diff options
Diffstat (limited to 'docs/installation/netbsd_en.md')
| -rw-r--r-- | docs/installation/netbsd_en.md | 198 |
1 files changed, 198 insertions, 0 deletions
diff --git a/docs/installation/netbsd_en.md b/docs/installation/netbsd_en.md new file mode 100644 index 000000000..e0ac98359 --- /dev/null +++ b/docs/installation/netbsd_en.md @@ -0,0 +1,198 @@ +# Installing on NetBSD + +## Required software + +pkgin should have been installed by the NetBSD installer if you selected +the right options. If it isn't installed, install it using pkg_add. + +Note that `postgresql11-contrib` is needed for the Postgres extensions +Pleroma uses. + +The `mksh` shell is needed to run the Elixir `mix` script. + +`# pkgin install acmesh elixir git-base git-docs mksh nginx postgresql11-server postgresql11-client postgresql11-contrib sudo` + +You can also build these packages using pkgsrc: +``` +databases/postgresql11-contrib +databases/postgresql11-client +databases/postgresql11-server +devel/git-base +devel/git-docs +lang/elixir +security/acmesh +security/sudo +shells/mksh +www/nginx +``` + +Copy the rc.d scripts to the right directory: + +``` +# cp /usr/pkg/share/examples/rc.d/nginx /usr/pkg/share/examples/rc.d/pgsql /etc/rc.d +``` + +Add nginx and Postgres to `/etc/rc.conf`: + +``` +nginx=YES +pgsql=YES +``` + +## Configuring postgres + +First, run `# /etc/rc.d/pgsql start`. Then, `$ sudo -Hu pgsql -g pgsql createdb`. + +## Configuring Pleroma + +Create a user for Pleroma: + +``` +# groupadd pleroma +# useradd -d /home/pleroma -m -g pleroma -s /usr/pkg/bin/mksh pleroma +# echo 'export LC_ALL="en_GB.UTF-8"' >> /home/pleroma/.profile +# su -l pleroma -c $SHELL +``` + +Clone the repository: + +``` +$ cd /home/pleroma +$ git clone https://git.pleroma.social/pleroma/pleroma.git +``` + +Configure Pleroma. Note that you need a domain name at this point: + +``` +$ cd /home/pleroma/pleroma +$ mix deps.get +$ mix pleroma.instance gen # You will be asked a few questions here. +``` + +Since Postgres is configured, we can now initialize the database. There should +now be a file in `config/setup_db.psql` that makes this easier. Edit it, and +*change the password* to a password of your choice. Make sure it is secure, since +it'll be protecting your database. Now initialize the database: + +``` +$ sudo -Hu pgsql -g pgsql psql -f config/setup_db.psql +``` + +Postgres allows connections from all users without a password by default. To +fix this, edit `/usr/pkg/pgsql/data/pg_hba.conf`. Change every `trust` to +`password`. + +Once this is done, restart Postgres with `# /etc/rc.d/pgsql restart`. + +Run the database migrations. +You will need to do this whenever you update with `git pull`: + +``` +$ MIX_ENV=prod mix ecto.migrate +``` + +## Configuring nginx + +Install the example configuration file +`/home/pleroma/pleroma/installation/pleroma.nginx` to +`/usr/pkg/etc/nginx.conf`. + +Note that it will need to be wrapped in a `http {}` block. You should add +settings for the nginx daemon outside of the http block, for example: + +``` +user nginx nginx; +error_log /var/log/nginx/error.log; +worker_processes 4; + +events { +} +``` + +Edit the defaults: + +* Change `ssl_certificate` and `ssl_trusted_certificate` to +`/etc/nginx/tls/fullchain`. +* Change `ssl_certificate_key` to `/etc/nginx/tls/key`. +* Change `example.tld` to your instance's domain name. + +## Configuring acme.sh + +We'll be using acme.sh in Stateless Mode for TLS certificate renewal. + +First, get your account fingerprint: + +``` +$ sudo -Hu nginx -g nginx acme.sh --register-account +``` + +You need to add the following to your nginx configuration for the server +running on port 80: + +``` + location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ { + default_type text/plain; + return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; + } +``` + +Replace the string after after `$1.` with your fingerprint. + +Start nginx: + +``` +# /etc/rc.d/nginx start +``` + +It should now be possible to issue a cert (replace `example.com` +with your domain name): + +``` +$ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless +``` + +Let's add auto-renewal to `/etc/daily.local` +(replace `example.com` with your domain): + +``` +/usr/pkg/bin/sudo -Hu nginx -g nginx \ + /usr/pkg/sbin/acme.sh -r \ + -d example.com \ + --cert-file /etc/nginx/tls/cert \ + --key-file /etc/nginx/tls/key \ + --ca-file /etc/nginx/tls/ca \ + --fullchain-file /etc/nginx/tls/fullchain \ + --stateless +``` + +## Creating a startup script for Pleroma + +Copy the startup script to the correct location and make sure it's executable: + +``` +# cp /home/pleroma/pleroma/installation/netbsd/rc.d/pleroma /etc/rc.d/pleroma +# chmod +x /etc/rc.d/pleroma +``` + +Add the following to `/etc/rc.conf`: + +``` +pleroma=YES +pleroma_home="/home/pleroma" +pleroma_user="pleroma" +``` + +Run `# /etc/rc.d/pleroma start` to start Pleroma. + +## Conclusion + +Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running. + +If you need further help, contact niaa on freenode. + +Make sure your time is in sync, or other instances will receive your posts with +incorrect timestamps. You should have ntpd running. + +## Instances running NetBSD + +* <https://catgirl.science> |