Re-arrange README.md, reduce workers to 1, and perfer /var/lib/jjakkekeyserver instead of /var/jjakkekeyserver
This commit is contained in:
parent
e421c2d5ad
commit
1f0732f22c
3 changed files with 31 additions and 28 deletions
49
README.md
49
README.md
|
@ -12,6 +12,8 @@ A pure Perl keyserver! When it receives a key, it does stuff to it then sticks
|
||||||
* Postgresql server
|
* Postgresql server
|
||||||
* A dedicated user would be nice
|
* A dedicated user would be nice
|
||||||
|
|
||||||
|
## Install Instructions from Top to Bottom
|
||||||
|
|
||||||
### Install on your distro
|
### Install on your distro
|
||||||
Maybe it is packaged by your distro maintainers?
|
Maybe it is packaged by your distro maintainers?
|
||||||
|
|
||||||
|
@ -20,15 +22,27 @@ Maybe it is packaged by your distro maintainers?
|
||||||
apt install libmojolicious-perl libmojo-pg-perl
|
apt install libmojolicious-perl libmojo-pg-perl
|
||||||
```
|
```
|
||||||
Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry!
|
Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry!
|
||||||
So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x.
|
So, right now, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install perl v5.38.x or higher.
|
||||||
|
|
||||||
|
|
||||||
|
### Create user:
|
||||||
|
#### Debian's adduser
|
||||||
|
```
|
||||||
|
sudo adduser --group --home /var/lib/jjakkekeyserver --system -- jjakkekeyserver
|
||||||
|
```
|
||||||
|
|
||||||
|
#### not Debian
|
||||||
|
```
|
||||||
|
sudo useradd --system --create-home --home-dir /var/lib/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
|
||||||
|
```
|
||||||
|
|
||||||
### postgres
|
### postgres
|
||||||
Probably not needed info, but postgres here is version 15.
|
Probably not needed info, but postgres here is version 15.
|
||||||
```
|
```
|
||||||
% sudo apt install postgresql postgresql-server-dev-15
|
% sudo apt install postgresql postgresql-server-dev-xx
|
||||||
% sudo -u postgres psql # test if 'active' so to speak.
|
% sudo -u postgres psql # test if 'active' so to speak.
|
||||||
```
|
```
|
||||||
Follow instructions from 'Create relevent details for the database.'
|
Follow instructions from 'Create relevant details for the database.'
|
||||||
|
|
||||||
### perlbrew (with Debian 12.8)
|
### perlbrew (with Debian 12.8)
|
||||||
```
|
```
|
||||||
|
@ -50,26 +64,18 @@ jjakkekeyserver% exit
|
||||||
% sudo chsh jjakkekeyserver -s /bin/nologin
|
% sudo chsh jjakkekeyserver -s /bin/nologin
|
||||||
```
|
```
|
||||||
|
|
||||||
### Install via cpan (or cpan-minus, considered way better by most)
|
### Install modules via cpan (or cpan-minus, considered way better by most)
|
||||||
```
|
```
|
||||||
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
|
cpanm Mojolicious Mojo::Pg
|
||||||
```
|
```
|
||||||
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
|
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or has passed on there won't be permanently broken cpan repos that mojolicious depends on)
|
||||||
|
|
||||||
## To use
|
## To use
|
||||||
### Create a dedicated user to run this program (Debian)
|
|
||||||
```
|
|
||||||
sudo adduser --group --home /var/jjakkekeyserver --system -- jjakkekeyserver
|
|
||||||
```
|
|
||||||
|
|
||||||
### Create a dedicated user to run this program (not Debian)
|
|
||||||
```
|
|
||||||
sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
|
|
||||||
```
|
|
||||||
|
|
||||||
### Create the config file
|
### Create the config file
|
||||||
```
|
```
|
||||||
cp keyserver.conf.example keyserver.conf
|
cp keyserver.conf.example keyserver.conf
|
||||||
|
vim keyserver.conf
|
||||||
|
chmod 600 keyserver.conf # this file has secrets
|
||||||
```
|
```
|
||||||
|
|
||||||
### Create relevant details for the database.
|
### Create relevant details for the database.
|
||||||
|
@ -84,23 +90,21 @@ jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
|
||||||
jjakkekeyserverdb=# exit
|
jjakkekeyserverdb=# exit
|
||||||
```
|
```
|
||||||
|
|
||||||
### Caveats
|
## Caveats
|
||||||
#### config file
|
#### config file
|
||||||
For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf somewhere, most likely working directory, but maybe the directory the program itself is in.
|
For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf somewhere, most likely working directory, but maybe the directory the program itself is in.
|
||||||
|
|
||||||
#### Usage of 'lib'
|
### Usage of 'lib'
|
||||||
I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in.
|
I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in.
|
||||||
|
|
||||||
I will add a dedicated installer for this, later. KeyData.pm is useful.
|
I will add a dedicated installer for this, later. KeyData.pm is useful.
|
||||||
|
|
||||||
|
## Start Program
|
||||||
### Start Program
|
|
||||||
```
|
```
|
||||||
sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground
|
sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Proxy
|
||||||
### Proxy
|
|
||||||
It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.
|
It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
@ -114,7 +118,6 @@ gpg --keyserver hkp(s)://hostname --recv-keys <keyid>
|
||||||
### Web browser
|
### Web browser
|
||||||
http(s)://hostname
|
http(s)://hostname
|
||||||
|
|
||||||
|
|
||||||
## SystemD
|
## SystemD
|
||||||
|
|
||||||
Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.
|
Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.
|
||||||
|
|
|
@ -4,10 +4,10 @@ After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
User=jjakkekeyserver
|
User=jjakkekeyserver
|
||||||
WorkingDirectory=/var/jjakkekeyserver/keyserver
|
WorkingDirectory=/var/lib/jjakkekeyserver/keyserver
|
||||||
ExecStart=/var/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin/hypnotoad -f /var/jjakkekeyserver/keyserver/keyserver
|
ExecStart=/var/lib/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin/hypnotoad -f /var/lib/jjakkekeyserver/keyserver/keyserver
|
||||||
Environment=PERL5LIB=/var/jjakkekeyserver/perl5/lib/perl5
|
Environment=PERL5LIB=/var/lib/jjakkekeyserver/perl5/lib/perl5
|
||||||
Environment=PATH=/var/jjakkekeyserver/perl5/perlbrew/bin:/var/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin:$PATH
|
Environment=PATH=/var/lib/jjakkekeyserver/perl5/perlbrew/bin:/var/lib/jjakkekeyserver/perl5/perlbrew/perls/perl-5.40.0/bin:$PATH
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
'http://127.0.0.1:8080'
|
'http://127.0.0.1:8080'
|
||||||
],
|
],
|
||||||
pid_file => './jjakkekeyserver.pid',
|
pid_file => './jjakkekeyserver.pid',
|
||||||
workers => 6
|
workers => 1 # you're unlikely to need more
|
||||||
},
|
},
|
||||||
pguser => 'jjakkekeyserver',
|
pguser => 'jjakkekeyserver',
|
||||||
pgpass => 'password',
|
pgpass => 'password',
|
||||||
|
|
Loading…
Reference in a new issue