From 4b01fd7f5fc5d6953fe3fa3e31e7d48b3048dac1 Mon Sep 17 00:00:00 2001 From: Arya Kiran Date: Sun, 11 Sep 2022 18:13:35 +0530 Subject: [PATCH] get author from md file, do not hardcode --- _config.sh | 1 - pblog.sh | 2 +- posts/vger.md | 98 ++++++++++++++++++++++++++++++++++++++++++++++++ posts/welcome.md | 1 + 4 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 posts/vger.md diff --git a/_config.sh b/_config.sh index 3110cf1..59489fd 100644 --- a/_config.sh +++ b/_config.sh @@ -6,7 +6,6 @@ DOMAIN="https://vern.cc" TITLE="Blog | ~vern" DESCRIPTION="The blog of ~vern" COPYRIGHT="Copyright 2022, ~vern administrators" -AUTHOR="root@vern.cc (~vern administrators)" OS="Linux" # "Linux" for Linux, "BSD" for BSD Systems (including MacOS) HTML_LANG="en_US" # Your document (HTML) language setting diff --git a/pblog.sh b/pblog.sh index 0035b7e..dfa5c66 100644 --- a/pblog.sh +++ b/pblog.sh @@ -55,7 +55,7 @@ else CAT_DATE=$(date -u -d "$(sed -n 's|^

\([^<]*\)

$|\1|p' $file)" +"%Y/%m/%d/%u") POST_DATE=$(date -u -d "$(sed -n 's|^

\([^<]*\)

$|\1|p' $file)" +"%a, %d %b %Y") fi - +AUTHOR="$(cat $file | htmlq .author --text)" echo " $POST_DATE $TIME $CAT_DATE diff --git a/posts/vger.md b/posts/vger.md new file mode 100644 index 0000000..1bc916a --- /dev/null +++ b/posts/vger.md @@ -0,0 +1,98 @@ +--- +title: How to setup vger, a gemini server +date: Sun, 11 Sep 2022 +author: ~aryak +--- + +Hi, + +I recently setup vger, a gemini server to replace agate on ~vern. + +Heres some instructions on how I did that, on GNU/Linux. + +Firstly, one of the hurdles i came across was that the instructions at the [git repo](https://tildegit.org/solene/vger) were very BSD-focused. + +In our setup, vger runs on the PubNixVM and the TLS Termination Proxy runs on the tilserv. + +To install vger, I git clon'd the repo, then ran `nix-shell` to get a shell with all the deps I need. After that I just ran `./configure` and `make`, like any old unix program. + +To start vger though, is a lot more weird. It cannot be started standalone, instead you have to start it through inetd (or an equivalent like xinetd). + +I went with Xinetd, and used its nix service to set it up. + +``` +services.xinetd.enable = true; +#services.xinetd.services = [ vger +services.xinetd.services = [ { + name = "vger"; + user = "gemini"; + server = "/var/gemini/vger/vger"; + serverArgs = "-v -i"; + protocol = "tcp"; + port = 11965; + unlisted = true; +} ]; +``` + +This translated to a Xinetd.conf that looks like this :- + + +``` +defaults +{ + log_type = SYSLOG daemon info + log_on_failure = HOST + log_on_success = PID HOST DURATION EXIT + +} + +service vger +{ + protocol = tcp + type = UNLISTED + + socket_type = stream + port = 11965 + wait = no + user = gemini + server = /var/gemini/vger/vger + server_args = -v -i + +} +``` + +Additionally, I enabled syslog with `services.syslogd.enable = true;` and set `ForwardToWall=no` in journald.conf (`services.journald.extraConfig = "ForwardToWall=no";`) so that it won't spam my terminal every time someone visits the capsule. + +With a quick nixos-rebuild switch, vger is running on port 11965. + +`-v` flag enabled virtual hosts. This means when you visit aryak.vern.cc, vger will look for the directory /var/gemini/aryak.vern.cc. + +But if you try to visit localhost:11965 with any gemini client, it will just give you a TLS error. + +This is because vger does not handle TLS, instead out-sourcing that to relayd, which hasn't been ported to GNU/Linux. + +So, instead of that, I used this simple (100 LOC) Go project called [TLSify](https://github.com/tlsify/tlsify) + +Its really simple, just run `tlsify tcp4 :11965 tcp4 :1965 /path/to/cert.pem /path/to/privkey.pem` + +I also made a systemd service for it :- + +``` +[Unit] +Description=TLS Termination Proxy for vger +After=libvirt.service + +[Service] +User=gemini +Type=simple +ExecStart=/usr/local/bin/tlsify tcp4 192.168.122.30:11965 tcp4 :1965 /etc/letsencrypt/live/vern.cc/cert.pem /etc/letsencrypt/live/vern.cc/privkey.pem + +[Install] +WantedBy=default.target +``` + +Now, just open 1965 through your firewall and you can access your gemini server! + +If you have any doubts/questions/recommendations, feel free to ask in #vern-chat + +~aryak diff --git a/posts/welcome.md b/posts/welcome.md index d787fd8..6b52520 100644 --- a/posts/welcome.md +++ b/posts/welcome.md @@ -1,6 +1,7 @@ --- title: Welcome to the new ~vern blog date: Thu, 08 Sep 2022 +author: ~vern team --- Hi,