SysAdmin IT Manual for Fork Sand https://www.forksand.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

2.8 KiB

# radicle notes
radicle.xyz

# Install build deps
apt install \
-t buster-backports \
apache2 \
build-essential \
npm \
python3-certbot-apache \
yarnpkg

# Add firewall rules:
# UDP
-A INPUT -p udp --dport 12345 -j ACCEPT
# Web Admin
-A INPUT -p tcp --dport 8080 -j ACCEPT
# Web proxy
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Dev server
-A INPUT -p tcp --dport 5000 -j ACCEPT

# Enable apache modules
a2enmod ssl rewrite proxy proxy_http
a2ensite default-ssl.conf
systemctl restart apache2

# Set up certbot:
certbot

# test it:
echo rad.forksand.com > /var/www/html/index.html

# https://rad.forksand.com

# Configure apache2 https proxy

$ cat /etc/apache2/sites-enabled/000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName rad.forksand.com
SSLCertificateFile /etc/letsencrypt/live/rad.forksand.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rad.forksand.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =rad.spacecruft.net [OR]
RewriteCond %{SERVER_NAME} =rad.spacecruft.com
RewriteRule ^ https://rad.forksand.com%{REQUEST_URI} [END,NE,R=permanent]

ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/

</VirtualHost>
</IfModule>

EOF
# Install rustup
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

source $HOME/.cargo/env

# Install yarn
mkdir -p ~/bin/
cd ~/bin/
ln -s /usr/bin/yarnpkg yarn

which yarn

# Clone radicle
cd ~/devel/
git clone https://github.com/radicle-dev/radicle-bins.git
cd radicle-bins

# Build with yarn
cd seed/ui
yarn
yarn build

mkdir -p ~/.radicle-seed
chmod og-rwx ~/.radicle-seed

# add to ~/.bashrc
export PATH="$HOME/.radicale/bin:$PATH"

# Create key
cargo run -p radicle-keyutil -- --filename ~/.radicle-seed/secret.key


# Run the thing:
cat >>
#!/bin/bash

set -x

cd ~/devel/radicle-bins/

cargo run \
--verbose \
-p radicle-seed-node --release -- \
--log debug \
--root ~/.radicle-seed \
--peer-listen 0.0.0.0:12345 \
--http-listen 0.0.0.0:8080 \
--name "Fork Sand seedling" \
--public-addr "rad.forksand.com:12345" \
--assets-path seed/ui/public \
< ~/.radicle-seed/secret.key
EOF

# Dev mode
# To start a local dev server for preview, run: `yarn run dev`, then point your
# browser at: http://localhost:5000.
yarn run dev
# Dev tunnel
ssh -N -C -L 5000:localhost:5000 rad.forksand.com

# Peer to Peer
# p2p nodes example:
# hyy5s7ysg96fqa91gbe7h38yddh4mkokft7y4htt8szt9e17sxoe3h@seed.my.org:12345
# abc123@rad.forksand.com:12345