• servers
• arkroyal

arkroyal

• debian stretch (9.0) x64
• Sort of puppet managed
• Vultr VPS Cloud Compute: 1x CPU, 1gb RAM, 25gb disk, $5/mon

local work

• need to do skel stuff
• Need to do bashrc stuff
• screenrc, toprc, vimrc
• setup SSH keys

IPv6

Autoconfigured

Puppet

Using local repo of serverless puppet stuff

Lets Encrypt for certs

After everything being broken all the time, I finally cleaned up and move the cert renewal stuff to something newer. After they stopped supporting the old ACME v1 client I'd been using since the beginning. -_-

Certbot kinda seems like a pain in the arse so I'm using Dehydrated: https://github.com/dehydrated-io/dehydrated

Way simpler, easier to configure and use, more intuitive. Win-win.

Config goes in /etc/dehydrated/domains.txt, gets run regularly from root's crontab. Weekly run of dehydrated -c and that's it.

I created /etc/dehydrated/manual_dns_challenge_hook.sh based on notes from https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script

nginx config

nginx catches ACME requests in the default vhost, and protected domains read their cert and key from /var/lib/dehydrated/certs/DOMAIN/

Wordpress

Running a vanilla Wordpress 5.8.3 for https://blog.meidokon.net/

Wordpress has come a long way, I'm genuinely impressed. The editor is fantastic now, the new Content Blocks scheme makes it a contender to Squarespace in my eyes, but you can self-host instead of using their cloud. Full control over the potential for speed and caching is very, very nice.

• New dir in ~furinkan/public_html/blog.meidokon.net

• Unpack it there, do the standard config

• Setup mysql DB, this is all muscle memory now

  CREATE USER 'furinkan'@'localhost' IDENTIFIED BY 'ASecurePassword';
  CREATE DATABASE furinkanblog;
  GRANT ALL PRIVILEGES ON furinkanblog.* TO 'furinkan'@'localhost' WITH GRANT OPTION;

• Fix up the wp-config accordingly and generate nonce strings as directed

• Add an entry to dehydrated cert config and run it to get a cert issued

  echo blog.meidokon.net >> /etc/dehydrated/domains.txt
  dehydrated -c

• Setup a new vhost in /etc/nginx/sites-enabled/blog.meidokon.net

  • Copy an existing one like despair, fix paths and hostnames everywhere

• Setup php-fpm for the site in /etc/php/7.0/fpm/pool.d/

  • Copy an existing one and update the poolname, username, path to socket

• Install PHP dependencies for Wordpress

  apt update
  apt install php7.0-{gd,curl,mbstring,zip} php-imagick

• Restart necessary services

  systemctl restart php7.0-fpm.service 
  systemctl restart nginx

Now go tweak it up however you like it.

Decommissioning a site on arkroyal

Admin bits

• Nuke the vhost
  • Note down the SSL cert paths
  • Note down access/error log paths
  • Delete the vhost file
  • Restart nginx
  • Delete the SSL files
  • Remove it from the autorenew script (which is probably broken anyway)
    • root's crontab
    • Remove from puppet in /etc/puppet/code/site.pp (it's not active now either)
  • Nuke web logs as well
  • Remove DNS entries for the site, if needed

User content bits

• Clean out the public_html/SITENAME

Moin customisation

I've tweaked the memodump theme to take advantage of really big screens (ie. my normal-sized one).

Upgrade to moin 1.9.11

Download and unpack new version to moin user account. I'm going to "install" moin locally (in the homedir), and keep the instance data separate from the code that it's executing.

cd moin-1.9.11/
python setup.py install --user --force --record=2021-06-28_moin_install.log --install-data=~/moin_instance
Writing /home/moin/.local/lib/python2.7/site-packages/moin-1.9.11.egg-info
writing list of installed files to '2021-06-28_moin_install.log'

Update ~/.profile to include the moin binary

# set PATH so it includes user's private local bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
    PATH="$HOME/.local/bin:$PATH"
fi

Move the instance contents to dir where I wanted it, the intermediate dirs are completely empty and make no sense for a user-local install.

moin@arkroyal:~/moin_instance$ mv share/moin/* ./

In instance/server/, copy moin.wsgi to app.py and fix up the config path. Can leave the app path because it's "installed" now.

# Set 1b) to instance/config/
sys.path.insert(0, '/home/moin/moin_instance/config')

Move the old instance data to the new empty instance dir:

moin@arkroyal:~/moin_instance/data$ rm -rf cache dict edit-log event-log meta pages user plugin

moin@arkroyal:~/apps/moin-1.9.3/wiki/data$ cp -a cache dict edit-log event-log* meta pages plugin user ~/moin_instance/data/             

Run the upgrade now:

moin@arkroyal:~/moin_instance$ moin --config-dir /home/moin/moin_instance --wiki-url=https://moin.meidokon.net/ migration data

Following the rest of the guide: stop moin, delete cache with moin ... maint cleancache, start moin again

moin@arkroyal:~/moin_instance$ moin --config-dir=/home/moin/moin_instance maint cleancache