I'm thinking about running my own pubnix/tilde. It would be invite-only and have a bunch of cool things:
- git hosting with cgit or sourcehut
- gemini hosting
- web hosting
- gopher hosting
- FTP access
- about 2GB of storage
- matrix accounts + chat portal (Hydrogen seems cool)
- internal message board/email?
- maybe a CardDAV server?
I think it would be a very cool opportunity to learn a bit about Linux and the internet. However, I literally have no clue how to set this up. I found this comment on Reddit:
It happens that you're trying to build a tilde/pubnix? From my experience, tilde admins often give direct access to the system, but with proper permission elevation. Create a user group with limited permission (i.e. no sudo, disable specific software) and add their usernames to, give them a space in /home. Secondly, disable SSH passwords, ask them to send you their public keys, and only authenticate via public key. Finally, write a good/strict policy but also send a welcoming message. Also, you can look for further security practices, like changing default port, etc. but the key thing is proper user permission.
That's what I want. I was thinking about allowing password logins tho. I already have a VPS, which I want to reinstall to turn into this thing.
I basically want to configure the services in a way, that they all depend on Unix accounts. That way I can create a Unix account with suitable permissions for every member, and stuff should Just Work™.
So, I was thinking:
- Exposing all git repos in
~/git/
at the URLhttp(s)://git.example.com/~user/
(using cgit) andgemini://git.example.com/~user/
(using git.gmi) - Exposing
~/pub/gem/
atgemini://example.com/~user/
- Exposing
~/pub/web/
athttp(s)://example.com/~user/
- Exposing
~/pub/goph
atgopher://example.com/~user/
- Creating
@user:example.com
matrix account with the same password as Unix. Changing the Unix password will also change the matrix password and changing the password from a matrix client should not be allowed. - Hosting Hydrogen (matrix client) at
https://chat.example.com
- Maybe host a CardDAV server with an account for every user, similar to what I want for matrix.
Any pointers on how to set up something like this? How would I handle backups? (I know I can just backup all files in every member's home directory, but how would I handle something more complicated, like the matrix accounts?). How would I make something like this secure?
XMPP is a must. I automatically discard tildes that host matrix but not XMPP.