https://tilde.chat/) - irc net
|
||||
* [tilde.life](https://tilde.life/) - redirect
|
||||
* [tilde.news](https://tilde.news/) - redirect
|
||||
* [tilde.ninja](https://tilde.ninja/) - redirect
|
||||
* [tilde.pizza](https://tilde.pizza/) - redirect
|
||||
* [tilde.site](https://tilde.site/) - alias
|
||||
* [tilde.wtf](https://tilde.wtf/) - redirect
|
||||
* [tilde.zone](https://tilde.zone/) - mastodon and related stuff
|
||||
* [tildegit.org](https://tildegit.org/) - gitea
|
||||
* [tilderadio.org](https://tilderadio.org/) - tildeverse radio
|
||||
* [tildeteam.org](https://tildeteam.org/) - alias
|
||||
* [tildenet.org](https://tildenet.org/) - redirect to tilde.chat
|
||||
* [tildeverse.org](https://tildeverse.org/) - the tildeverse!
|
||||
|
||||
aliases can be used as-is, where redirects will simply change to a tilde.team url.
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ category:
|
|||
|
||||
# [tildeverse irc](https://tilde.chat)
|
||||
|
||||
hi tildizens!
|
||||
hi teammates!
|
||||
|
||||
the tilde.chat irc network is available at tilde.chat:+6697 (with ssl)
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ category:
|
|||
|
||||
# tilde.team services
|
||||
|
||||
i'll keep this wiki page updated with the services that are running on our little vps box :)
|
||||
i'll keep this wiki page updated with the services that we run and maintain :)
|
||||
|
||||
|
||||
### our deployed projects
|
||||
|
@ -50,3 +50,8 @@ i'll keep this wiki page updated with the services that are running on our littl
|
|||
* [bbj](https://tildegit.org/team/bbj) ([web mirror here](https://bbj.tilde.team)) - forked from [desvox/bbj](https://github.com/desvox/bbj)
|
||||
* [gopher proxy](https://gopher.tilde.team)
|
||||
|
||||
### tildeverse service
|
||||
|
||||
tilde.team hosts several services for the tildeverse.
|
||||
|
||||
see [tildeverse.org](https://tildeverse.org) for more info.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
author: ~ben
|
||||
published: true
|
||||
title: tildeblogs
|
||||
title: tildeblogs with bashblog
|
||||
description: tildeblogs information
|
||||
category:
|
||||
- main
|
||||
|
|
|
@ -24,7 +24,7 @@ see also the [master list of domains](?page=domains).
|
|||
|
||||
this means you can access your user page from any of the following url formats, substituting domain and username:
|
||||
|
||||
* `https://domain/~username/`
|
||||
* `https://domain/u/username/`
|
||||
* `https://username.domain/`
|
||||
* `https://domain.tld/~username/`
|
||||
* `https://domain.tld/u/username/`
|
||||
* `https://username.domain.tld/`
|
||||
|
||||
|
|
Loading…
Reference in New Issue