TildeClub/tilde.club
1
0
Fork 0
mirror of https://github.com/tildeclub/tilde.club.git synced 2026-03-10 05:00:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
367bbafa5f6e67ff2ae2057e5d01a9a35bc69696
tilde.club/docs/shellserver.md
deepend 367bbafa5f Reworked the main setup guide into a modern, provider-agnostic “build your own tilde” playbook with practical steps for provisioning, SSH hardening, public_html setup, /etc/skel planning, user lifecycle workflows, and operational safety. 
Added a structured “add functionality in layers” section (publishing, communication, collaboration, culture) plus a first-week launch checklist to help new operators grow safely and intentionally.
Updated README.md with a clear “start here” section that points operators to the key docs for creating and extending a tilde host.
Updated docs/shellserver.md to point at the new setup guide and introduced a concise “quick priorities” list for new admins.
2026-02-13 18:10:13 +00:00

2.6 KiB
Raw Blame History

Setting up the tilde.club shell server (user host)

We want to document the ins and outs of setting up the server so others who are interested can learn (and help!).

System setup

Start with Build your own tilde-style server for a modern baseline. Historical package notes still live in docs/server.org.

Quick priorities for new operators

If you are bringing up a new host, focus on these first:

  1. Lock down SSH and require keys.
  2. Get /etc/skel right before creating many users.
  3. Verify ~/public_html publishing works.
  4. Document onboarding, moderation, and backup/restore workflows.

These four steps prevent many common early-stage tilde problems.

/etc/skel directory

This is the directory that's used as the basis for all newly-created users' home directories, so it's good to get it right before adding new users to a shell server. We've created a separate repo for the contents of the directory itself, but since it's impossible to check in the appropriate file and directory permissions, they're documented here.

Email

The default MTA on CentOS is postfix. Our goal was to have a localhost-only mail service, which required that we configure postfix to listen only to localhost, and to bounce any email which local users try to send off-server. Both configuration changes are handled in /etc/postfix/main.cf.

  • the inet_interfaces value should just be localhost (inet_interfaces = localhost)
  • the default_transport parameter should be the bounce message we want (so add default_transport = error: outside mail is not deliverable to the bottom of the file)

pine

Pine is sort of brain-dead about creating its .addressbook file in a user's home directory with 744 permissions; there doesn't appear to be an option to fix this. Instead, it's probably important to work around it before adding any new users:

  1. Add ~/mail/ to /etc/skel with permissions 700 so that there's a user-accessible-only place for the file to live.
  2. Create an /etc/pine.conf file that includes the config directive address-book=mail/.addressbook to put that file into this new home.

identd

Users will connect from their shell account to an IRC server, so it is very handy to have an identd server. For us that just meant installing the standard CentOS identd server and configuring it to start automatically:

sudo yum install oidentd
sudo /etc/init.d/oidentd start
sudo chkconfig oidentd on
Reference in New Issue View Git Blame Copy Permalink