permacomputing

Source repository for the main permacomputing wiki site
git clone http://git.permacomputing.net/repos/permacomputing.git # read-only access
Log | Files | Refs
commit e16cf40dfbaf4cb1100f8e9e1b15da709393c277
parent dcc51eb273d462b467d58c3fd150b07e096b53d9
Author: decentral1se <decentral1se@web>
Date:   Sat,  4 Apr 2026 11:21:11 +0200

feat: moar rauthy docs

Diffstat:

Meik.mdwn | 29++++++++++++++++++++++++++---


1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/eik.mdwn b/eik.mdwn
@@ -36,6 +36,7 @@ We use `acme.sh` for handling certs, however expanding certs with a new domain i
      -d rotterdam.permacomputing.net \
      -d ireland.permacomputing.net \
      -d brewing.permacomputing.net \
+     -d enter.permacomputing.net \     
      -d newdomain.permacomputing.net
     
     acme.sh --install-cert \
@@ -49,6 +50,7 @@ We use `acme.sh` for handling certs, however expanding certs with a new domain i
     -d rotterdam.permacomputing.net \
     -d ireland.permacomputing.net \
     -d brewing.permacomputing.net \
+    -d enter.permacomputing.net \
     -d newdomain.permacomputing.net \
     --key-file /etc/nginx/certs/key.pem \
     --fullchain-file /etc/nginx/certs/cert.pem \
@@ -191,7 +193,16 @@ You cand send a test mail with the following:
 
     echo "Subject: test from eik" | /usr/sbin/sendmail -v some@where.nice
 
-rauthy
+Creating system users
+---------------------
+
+We seem to be doing this.
+
+    useradd --system --shell /sbin/nologin <username>
+
+And then using these in `systemd` files to run services with users with limited permissions. This is at least the case for `cerca` and `rauthy`. Documenting this in case we choose to do it differently in the future.
+
+Rauthy
 ------
 
 ### Build
@@ -204,8 +215,20 @@ You can build a binary for eik with the following. Make sure to check out a tag 
     rustup target add x86_64-unknown-linux-musl
     cargo build --target=x86_64-unknown-linux-musl
 
-### Configuration
+You can transfer to eik like so.
+
+    scp target/x86_64-unknown-linux-musl/release/rauthy eik.permacomputing.net:
 
-The Rauthy binary lives in /usr/bin/rauthy and it's configuration is to be found in /etc/rauthy/config.toml. Here are the [configuration reference docs](https://sebadob.github.io/rauthy/config/config.html).
+Don't forget to `mv` it to `/usr/local/bin` and `chown rauthy:rauthy` on the binary. You should also make sure `rauthy` is stopped on eik before replacing the binary.
+
+### Configure
+
+The `rauthy` binary lives in /usr/local/bin/rauthy and it's configuration and data is to be found in /etc/rauthy/config.toml. Here are the [configuration reference docs](https://sebadob.github.io/rauthy/config/config.html).
 
 You can `journalctl -fu rauthy` to follow along with the logs and the usual `systemctl restart rauthy` will restart Rauthy.
+
+Rauthy runs under the `rauthy` user, please prefix your commands with `sudo -su rauthy` if running commands directly on the configuration or data to avoid borking permissions.
+
+### Admin
+
+See the config.toml for the fallback admin email. Ask in Toolshed for the password. You can also create an account and be upgraded to administrator by applying the "rauthy_admin" role on user creation.