diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..5f67ac0d --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.swo +*.swp diff --git a/README.md b/README.md new file mode 100644 index 00000000..bfa4af69 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# Skynet Portal diff --git a/setup-scripts/README.md b/setup-scripts/README.md new file mode 100644 index 00000000..fc2e563d --- /dev/null +++ b/setup-scripts/README.md @@ -0,0 +1,19 @@ +# Skynet Portal Setup Scripts + +This directory contains a setup guide and scripts that will install and +configure some basic requirements for running a Skynet Portal. The assumption is +that we are working with a Debian Buster Minimal system or similar. + +## Initial Setup +(Assumes we are logged in as root on a fresh installation of Debian) + +1. `apt-get update && apt-get install sudo` +2. `adduser user` +3. `usermod -a -G sudo user` +4. QUIT SSH SESSION +5. ON LOCAL COMPUTER: `ssh-copy-id user@ip-addr` +6. ON LOCAL COMPUTER: `ssh user@ip-addr` +7. (LOGGED IN AS USER): `sudo apt-get install git` +8. `git clone https://github.com/NebulousLabs/skynet-webportal` +9. `cd skynet-webportal/setup-scripts && ./setup.sh` +10. Once DNS records are set you can run: `./letsencrypt-setup.sh` diff --git a/setup-scripts/authorized_keys b/setup-scripts/authorized_keys new file mode 100644 index 00000000..05fb88c0 --- /dev/null +++ b/setup-scripts/authorized_keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYvvU/12GHURRz1wg/8goacZbktAwI/288TlxnYJne3 marcin.jachymiak1@gmail.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpBsw5mPBVIvVd5GX43VXWHWuLeR2h0lfw8vRyDFgmV0TqC9r0POfmWOdSo/QlxHOeI+7S8Ahj/JdDarrx3vJ2vJQkK/tN2bPS30tR0pbCkr0vE/lUWsEuVxOXK132wtFQ/pF3CoVipI8THUS7/Dtap/9fujcEm59dIi3obYGc9F+UetmNtrc+mb6KJ6a1hkaXjD12qP03srSQSDBjch/7nbFFzrRwCZ9DJntMu6Ux6NZ7RcFuXPCg0dK0lggEX/Agzh3KHe69dgiMh8sG0WwCb9vWqd6dtapCt7XKZSnEvyFE1YVZgpsd7bCnGe4vPS3kLsvxeojruDo8Oj3b0exHL9+3Rr4ndVVNHkDxhvlQFbGrd5eiG/brvGjS+ibscTuNukLeiCmBrI5KULObynI2dEQVQKREVywU/qX+xm68noEGBbiRt2L2ImyJvgpNdlyCkDyFhBTo/HtH1WHP1WJijfCHM3jxigeLPRV0GChKK1RbYjZIi6JNsalW7yad/qzHDzht+jBHHAjD4qGlfuNtzP4hs3FErGiQMVZ8g9Tgq8SxPLNOULpcCSwsLLlzfrLYdv52IgkwTIAFR9W+xHGrWypCba9pfskXWXlRNM61qYf3//H0BGHxtuNAASkJrVWwcCuOVN6/EcJOTS9qkg3JiWqs79z0F2I14+AfPFgBKQ== david@nebulouslabs.com diff --git a/setup-scripts/bashrc b/setup-scripts/bashrc new file mode 100644 index 00000000..3cc9f795 --- /dev/null +++ b/setup-scripts/bashrc @@ -0,0 +1,114 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=1000 +HISTFILESIZE=2000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + alacritty|xterm-color|*-256color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +# some more ls aliases +#alias ll='ls -l' +#alias la='ls -A' +#alias l='ls -CF' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi +export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/usr/local/go/bin:/home/user/go/bin diff --git a/setup-scripts/letsencrypt-setup.sh b/setup-scripts/letsencrypt-setup.sh new file mode 100755 index 00000000..49487ae8 --- /dev/null +++ b/setup-scripts/letsencrypt-setup.sh @@ -0,0 +1,5 @@ +#! /usr/bin/env bash +set -e + +sudo certbot --nginx -d siasky.net -d www.siasky.net +sudo certbot renew --dry-run diff --git a/setup-scripts/setup.sh b/setup-scripts/setup.sh new file mode 100755 index 00000000..1c305e01 --- /dev/null +++ b/setup-scripts/setup.sh @@ -0,0 +1,72 @@ +#! /usr/bin/env bash +set -e + +# Copy over basic configuration files. +cp ./tmux.conf ~/.tmux.conf +cp ./bashrc ~/.bashrc +source ~/.bashrc + +# Nodejs install prerequisite. From official documentation. +curl -sL https://deb.nodesource.com/setup_13.x | sudo -E bash - + +# Yarn install prerequisite. +curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - +echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list + +# Apt installations. +sudo apt-get update +sudo apt-get -y install ufw tmux ranger htop nload nginx certbot \ + python-certbot-nginx nodejs gcc g++ make yarn git vim + +# Install pm2 +sudo npm i -g pm2 + +# terminfo for alacritty terminal via ssh +wget -c https://raw.githubusercontent.com/alacritty/alacritty/master/extra/alacritty.info +sudo tic -xe alacritty,alacritty-direct alacritty.info +rm alacritty.info + +# Install Go 1.13.7. +wget -c https://dl.google.com/go/go1.13.7.linux-amd64.tar.gz +sudo tar -C /usr/local -xzf go1.13.7.linux-amd64.tar.gz +source ~/.bashrc +rm go1.13.7.linux-amd64.tar.gz + +# Sanity check that will pass if go was installed correctly. +go version + +# Install Sia +cwd=$(pwd) +cd ~/ +git clone https://gitlab.com/NebulousLabs/Sia +cd Sia && git checkout viewnode && make + +cd $cwd + +# Setup nginx config +sudo cp ./skynet-nginx.conf /etc/nginx/sites-available/skynet +sudo nginx -t +sudo ln -s /etc/nginx/sites-available/skynet /etc/nginx/sites-enabled/skynet +sudo rm /etc/nginx/sites-enabled/default +sudo systemctl reload nginx + +# Setup firewall +# TODO: disable plain HTTP eventually +sudo ufw enable +sudo ufw allow ssh +sudo ufw allow 'Nginx Full' +sudo ufw allow 'Nginx HTTP' + +# Setup skynet frontend. +cd ~/ +git clone https://github.com/NebulousLabs/skynet-webportal && cd skynet-webportal +yarn + +# Start the frontend. +pm2 --name skynet start npm -- start + +# Add SSH keys and set SSH configs +cd $cwd +sudo cp ./ssh_config /etc/ssh/ssh_config +mkdir -p ~/.ssh +cp ./authorized_keys ~/.ssh/authorized_keys diff --git a/setup-scripts/skynet-nginx.conf b/setup-scripts/skynet-nginx.conf new file mode 100644 index 00000000..ef0dc34c --- /dev/null +++ b/setup-scripts/skynet-nginx.conf @@ -0,0 +1,31 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name siasky.net www.siasky.net; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} + +server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + server_name siasky.net www.siasky.net; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} diff --git a/setup-scripts/ssh_config b/setup-scripts/ssh_config new file mode 100644 index 00000000..1b80182d --- /dev/null +++ b/setup-scripts/ssh_config @@ -0,0 +1,51 @@ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +Host * +# ForwardAgent no +# ForwardX11 no +# ForwardX11Trusted yes + PasswordAuthentication no +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# GSSAPIKeyExchange no +# GSSAPITrustDNS no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_ecdsa +# IdentityFile ~/.ssh/id_ed25519 +# Port 22 +# Protocol 2 +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# VisualHostKey no +# ProxyCommand ssh -q -W %h:%p gateway.example.com +# RekeyLimit 1G 1h + SendEnv LANG LC_* + HashKnownHosts no + GSSAPIAuthentication yes diff --git a/setup-scripts/tmux.conf b/setup-scripts/tmux.conf new file mode 100644 index 00000000..043bab9f --- /dev/null +++ b/setup-scripts/tmux.conf @@ -0,0 +1,18 @@ +# remap prefix from 'C-b' to 'C-a' +unbind C-b +set-option -g prefix C-a +bind-key C-a send-prefix + +# split panes using | and - +bind | split-window -h +bind - split-window -v +unbind '"' +unbind % + +# reload config file (change file location to your the tmux.conf you want to use) +bind r source-file ~/.tmux.conf + +set -g visual-activity off +set -g mouse on +# This copies highlighted text. +set -g mouse-select-window on