commit da11bd2125521df1099cd1edad848b601b13a4c7
parent eca6c7098bf6f921887240186f0891d39ea727f8
Author: Jake Bauer <jbauer@paritybit.ca>
Date: Sun, 12 Mar 2023 12:20:16 -0400
*
Diffstat:
8 files changed, 225 insertions(+), 259 deletions(-)
diff --git a/content/blog/choosing-an-investment-brokerage.md b/content/blog/choosing-an-investment-brokerage.md
@@ -23,7 +23,7 @@ could do: I made a spreadsheet.
</figure>
[Download the spreadsheet
-here](http://ftp.paritybit.ca/brokerage-comparison.ods) (if you notice any
+here](http://www.paritybit.ca/files/brokerage-comparison.ods) (if you notice any
incorrect or missing information, please contact me).
I made the spreadsheet in collaboration with my friend who is also in the same
diff --git a/content/blog/mastodon-is-dead-long-live-misskey.md b/content/blog/mastodon-is-dead-long-live-misskey.md
@@ -443,16 +443,8 @@ This isn't such a big deal if you only have maybe a couple hundred emoji at the
most, but is more tedious than it could be. The same goes for categorizing and
tagging those emoji.
-Finally, there is currently an issue where Misskey has trouble federating with
-profiles that have bios which are too long. This mostly affects people using
-Pleroma, since Mastodon caps bios at 500 characters and Pleroma sends a user's
-bio to the remote server as (a lot of) HTML so it's hard to tell when your bio
-is too long. Luckily, there is a simple patch you can easily apply to your
-instance which solves this problem by truncating fields which are too long for
-Misskey. An official fix is in the works, but for now it's very easy to drop
-this in the `misskey` folder, `git apply` it, and re-build. You can [download
-the patch
-here](https://ftp.paritybit.ca/d0858ec6-136f-414f-903f-e74c8463b94a.patch).
+<del>Finally, there is currently an issue where Misskey has trouble federating with
+profiles that have bios which are too long.</del> <ins>This has been fixed.</ins>
### On The User Side
diff --git a/content/blog/why-dwm-swallowing-cant-swallow-tmux.md b/content/blog/why-dwm-swallowing-cant-swallow-tmux.md
Binary files differ.
diff --git a/content/garden/index.md b/content/garden/index.md
@@ -203,8 +203,9 @@ Notes, configurations, and other things related to computer system administratio
* [OpenBSD NAS](openbsd-nas)
* [OpenBSD Router](openbsd-router)
* [OpenBSD Server Setup](openbsd-server-setup)
- * [OpenBSD Server Details](openbsd-server-details)
+ * [OpenBSD HTTP and Git Server](openbsd-server)
* [OpenBSD on the Desktop](openbsd-desktop)
+ * [IPv6 on Hetzner Cloud](openbsd-ipv6-hetzner)
* [MailMan3 on OpenBSD 7.1](https://xn--gckvb8fzb.com/mailman3-on-openbsd-71/)
* Misc:
* [Misskey Setup](misskey)
diff --git a/content/garden/openbsd-ipv6-hetzner.md b/content/garden/openbsd-ipv6-hetzner.md
@@ -0,0 +1,16 @@
+Title: Manually Configuring IPv6 in OpenBSD on Hetzner Cloud
+Summary: Manually Configuring IPv6 in OpenBSD on Hetzner Cloud
+
+# [%title]
+
+In hostname.vio0:
+
+```
+dhcp
+inet6 alias 2a01:4ff:f0:f61::1 64
+!route add -inet6 default fe80::1%vio0
+```
+
+Note that Hetzner routes all IPv6 traffic for their cloud instances through
+fe80::1.
+
diff --git a/content/garden/openbsd-server-details.md b/content/garden/openbsd-server-details.md
@@ -1,240 +0,0 @@
-Title: OpenBSD Server Details
-Summary: OpenBSD Server Details
-
-# [%title]
-
-[← Back](./)
-
-
-The server runs on a Hetzner CPX11 VPS which has:
-
-* 2 EPYC-based vCPUs
-* 2GB RAM
-* 40GB SSD
-* 20TB Bandwidth
-
-The server hosts an http server, a gemini server, a finger server, a git server, and a file sharing server.
-
-In addition to my normal OpenBSD Server Setup:
-
-[OpenBSD Server Setup](openbsd-server-setup.html)
-
-
-## IPv6
-
-Hetzner supports IPv6, but seemingly only through DHCPv6 or manual configuration. OpenBSD supports IPv6, but only using SLAAC or manual configuration. Therefore, some manual configuration in hostname.vio0 was needed to get IPv6 to work:
-
-```
-dhcp
-inet6 alias 2a01:4ff:f0:f61::1 64
-!route add -inet6 default fe80::1%vio0
-```
-
-Note that Hetzner routes all IPv6 traffic for their cloud instances through fe80::1.
-
-## TLS Certificates
-
-OpenBSD's acme-client is used to request certificates. This is the configuration:
-
-```
-authority letsencrypt {
- api url "https://acme-v02.api.letsencrypt.org/directory"
- account key "/etc/acme/letsencrypt-privkey.pem"
-}
-
-domain paritybit.ca {
- alternative names { www.paritybit.ca, ftp.paritybit.ca, git.paritybit.ca, jbauer.ca }
- domain key "/etc/ssl/private/paritybit.ca.key"
- domain full chain certificate "/etc/ssl/paritybit.ca.fullchain.pem"
- sign with letsencrypt
-}
-```
-
-Renewing the certificates is handled by /etc/monthly.local, which is run by cron once a month. The output is sent to me in an email.
-
-```
-next_part "Renewing TLS certificate(s):"
-acme-client -v -F paritybit.ca
-rcctl reload relayd httpd
-```
-
-My certificate and key are symlinked to /etc/ssl/server.crt and /etc/ssl/private/server.key so I can avoid having to specify their locations in httpd.conf.
-
-## HTTP/FTP Server
-
-The HTTP server uses OpenBSD's httpd which is very easy to configure and very light on resources.
-
-The file server is also hosted over HTTP also using httpd. Although the subdomain is "ftp", the ftp daemon is not active as it doesn't actually provide any benefit or use over just serving files with HTTP. There are no users who need to upload their own files to the server and httpd and ftpd chroot to different locations which would complicate administration.
-
-All of the domains are served by the following httpd configuration. It also handles the file server since that is done over http.
-
-```
-types {
- include "/usr/share/misc/mime.types"
-}
-
-# For certificate renewal
-server "default" {
- listen on * port 80
- location "/.well-known/acme-challenge/*" {
- root "/acme"
- request strip 2
- }
- location * {
- block return 301 "$REQUEST_SCHEME://$HTTP_HOST$REQUEST_URI"
- }
-}
-
-# Redirect to WWW
-server paritybit.ca {
- listen on * port 80
- listen on * tls port 443
- hsts {
- max-age 31536000
- preload
- subdomains
- }
- location * {
- block return 301 "$REQUEST_SCHEME://www.paritybit.ca$REQUEST_URI"
- }
-}
-
-server www.paritybit.ca {
- listen on * port 80
- listen on * tls port 443
- hsts {
- max-age 31536000
- preload
- subdomains
- }
- root "/paritybit.ca"
- gzip-static
- location match "/blog$" {
- block return 301 "$REQUEST_SCHEME://www.paritybit.ca/blog/"
- }
- location match "/projects$" {
- block return 301 "$REQUEST_SCHEME://www.paritybit.ca/projects/"
- }
- location match "/([^.]*[^/])$" {
- request rewrite "/%1.html"
- }
-}
-
-server ftp.paritybit.ca {
- listen on * port 80
- listen on * tls port 443
- hsts {
- max-age 31536000
- preload
- subdomains
- }
- root "/ftp.paritybit.ca"
- directory auto index
- location "/paste/" {
- directory no index
- }
-}
-
-server git.paritybit.ca {
- listen on * port 80
- listen on * tls port 443
- hsts {
- max-age 31536000
- preload
- subdomains
- }
- root "/git.paritybit.ca"
-}
-
-```
-
-Note that each site is available over HTTP in addition to HTTPS. This is to accommodate older clients that do not have up-to-date browsers, those that are slow enough such that TLS causes significant delay, or those that don't have a TLS library available. For a site like mine, where user data is not being sent to the server, this is acceptable. Users are free to choose HTTPS and, in doing so, the HSTS header will ensure a modern browser keeps using HTTPS.
-
-### Updating HTTP Server Content
-
-The following script re-compresses and changes ownership of website content whenever new or updated files are pushed to the server:
-
-```update-sites
-#!/bin/sh
-
-# Update the website
-echo "Chowning site contents..."
-chown -R www:daemon /var/www/paritybit.ca
-echo "Gzipping site contents..."
-gzip -fkrq /var/www/paritybit.ca/ 2>/dev/null
-```
-
-### Finger Server
-
-OpenBSD's inetd is used to call OpenBSD's fingerd for the finger server.
-
-The configuration in inetd for fingerd is:
-
-```/etc/inetd.conf
-finger stream tcp nowait _fingerd /usr/libexec/fingerd fingerd -lsmu
-finger stream tcp6 nowait _fingerd /usr/libexec/fingerd fingerd -lsmu
-```
-
-A user (jbauer) was created with ~/.plan and ~/.project files which are displayed by fingerd.
-
-### Git Server
-
-The "git server" is really nothing more than a git daemon to handle cloning/fetching/pulling and stagit to generate static pages for each repository so code and changes can be browsed from a web browser. SSH is used to push changes to the server, and the git daemon is invoked using OpenBSD's inetd.
-
-[stagit](https://codemadness.org/git/stagit/file/README.html)
-
-
-The static pages generated by stagit are served using the configuration in httpd.conf. Git repositories live in /var/git and updates are pushed there using SSH. The git daemon for cloning using the git:// protocol is invoked using inetd with the following configuration:
-
-```/etc/inetd.conf
-git stream tcp nowait _gitdaemon /usr/local/bin/git git daemon --inetd --verbose --base-path=/var/git --export-all /var/git/
-git stream tcp6 nowait _gitdaemon /usr/local/bin/git git daemon --inetd --verbose --base-path=/var/git --export-all /var/git/
-```
-
-The following script is run as an hourly cronjob to update the static pages and incorporate recently pushed changes. I may switch to using a post-receive hook instead of a cronjob if this doesn't end up fitting my needs.
-
-```stagit-update
-#!/bin/sh
-
-# Update all individual repos
-for repo in /var/git/*; do
- cd /var/www/git.paritybit.ca/"$(basename "$repo" .git)"
- /usr/local/bin/stagit "$repo"
-done
-
-# Re-generate the index page
-cd /var/www/git.paritybit.ca
-/usr/local/bin/stagit-index /var/git/* > index.html
-```
-
-The following script is used to make adding a new repository quicker and easier:
-
-```stagit-new
-#!/bin/sh
-
-printf "Project Name: "
-read name
-
-printf "Project Description: "
-read desc
-
-#printf "Project URL: "
-#read url
-url="https://git.sr.ht/~jbauer/$name"
-
-#printf "Project Owner: "
-#read owner
-owner="Jake Bauer"
-
-cd /var/www/git.paritybit.ca
-mkdir "$name" && cd "$name"
-ln -s ../favicon.png .
-ln -s ../logo.png .
-ln -s ../style.css .
-
-cd /var/git
-git clone --bare "$url"
-echo "$desc" > "$name".git/description
-echo "$owner" > "$name".git/owner
-echo "$url" > "$name".git/url
-```
diff --git a/content/garden/openbsd-server.md b/content/garden/openbsd-server.md
@@ -0,0 +1,204 @@
+Title: OpenBSD HTTP and Git Server
+Summary: OpenBSD HTTP and Git Server
+
+# [%title]
+
+[← Back](./)
+
+In addition to my normal [OpenBSD Server Setup](openbsd-server-setup.html):
+
+## TLS Certificates
+
+OpenBSD's acme-client is used to request certificates. This is the
+configuration:
+
+```
+authority letsencrypt {
+ api url "https://acme-v02.api.letsencrypt.org/directory"
+ account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+domain paritybit.ca {
+ alternative names { www.paritybit.ca, ftp.paritybit.ca, git.paritybit.ca, jbauer.ca }
+ domain key "/etc/ssl/private/server.key"
+ domain full chain certificate "/etc/ssl/server.crt"
+ sign with letsencrypt
+}
+```
+
+Renewing the certificates is handled by /etc/monthly.local, which is run by
+cron once a month. The output is sent to me in an email.
+
+```
+next_part "Renewing TLS certificate(s):"
+acme-client -v -F paritybit.ca
+rcctl reload relayd httpd
+```
+
+My certificate and key are called /etc/ssl/server.crt and
+/etc/ssl/private/server.key so I can avoid having to specify their locations in
+httpd.conf. If I had more than one domain I was handling on a server, I'd
+change this to reflect the explicit domain names.
+
+## HTTP Server
+
+The HTTP server uses OpenBSD's httpd which is very easy to configure and very
+light on resources. This is the configuration I use:
+
+```
+types {
+ include "/usr/share/misc/mime.types"
+}
+
+# WWW Redirect
+server paritybit.ca {
+ listen on * port 80
+ listen on * tls port 443
+ hsts {
+ max-age 31536000
+ preload
+ subdomains
+ }
+ location "/.well-known/acme-challenge/*" {
+ root "/acme"
+ request strip 2
+ }
+ location * {
+ block return 301 "$REQUEST_SCHEME://www.paritybit.ca$REQUEST_URI"
+ }
+}
+
+server www.paritybit.ca {
+ listen on * port 80
+ listen on * tls port 443
+ hsts {
+ max-age 31536000
+ preload
+ }
+ default type text/plain
+ root "/paritybit.ca"
+ gzip-static
+ location "/.well-known/acme-challenge/*" {
+ root "/acme"
+ request strip 2
+ }
+ location "/files/paste/*" {
+ directory no index
+ }
+ location "/files/*" {
+ directory auto index
+ }
+ location match "/([^.]*[^/])$" {
+ request rewrite "/%1.html"
+ }
+ location not found match "/.*[^/]$" {
+ block return 302 "$REQUEST_SCHEME://www.paritybit.ca$REQUEST_URI/"
+ }
+}
+
+server git.paritybit.ca {
+ listen on * port 80
+ listen on * tls port 443
+ hsts {
+ max-age 3153600
+ preload
+ }
+ root "/git.paritybit.ca"
+ location "/.well-known/acme-challenge/*" {
+ root "/acme"
+ request strip 2
+ }
+}
+```
+
+Note that each site is available over HTTP in addition to HTTPS. This is to
+accommodate older clients that do not have up-to-date browsers, those that are
+slow enough such that TLS causes significant delay, or those that don't have
+a TLS library available. For a site like mine, where user data is not being
+sent to the server, this is acceptable. Users are free to choose HTTPS and, in
+doing so, the HSTS header will ensure a modern browser keeps using HTTPS.
+
+### Updating HTTP Server Content
+
+The following script re-compresses and changes ownership of website content
+whenever new or updated files are pushed to the server:
+
+```
+#!/bin/sh
+chown -R www:daemon /var/www/paritybit.ca
+gzip -fkrq /var/www/paritybit.ca/ 2>/dev/null
+find /var/www/paritybit.ca/files/ -name '*.gz' -exec rm {} \;
+```
+
+Maybe there's a better way of doing this?
+
+### Git Server
+
+The "git server" is really nothing more than a git daemon to handle
+cloning/fetching/pulling and stagit to generate static pages for each
+repository so code and changes can be browsed from a web browser. SSH is used
+to push changes to the server, and the git daemon is invoked using OpenBSD's
+inetd.
+
+[stagit](https://codemadness.org/git/stagit/file/README.html)
+
+The static pages generated by stagit are served using the configuration in
+httpd.conf. Git repositories live in /var/git and updates are pushed there
+using SSH. The git daemon for cloning using the git:// protocol is invoked
+using inetd with the following configuration:
+
+```/etc/inetd.conf
+git stream tcp nowait _gitdaemon /usr/local/bin/git git daemon --inetd --verbose --base-path=/var/git --export-all /var/git/
+git stream tcp6 nowait _gitdaemon /usr/local/bin/git git daemon --inetd --verbose --base-path=/var/git --export-all /var/git/
+```
+
+The following script is run every 15 minutes to update the static pages and
+incorporate recently pushed changes. I may switch to using a post-receive hook
+instead of a cronjob if this doesn't end up fitting my needs.
+
+```stagit-update
+#!/bin/sh
+
+# Update all individual repos
+for repo in /var/git/*; do
+ cd /var/www/git.paritybit.ca/"$(basename "$repo" .git)"
+ /usr/local/bin/stagit "$repo"
+done
+
+# Re-generate the index page
+cd /var/www/git.paritybit.ca
+/usr/local/bin/stagit-index /var/git/* > index.html
+```
+
+The following script is used to make adding a new repository quicker and
+easier:
+
+```stagit-new
+#!/bin/sh
+
+printf "Project Name: "
+read name
+
+printf "Project Description: "
+read desc
+
+#printf "Project URL: "
+#read url
+url="https://git.sr.ht/~jbauer/$name"
+
+#printf "Project Owner: "
+#read owner
+owner="Jake Bauer"
+
+cd /var/www/git.paritybit.ca
+mkdir "$name" && cd "$name"
+ln -s ../favicon.png .
+ln -s ../logo.png .
+ln -s ../style.css .
+
+cd /var/git
+git clone --bare "$url"
+echo "$desc" > "$name".git/description
+echo "$owner" > "$name".git/owner
+echo "$url" > "$name".git/url
+```
diff --git a/content/meta.md b/content/meta.md
@@ -62,13 +62,6 @@ A page for testing the stylesheet.
<figcaption>This is an image in a figure block, this note is in a figcaption with <b>bold</b>, <i>italic</i>, <code>code</code> and a <a href="/meta.html">link</a>.</figcaption>
</figure>
-<figure>
- <a href="http://ftp.paritybit.ca/cc0raven.jpg">
- <img src="http://ftp.paritybit.ca/cc0raven-small.jpg" alt="A picture of a raven.">
- </a>
- <figcaption>This is an image with an external link to a higher resolution version.</figcaption>
-</figure>
-
<details>
<summary>This is a details block summary with <b>bold</b>, <i>italic</i>, <code>code</code>, and <a href="/meta.html">a link</a>.</summary>
<p>This is text inside the details block with <b>bold</b>, <i>italic</i>, <code>code</code>, and <a href="/meta.html">a link</a>.</p>
