diff --git a/README.md b/README.md index 0fd8c0f..02421ac 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,8 @@ A pure Perl keyserver! When it receives a key, it does stuff to it then sticks * Postgresql server * A dedicated user would be nice +## Install Instructions from Top to Bottom + ### Install on your distro Maybe it is packaged by your distro maintainers? @@ -20,15 +22,27 @@ Maybe it is packaged by your distro maintainers? apt install libmojolicious-perl libmojo-pg-perl ``` Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry! -So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x. +So, right now, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install perl v5.38.x or higher. + + +### Create user: +#### Debian's adduser +``` +sudo adduser --group --home /var/lib/jjakkekeyserver --system -- jjakkekeyserver +``` + +#### not Debian +``` +sudo useradd --system --create-home --home-dir /var/lib/jjakkekeyserver --shell /bin/nologin jjakkekeyserver +``` ### postgres Probably not needed info, but postgres here is version 15. ``` -% sudo apt install postgresql postgresql-server-dev-15 +% sudo apt install postgresql postgresql-server-dev-xx % sudo -u postgres psql # test if 'active' so to speak. ``` -Follow instructions from 'Create relevent details for the database.' +Follow instructions from 'Create relevant details for the database.' ### perlbrew (with Debian 12.8) ``` @@ -50,26 +64,18 @@ jjakkekeyserver% exit % sudo chsh jjakkekeyserver -s /bin/nologin ``` -### Install via cpan (or cpan-minus, considered way better by most) +### Install modules via cpan (or cpan-minus, considered way better by most) ``` -cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util +cpanm Mojolicious Mojo::Pg ``` -Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on) +Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or has passed on there won't be permanently broken cpan repos that mojolicious depends on) ## To use -### Create a dedicated user to run this program (Debian) -``` -sudo adduser --group --home /var/jjakkekeyserver --system -- jjakkekeyserver -``` - -### Create a dedicated user to run this program (not Debian) -``` -sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver -``` - ### Create the config file ``` cp keyserver.conf.example keyserver.conf +vim keyserver.conf +chmod 600 keyserver.conf # this file has secrets ``` ### Create relevant details for the database. @@ -84,23 +90,21 @@ jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver; jjakkekeyserverdb=# exit ``` -### Caveats +## Caveats #### config file For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf somewhere, most likely working directory, but maybe the directory the program itself is in. -#### Usage of 'lib' +### Usage of 'lib' I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in. I will add a dedicated installer for this, later. KeyData.pm is useful. - -### Start Program +## Start Program ``` sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground ``` - -### Proxy +## Proxy It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443. ## Usage @@ -114,7 +118,6 @@ gpg --keyserver hkp(s)://hostname --recv-keys ### Web browser http(s)://hostname - ## SystemD Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not. diff --git a/jjakkekeyserver.service b/jjakkekeyserver.service index 1dd43fd..f84b068 100644 --- a/jjakkekeyserver.service +++ b/jjakkekeyserver.service @@ -4,10 +4,10 @@ After=network.target [Service] User=jjakkekeyserver -WorkingDirectory=/var/jjakkekeyserver/keyserver -ExecStart=/var/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin/hypnotoad -f /var/jjakkekeyserver/keyserver/keyserver -Environment=PERL5LIB=/var/jjakkekeyserver/perl5/lib/perl5 -Environment=PATH=/var/jjakkekeyserver/perl5/perlbrew/bin:/var/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin:$PATH +WorkingDirectory=/var/lib/jjakkekeyserver/keyserver +ExecStart=/var/lib/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin/hypnotoad -f /var/lib/jjakkekeyserver/keyserver/keyserver +Environment=PERL5LIB=/var/lib/jjakkekeyserver/perl5/lib/perl5 +Environment=PATH=/var/lib/jjakkekeyserver/perl5/perlbrew/bin:/var/lib/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin:$PATH Restart=always RestartSec=5 diff --git a/keyserver.conf.example b/keyserver.conf.example index 6204c3c..6b04717 100644 --- a/keyserver.conf.example +++ b/keyserver.conf.example @@ -4,7 +4,7 @@ 'http://127.0.0.1:8080' ], pid_file => './jjakkekeyserver.pid', - workers => 6 + workers => 1 # you're unlikely to need more }, pguser => 'jjakkekeyserver', pgpass => 'password',