Re-arrange README.md, reduce workers to 1, and perfer /var/lib/jjakkekeyserver instead of /var/jjakkekeyserver

This commit is contained in:
jake 2024-11-19 12:07:36 -05:00
parent e421c2d5ad
commit 1f0732f22c
3 changed files with 31 additions and 28 deletions

View file

@ -12,6 +12,8 @@ A pure Perl keyserver! When it receives a key, it does stuff to it then sticks
* Postgresql server * Postgresql server
* A dedicated user would be nice * A dedicated user would be nice
## Install Instructions from Top to Bottom
### Install on your distro ### Install on your distro
Maybe it is packaged by your distro maintainers? Maybe it is packaged by your distro maintainers?
@ -20,15 +22,27 @@ Maybe it is packaged by your distro maintainers?
apt install libmojolicious-perl libmojo-pg-perl apt install libmojolicious-perl libmojo-pg-perl
``` ```
Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry! Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry!
So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x. So, right now, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install perl v5.38.x or higher.
### Create user:
#### Debian's adduser
```
sudo adduser --group --home /var/lib/jjakkekeyserver --system -- jjakkekeyserver
```
#### not Debian
```
sudo useradd --system --create-home --home-dir /var/lib/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
```
### postgres ### postgres
Probably not needed info, but postgres here is version 15. Probably not needed info, but postgres here is version 15.
``` ```
% sudo apt install postgresql postgresql-server-dev-15 % sudo apt install postgresql postgresql-server-dev-xx
% sudo -u postgres psql # test if 'active' so to speak. % sudo -u postgres psql # test if 'active' so to speak.
``` ```
Follow instructions from 'Create relevent details for the database.' Follow instructions from 'Create relevant details for the database.'
### perlbrew (with Debian 12.8) ### perlbrew (with Debian 12.8)
``` ```
@ -50,26 +64,18 @@ jjakkekeyserver% exit
% sudo chsh jjakkekeyserver -s /bin/nologin % sudo chsh jjakkekeyserver -s /bin/nologin
``` ```
### Install via cpan (or cpan-minus, considered way better by most) ### Install modules via cpan (or cpan-minus, considered way better by most)
``` ```
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util cpanm Mojolicious Mojo::Pg
``` ```
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on) Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or has passed on there won't be permanently broken cpan repos that mojolicious depends on)
## To use ## To use
### Create a dedicated user to run this program (Debian)
```
sudo adduser --group --home /var/jjakkekeyserver --system -- jjakkekeyserver
```
### Create a dedicated user to run this program (not Debian)
```
sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
```
### Create the config file ### Create the config file
``` ```
cp keyserver.conf.example keyserver.conf cp keyserver.conf.example keyserver.conf
vim keyserver.conf
chmod 600 keyserver.conf # this file has secrets
``` ```
### Create relevant details for the database. ### Create relevant details for the database.
@ -84,23 +90,21 @@ jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
jjakkekeyserverdb=# exit jjakkekeyserverdb=# exit
``` ```
### Caveats ## Caveats
#### config file #### config file
For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf somewhere, most likely working directory, but maybe the directory the program itself is in. For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf somewhere, most likely working directory, but maybe the directory the program itself is in.
#### Usage of 'lib' ### Usage of 'lib'
I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in. I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in.
I will add a dedicated installer for this, later. KeyData.pm is useful. I will add a dedicated installer for this, later. KeyData.pm is useful.
## Start Program
### Start Program
``` ```
sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground
``` ```
## Proxy
### Proxy
It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443. It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.
## Usage ## Usage
@ -114,7 +118,6 @@ gpg --keyserver hkp(s)://hostname --recv-keys <keyid>
### Web browser ### Web browser
http(s)://hostname http(s)://hostname
## SystemD ## SystemD
Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not. Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.

View file

@ -4,10 +4,10 @@ After=network.target
[Service] [Service]
User=jjakkekeyserver User=jjakkekeyserver
WorkingDirectory=/var/jjakkekeyserver/keyserver WorkingDirectory=/var/lib/jjakkekeyserver/keyserver
ExecStart=/var/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin/hypnotoad -f /var/jjakkekeyserver/keyserver/keyserver ExecStart=/var/lib/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin/hypnotoad -f /var/lib/jjakkekeyserver/keyserver/keyserver
Environment=PERL5LIB=/var/jjakkekeyserver/perl5/lib/perl5 Environment=PERL5LIB=/var/lib/jjakkekeyserver/perl5/lib/perl5
Environment=PATH=/var/jjakkekeyserver/perl5/perlbrew/bin:/var/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin:$PATH Environment=PATH=/var/lib/jjakkekeyserver/perl5/perlbrew/bin:/var/lib/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin:$PATH
Restart=always Restart=always
RestartSec=5 RestartSec=5

View file

@ -4,7 +4,7 @@
'http://127.0.0.1:8080' 'http://127.0.0.1:8080'
], ],
pid_file => './jjakkekeyserver.pid', pid_file => './jjakkekeyserver.pid',
workers => 6 workers => 1 # you're unlikely to need more
}, },
pguser => 'jjakkekeyserver', pguser => 'jjakkekeyserver',
pgpass => 'password', pgpass => 'password',