add lxd info

wiki/pages/administration.md

@@ -12,7 +12,12 @@ category:
 
 ## adding users
 
-1. generate a random password (12-20 characters, no spaces)
+> this is deprecated. use the new [makeuser](https://tildegit.org/team/makeuser/src/branch/bash-edition) script
+
+1. generate a random password
+    ```
+    pwgen -1B 15
+    ```
 
 1. create a new user account:
     ```
@@ -110,3 +115,74 @@ Here's how to fix it:
     07:12 <~khuxkm>  then `sudo prlimit --pid <pid> --nproc 1000000:100000000`
     07:12 <~khuxkm>  then do what you need to do
     07:12 <~khuxkm>  then exit the bash session
+
+
+## lxd
+
+this is the process that i use to create lxd containers for users.
+
+you need two things from the user: an ssh public key (on their ~team shell) and a [distro choice](https://us.images.linuxcontainers.org/)
+
+
+1. create the container
+    ```
+    # debian
+    lxc launch images:debian/stretch <username>
+    # ubuntu
+    lxc launch ubuntu: <username>
+    ```
+
+1. make sure the container has an sshd running
+    ```
+    lxc exec <username> bash
+    # might have to adjust this if the image is not a debian-derivative
+    root@<username> $ apt install openssh-server
+    ```
+
+1. copy the user's ssh pubkey to root on the container
+    ```
+    lxc exec <username> bash
+    mkdir -m 700 .ssh
+    echo "pubkey" >> ~/.ssh/authorized_keys
+    chmod 600 ~/.ssh/authorized_keys
+    ```
+
+> now the user can run `ssh root@<username>.lxd` to get a shell inside their container
+> the .lxd dns resolver is provided by the lxd daemon itself through dnsmasq
+
+### make the container public
+
+> check with the user and find out what they want the container to be available as (which domain)
+> nginx matches concrete `server_name`s first, so you can replace the `*.tilde.team` match
+
+1. copy user-lxd.template
+    ```
+    cd /etc/nginx/sites-available
+    sudo cp user-lxd.template <username>.tilde.team
+    sudo vim <username>.tilde.team
+    ```
+
+1. replace the username
+    ```
+    :%s/<user>/<username>/g
+    :wq
+    ```
+
+1. enable the vhost
+    ```
+    cd /etc/nginx/sites-enabled
+    sudo ln -s ../sites-available/<username>.tilde.team .
+    ```
+
+1. reload nginx
+    ```
+    # make sure the configs look ok
+    sudo nginx -t
+    sudo service nginx reload
+    ```
+
+bam! now `<username>.tilde.team` will forward requests to the container.
+
+make sure that the user is running some kind of webserver on port 80 inside the container!
+
+feel free to add other configs to their vhost or use any of the other [tildepage domains](?page=tildepages)

wiki/pages/code-of-conduct.md

@@ -9,12 +9,12 @@ category:
 
 # code of conduct
 
-**tl;dr** learn by doing and helping. be excellent to each other. have fun!
+> **tl;dr** learn by doing and helping. be excellent to each other. have fun!
 
 
 ## 1. purpose
 
-a primary goal of tilde.team is to be inclusive to the largest number of contributors, with the most varied and diverse backgrounds possible. as such, we are committed to providing a friendly, safe and welcoming environment for all, regardless of gender, sexual orientation, ability, ethnicity, socioeconomic status, and religion (or lack thereof).
+a primary goal of tilde.team is to be inclusive to the largest number of contributors, with the most varied and diverse backgrounds possible. as such, we are committed to providing a friendly, safe and welcoming environment for all.
 
 this code of conduct outlines our expectations for all those who participate in our community, as well as the consequences for unacceptable behavior.
 

wiki/pages/domains.md

@@ -9,28 +9,28 @@ category:
 
 # tilde.team domains
 
-because [~ben](https://tilde.team/~ben/) hoards domain names, you can use the following domains are associated with tilde.team somehow:
+because [~ben](https://tilde.team/~ben/) hoards domain names, the following domains are associated with tilde.team and/or the tildeverse somehow:
 
-* nand.pub - not sure yet
-* nand.sh - alias
-* nand.team - not sure yet
-* nand.zone - not sure yet
-* ttm.sh - url shortener
-* tild3.org - alias
-* tild3.club - alias
-* tilde.chat - irc net
-* tilde.life - redirect
-* tilde.news - redirect
-* tilde.ninja - redirect
-* tilde.pizza - redirect
-* tilde.site - alias
-* tilde.wtf - redirect
-* tilde.zone - mastodon and related stuff
-* tildegit.org - gitea
-* tilderadio.org - tildeverse radio
-* tildeteam.org - alias
-* tildenet.org - redirect to tilde.chat
-* tildeverse.org - the tildeverse!
+* [nand.pub](https://nand.pub/) - not sure yet
+* [nand.sh](https://nand.sh/) - alias
+* [nand.team](https://nand.team/) - not sure yet
+* [nand.zone](https://nand.zone/) - not sure yet
+* [ttm.sh](https://ttm.sh/) - url shortener
+* [tild3.org](https://tild3.org/) - alias
+* [tild3.club](https://tild3.club/) - alias
+* [tilde.chat](https://tilde.chat/) - irc net
+* [tilde.life](https://tilde.life/) - redirect
+* [tilde.news](https://tilde.news/) - redirect
+* [tilde.ninja](https://tilde.ninja/) - redirect
+* [tilde.pizza](https://tilde.pizza/) - redirect
+* [tilde.site](https://tilde.site/) - alias
+* [tilde.wtf](https://tilde.wtf/) - redirect
+* [tilde.zone](https://tilde.zone/) - mastodon and related stuff
+* [tildegit.org](https://tildegit.org/) - gitea
+* [tilderadio.org](https://tilderadio.org/) - tildeverse radio
+* [tildeteam.org](https://tildeteam.org/) - alias
+* [tildenet.org](https://tildenet.org/) - redirect to tilde.chat
+* [tildeverse.org](https://tildeverse.org/) - the tildeverse!
 
 aliases can be used as-is, where redirects will simply change to a tilde.team url.
 

wiki/pages/irc.md

@@ -9,7 +9,7 @@ category:
 
 # [tildeverse irc](https://tilde.chat)
 
-hi tildizens!
+hi teammates!
 
 the tilde.chat irc network is available at tilde.chat:+6697 (with ssl)
 

wiki/pages/services.md

@@ -9,7 +9,7 @@ category:
 
 # tilde.team services
 
-i'll keep this wiki page updated with the services that are running on our little vps box :)
+i'll keep this wiki page updated with the services that we run and maintain :)
 
 
 ### our deployed projects
@@ -50,3 +50,8 @@ i'll keep this wiki page updated with the services that are running on our littl
 * [bbj](https://tildegit.org/team/bbj) ([web mirror here](https://bbj.tilde.team)) - forked from [desvox/bbj](https://github.com/desvox/bbj)
 * [gopher proxy](https://gopher.tilde.team)
 
+### tildeverse service
+
+tilde.team hosts several services for the tildeverse. 
+
+see [tildeverse.org](https://tildeverse.org) for more info.

wiki/pages/tildeblogs.md

@@ -1,7 +1,7 @@
 ---
 author: ~ben
 published: true
-title: tildeblogs
+title: tildeblogs with bashblog
 description: tildeblogs information
 category: 
     - main

wiki/pages/tildepages.md

@@ -24,7 +24,7 @@ see also the [master list of domains](?page=domains).
 
 this means you can access your user page from any of the following url formats, substituting domain and username:
 
-* `https://domain/~username/`
-* `https://domain/u/username/`
-* `https://username.domain/`
+* `https://domain.tld/~username/`
+* `https://domain.tld/u/username/`
+* `https://username.domain.tld/`