TildeClub/tilde.club
1
0
Fork 0
mirror of https://github.com/tildeclub/tilde.club.git synced 2026-03-10 05:00:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
367bbafa5f6e67ff2ae2057e5d01a9a35bc69696
tilde.club/docs/shellserver.md
deepend 367bbafa5f Reworked the main setup guide into a modern, provider-agnostic “build your own tilde” playbook with practical steps for provisioning, SSH hardening, public_html setup, /etc/skel planning, user lifecycle workflows, and operational safety. 
Added a structured “add functionality in layers” section (publishing, communication, collaboration, culture) plus a first-week launch checklist to help new operators grow safely and intentionally.
Updated README.md with a clear “start here” section that points operators to the key docs for creating and extending a tilde host.
Updated docs/shellserver.md to point at the new setup guide and introduced a concise “quick priorities” list for new admins.
2026-02-13 18:10:13 +00:00

48 lines
2.6 KiB
Markdown
Raw Blame History

# Setting up the tilde.club shell server (user host)
We want to document the ins and outs of setting up the server so others who are interested can learn (and help!).
## System setup
Start with [Build your own tilde-style server](./how-to-set-up-a-tilde.md) for a modern baseline. Historical package notes still live in [docs/server.org](./server.org).
## Quick priorities for new operators
If you are bringing up a new host, focus on these first:
1. Lock down SSH and require keys.
2. Get `/etc/skel` right before creating many users.
3. Verify `~/public_html` publishing works.
4. Document onboarding, moderation, and backup/restore workflows.
These four steps prevent many common early-stage tilde problems.
## /etc/skel directory
This is the directory that's used as the basis for all newly-created users' home directories, so it's good to get it right before adding new users to a shell server. We've created [a separate repo for the contents of the directory itself](https://github.com/tildeclub/tilde.etcskel), but since it's impossible to check in the appropriate file and directory permissions, [they're documented here](https://github.com/tildeclub/tilde.club/blob/master/docs/etc-skel-permissions.md).
## Email
The default MTA on CentOS is `postfix`. Our goal was to have a `localhost`-only mail service, which required that we configure `postfix` to listen only to `localhost`, and to bounce any email which local users try to send off-server. Both configuration changes are handled in `/etc/postfix/main.cf`.
* the `inet_interfaces` value should just be `localhost` (`inet_interfaces = localhost`)
* the `default_transport` parameter should be the bounce message we want (so add `default_transport = error: outside mail is not deliverable` to the bottom of the file)
### pine
Pine is sort of brain-dead about creating its `.addressbook` file in a user's home directory with `744` permissions; there doesn't appear to be an option to fix this. Instead, it's probably important to work around it before adding any new users:
1. Add `~/mail/` to `/etc/skel` with permissions `700` so that there's a user-accessible-only place for the file to live.
2. Create an `/etc/pine.conf` file that includes the config directive `address-book=mail/.addressbook` to put that file into this new home.
## identd
Users will connect from their shell account to an IRC server, so it is *very* handy to have an `identd` server. For us that just meant installing the standard CentOS `identd` server and configuring it to start automatically:
```
sudo yum install oidentd
sudo /etc/init.d/oidentd start
sudo chkconfig oidentd on
```
Reference in New Issue View Git Blame Copy Permalink