this post was submitted on 18 Oct 2023
16 points (100.0% liked)

Linux

1257 readers
46 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
16
submitted 1 year ago* (last edited 1 year ago) by robin to c/linux@lemmy.ml
 

I'm thinking about running my own pubnix/tilde. It would be invite-only and have a bunch of cool things:

  • git hosting with cgit or sourcehut
  • gemini hosting
  • web hosting
  • gopher hosting
  • FTP access
  • about 2GB of storage
  • matrix accounts + chat portal (Hydrogen seems cool)
  • internal message board/email?
  • maybe a CardDAV server?

I think it would be a very cool opportunity to learn a bit about Linux and the internet. However, I literally have no clue how to set this up. I found this comment on Reddit:

It happens that you're trying to build a tilde/pubnix? From my experience, tilde admins often give direct access to the system, but with proper permission elevation. Create a user group with limited permission (i.e. no sudo, disable specific software) and add their usernames to, give them a space in /home. Secondly, disable SSH passwords, ask them to send you their public keys, and only authenticate via public key. Finally, write a good/strict policy but also send a welcoming message. Also, you can look for further security practices, like changing default port, etc. but the key thing is proper user permission.

That's what I want. I was thinking about allowing password logins tho. I already have a VPS, which I want to reinstall to turn into this thing.

I basically want to configure the services in a way, that they all depend on Unix accounts. That way I can create a Unix account with suitable permissions for every member, and stuff should Just Work™.

So, I was thinking:

  • Exposing all git repos in ~/git/ at the URL http(s)://git.example.com/~user/ (using cgit) and gemini://git.example.com/~user/ (using git.gmi)
  • Exposing ~/pub/gem/ at gemini://example.com/~user/
  • Exposing ~/pub/web/ at http(s)://example.com/~user/
  • Exposing ~/pub/goph at gopher://example.com/~user/
  • Creating @user:example.com matrix account with the same password as Unix. Changing the Unix password will also change the matrix password and changing the password from a matrix client should not be allowed.
  • Hosting Hydrogen (matrix client) at https://chat.example.com
  • Maybe host a CardDAV server with an account for every user, similar to what I want for matrix.

Any pointers on how to set up something like this? How would I handle backups? (I know I can just backup all files in every member's home directory, but how would I handle something more complicated, like the matrix accounts?). How would I make something like this secure?

you are viewing a single comment's thread
view the rest of the comments
[–] kraniax@lemmy.wtf 3 points 1 year ago

XMPP is a must. I automatically discard tildes that host matrix but not XMPP.