Editing Unicorn

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{servers}}
 
  
 
Unicorn is a homage to our long dead server, formerly known as [[Stallion]].
 
Unicorn is a homage to our long dead server, formerly known as [[Stallion]].
Line 6: Line 5:
  
 
This utility server is 4 cores, 24gb ram, 120gb ssd storage and 12tb bandwidth. <br>
 
This utility server is 4 cores, 24gb ram, 120gb ssd storage and 12tb bandwidth. <br>
'''Volunteers warmly encouraged to setup and maintain it!  Please contact us via the main [https://lists.noisebridge.net/listinfo/noisebridge-discuss Noisebridge Discussion Mailing List] or on our [https://discuss.noisebridge.info Discuss forum]'''
+
'''Volunteers warmly encouraged to setup and maintain it!  Please contact us via the main [https://lists.noisebridge.net/pipermail/noisebridge-discuss/2018-November/date.html Noisebridge Discussion Mailing List]'''
  
 
== Services ==
 
 
Unicorn currently hosts:
 
 
* [https://noisebridge.info/ https://noisebridge.info/] - Unicorn homepage
 
 
* [https://status.noisebridge.info/ https://status.noisebridge.info/] - [https://sourcegraph.github.io/checkup/ Checkup] is [https://github.com/sourcegraph/checkup a status page] and associated service that notifies us in Slack if one of our services go down!  [https://tryingtobeawesome.com/checkup/ Blog post describing setup] is located here.
 
** To add new health checks for other services, edit <code>/home/noisebridge/services/checkup/checkup.json</code>.  [https://github.com/noisebridge/config/blob/master/checkup.json See the configuration file here on our GitHub].
 
 
* [https://mt.noisebridge.info:30000 https://mt.noisebridge.info:30000] - [https://www.minetest.net/ MineTest] is a fully open variant of Minecraft!  Join us and enjoy.
 
 
* [https://minio.noisebridge.info/ https://minio.noisebridge.info/] - [https://minio.io/ Minio] instance (S3-compatible storage)
 
** Ask @elimisteve or [[User:James|@James]] for the auth keys needed for login
 
 
* [https://doc.noisebridge.info https://doc.noisebridge.info] - [https://github.com/hedgedoc/hedgedoc HedgeDoc] is a [[Doc|collaborative document]] editor formerly known as CodiMD
 
 
* [https://discuss.noisebridge.info/ https://discuss.noisebridge.info/] - [https://www.discourse.org/ Discourse] instance (discussion forums)
 
 
* [https://mumble.noisebridge.info/ https://mumble.noisebridge.info/] - [https://www.mumble.info/ Mumble] Audio chat over VOIP. Scales easily to hundreds of users.
 
 
* [https://gossip.noisebridge.info/ https://gossip.noisebridge.info/] - [https://www.scuttlebutt.nz/ Secure Scuttlebutt] - asynchronous p2p network. Details on our [[Pub]] wiki page.
 
 
* [https://bridge.noisebridge.info/ https://bridge.noisebridge.info/] - [https://github.com/RSS-Bridge/rss-bridge RSS-Bridge] converts arbitrary websites into RSS & Atom feeds. [[RSSbridge| See our wiki page]].
 
** You may [https://github.com/RSS-Bridge/rss-bridge/wiki/Whitelisting white list] new entries at <code>/home/noisebridge/data/rss-bridge/whitelist.txt</code>
 
 
* [https://test-discuss.noisebridge.info https://test-discuss.noisebridge.info] - testing instance of Discourse so we can mess with upgrades and plugins.
 
 
* [https://chat.noisebridge.info/ https://chat.noisebridge.info/] - [https://rocket.chat/ Rocket.chat] instance (to replace our Slack!)
 
 
* [https://leapchat.noisebridge.info/ https://leapchat.noisebridge.info/] - [https://www.leapchat.org/ LeapChat] instance (ephemeral encrypted Slack in your browser!)
 
** Visit [https://leapchat.noisebridge.info/ https://leapchat.noisebridge.info/] -> Get redirected to new end-to-end encrypted room
 
** Messages disappear after 90 days
 
** Was largely built at Noisebridge, by @elimisteve and other volunteers
 
** Contribute here (AGPLv3): [https://github.com/cryptag/leapchat https://github.com/cryptag/leapchat]
 
 
* [https://projects.noisebridge.info https://projects.noisebridge.info] - [https://secure.phabricator.com/ Phabricator] for management of Git, Mercurial, Subversion.
 
 
* [https://login.noisebridge.info https://login.noisebridge.info] - basic SSO for guarding services w/o their own account system (uses the Noisebridge Slack as the identity provider)
 
 
* [https://printprintprint.noisebridge.info https://printprintprint.noisebridge.info] - remote access to the OctoPrint instance driving our Creality CR-10 3D printer
 
 
* [https://space.noisebridge.info space.noisebridge.info] - experimental virtualized www edition of nbsp by Ⅹ
 
 
* [https://x.noisebridge.info x.noisebridge.info] - experimental personal site for Ⅹ
 
 
* [https://share.noisebridge.info share.noisebridge.info] - Next Cloud VM instance setup by James & Ⅹ
 
  
 
== System Info ==
 
== System Info ==
Line 62: Line 14:
 
* IP: <code>172.93.55.252</code>
 
* IP: <code>172.93.55.252</code>
  
* OS: Debian 10 Buster x86_64
+
* OS: Debian 9 x86_64
  
 
* Web server: Nginx is running on ports 80 and 443
 
* Web server: Nginx is running on ports 80 and 443
Line 71: Line 23:
  
 
* SSL: certbot runs every day to renew certs for all (sub)domains it knows about
 
* SSL: certbot runs every day to renew certs for all (sub)domains it knows about
** ...but to manually renew, run <code>/home/noisebridge/bin/recert; sudo service nginx restart</code>
 
  
 
* To add a new service at, say, <code>somethingcool.noisebridge.info</code>...
 
* To add a new service at, say, <code>somethingcool.noisebridge.info</code>...
 
** Create a file similar to <code>/etc/nginx/sites-available/noisebridge.info</code> called <code>/etc/nginx/sites-available/somethingcool.noisebridge.info</code>
 
** Create a file similar to <code>/etc/nginx/sites-available/noisebridge.info</code> called <code>/etc/nginx/sites-available/somethingcool.noisebridge.info</code>
 
** Run <code>sudo ln -s /etc/nginx/sites-available/somethingcool.noisebridge.info /etc/nginx/sites-enabled/somethingcool.noisebridge.info; sudo nginx -t</code>
 
** Run <code>sudo ln -s /etc/nginx/sites-available/somethingcool.noisebridge.info /etc/nginx/sites-enabled/somethingcool.noisebridge.info; sudo nginx -t</code>
** If you don't get any errors, add <code>-d somethingcool.noisebridge.info</code> to <code>/home/noisebridge/bin/recert</code> then run <code>/home/noisebridge/bin/recert</code> to (U)pdate the <code>*.noisebridge.info</code> SSL cert!
+
** If you don't get any errors, now run <code>sudo service nginx restart</code>
 
 
* Unicorn uses [https://wiki.ubuntu.com/UncomplicatedFirewall ufw] to whitelist which ports can receive incoming connections from the outside world.
 
** To add a port to the whitelist: <code>sudo ufw allow <port></code>
 
** To list firewall rules: <code>sudo ufw show added</code>
 
** To delete a firewall rule: <code>sudo ufw delete <rule></code>
 
** To view (and delete) rules chronologically rather than by port: <code>sudo ufw status numbered</code>
 
  
 
== Rules and Guidelines ==
 
== Rules and Guidelines ==
Line 93: Line 38:
  
 
* If you need a different version of some database that is already running on the default port, run the version you need in a Docker container, or on a different port (and that stores its data in a different directory!)
 
* If you need a different version of some database that is already running on the default port, run the version you need in a Docker container, or on a different port (and that stores its data in a different directory!)
 
 
== SSH Config ==
 
 
<code>
 
I can haz access?
 
Yes, but you are agreeing to be excellent to each other!
 
</code>
 
 
Consider generating a new SSH key pair with
 
 
<code>$ ssh-keygen -b 4096</code>
 
 
then calling it, say, <code>unicorn-nb</code>, then add this to your <code>~/.ssh/config</code> file:
 
 
<nowiki>
 
Host unicorn-nb
 
  User noisebridge
 
  Hostname 172.93.55.252
 
  PreferredAuthentications publickey
 
  IdentityFile ~/.ssh/unicorn-nb
 
</nowiki>
 
 
If your SSH pub key (<code>~/.ssh/unicorn-nb.pub</code>) has been added to <code>unicorn-nb:~/.ssh/authorized_keys</code>, you should now be able to shell in by typing
 
 
<code>$ ssh unicorn-nb</code>
 
 
...and thanks to the <code>~/.ssh/config</code> entry, the name of the server you're trying to SSH into -- namely <code>unicorn-nb</code> in this case -- should autocomplete!  Add your name to the access list below!
 
 
== SSH Access ==
 
 
* [[User:Mpmckenna8|@mpmckenna8]] - Matt M
 
* [[User:James|@James]] - James
 
* [[User:bfb|@bfb]]
 
* [[User:mana|mana]]
 
* [[User:tdfischer|Victoria]]
 
* [[User:Elimisteve|@elimisteve]]
 
* [[User:Rando|@rando]]
 
* [[User:spinda|@spinda]]
 
* [[User:Ⅹ|Ⅹ]]
 
* [https://github.com/marcoEDU/ @marco]
 
* [https://discuss.noisebridge.info/u/jnaulty jnaulty]
 
* [[User:r|@r]]
 
* [[User:jermops|@jermops]]
 
* [[User:culteejen|@culteejen]]
 
* [[User:pml|@pml]]
 
* [[User:croepha|@croepha]]
 
* [[User:Senoraraton|@Senoraraton]] - Claus
 
 
For SSH access, [https://discuss.noisebridge.info/ post to Discuss] or visit the #Unicorn Slack channel and ask @jslack, @elimisteve.
 
 
== DNS Access ==
 
 
noisebridge.info is registered on NameCheap.com .  As of 2019.02.13, @mindfu, @elimisteve, and @jslack have permission to edit DNS (on NameCheap).
 
 
Keeping in mind that <code>*.noisebridge.info</code> already points to Unicorn, if you nonetheless need to edit DNS, tell [[User:Elimisteve|@elimisteve]], [[User:James|@jslack]], or @mindfu your NameCheap username or email.
 
 
 
== Slack SSO ==
 
 
Services without their own authentication systems can be shielded a smidge from the ravages of the open internet by placing them behind the basic single sign-on (SSO) gateway at [https://login.noisebridge.info https://login.noisebridge.info].
 
 
In the target service's nginx configuration, add <code>include snippets/auth-init.conf;</code> toward the start of the main <code>server</code> block. Somewhere after that, add <code>include snippets/auth-require.conf;</code>, either in the <code>server</code> block or in the specific <code>location</code> block(s) you want to protect. See <code>/etc/nginx/sites-available/printprintprint.noisebridge.info</code> for an example.
 
 
Unauthenticated visitors will be redirected to Slack to sign in (via OAuth) with their Noisebridge Slack account, then redirected back to their destination. The login service injects a cookie to keep track of user sessions, and intercepts requests via nginx's <code>auth_request</code> mechanism to check for the presence of a valid cookie. See [https://printprintprint.noisebridge.info https://printprintprint.noisebridge.info] for what this looks like in the wild.
 
 
If configured on a reverse proxy-based service, the SSO gateway will automatically pass on the logged-in user's ID and Slack name via the <code>X-Noisebridge-User-ID</code> and <code>X-Noisebridge-User-Name</code> headers, respectively.
 
 
Note the intent here isn't to exclude anyone by requiring authentication, but to provide a modicum of protection against drive-by mischief for those services that need it (like OctoPrint).
 

Please note that all contributions to Noisebridge are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see Noisebridge:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.noisebridge.net/wiki/Unicorn"