User:Maffblaster/Infrastructure

Article description::A place where I keep some infrastructure tips.

Gentoo for infrastructure
Gentoo for infrastructure? Yes, Gentoo can and should be used for infrastructure. Generally I run a badge on my sites when I indicate something is running Gentoo underneath.

CLI
Get the CLI program from the GURU ebuild repo:

Download and import the blockchain (optional). Download will take a while. As of Nov 10, 2021 the blockchain is just over 80 GBs and downloads on average of 2 MB/s.

Blockchain import does not appear to be working when run as a non-root user... Simpler to do a P2P download through the daemon.

Generate a wallet (if not done already).

Add the wallet to the daemon's configuration file:

GUI
Add  to global use flags for Qt:

Add the following

GemNotFound errors
Problem: Attempting to run a ruby program results in strange errors

Backups

 * Disk images

guacamole
Upcoming...

sr.ht
Upcoming...

Lychee
Available from r7l-overlay. Release note documentation. Homepage.


 * Add necessary PHP extensions.
 * Install composer.
 * Install ImageMagick with appropriate USE flags.
 * Create MySQL database.
 * Configure nginx:

PHP tweaks:

Jellyfin
Details to help Gentoo sysadmins with a Jellyfin installation. Documentation.

Available in ::gentoo.

Files

 * - OpenRC's configuration file. Adjust as necessary for the running service.

Generating a certificate for HTTPS
If authentication is to be performed over a network (Eg. the jellyfin service is not simply serving localhost, but clients that are across the network) it is important to encrypt the traffic. This protects the credentials used to authenticate and the privacy of the data contained in the media library, etc.

Let's Encrypt via Certbot
can be used to generate a certificate signed by the Let's Encrypt public certificate authority. Upstream has instructions for this.

Manual
Manual method implies the certificate is not signed by a public certificate authority; it is self-signed and will be untrusted by all major web browsers. This is to be expected, and does not indicate compromise of the protections afforded by encryption.

OpenSSL can be used to generate a self-signed certificate...

Connecting
By default the jellyfin service binds to port 8096 on all network interfaces (including the loop back address).

Open localhost:8096 if running from the local server, or :8096 if running from another host.

Fixing memory issue
From the commandline, first check for proper dependencies:

In this instance, the current PHP memory limited is advised to be adjusted up, so make the correction for the currently selected PHP implementation:

Restart PHP and then rerun the check above to verify the memory limit has been resolved.

Running the installer
Run the installer from the commandline:

Connecting to Nextcloud
Before connecting via HTTP on any host other than localhost, the trusted domain will need to be configured. This is located in the Nextcloud installation directory, followed by. Edit the file to add additional trusted domains or IP addresses to the array of values.

Modifying the production database location
Depending on the amount of users, a production database may grow quite large. By default, MySQL stories creates its data directory under the directory. This directory may be modified via the datadir variable in the file. Unless the is large enough to hold the database, consider modifying the the datadir path to a suitable location.

Configuring a production database
My default Nextcloud will use an SQLite database. While a "lite" database implementation may be good for single user testing purposes, it is not good if the system will be used in any moderate level of production. MySQL will be the database used in this guide.

Install the package:

Add SQL to the default runlevel (OpenRC):

Configure a new SQL database. Follow the prompts as necessary. Be sure to record the root user's password in a place where it will not be lost.

Start the SQL server:

Configure PHP to use MySQL
Upstream's guide

MySqli

Fill in the following as necessary, substituting  with a new username and   with a strong, random passwords. As stated above, be sure to record this information in a secure place.

Then, from the web root, run:

Sadly a workaround is required for database conversion on Nextcloud 21.

hief image preview support
In order for Nextcloud to include render support for hief images in the web browser, Imagemagick must support the hief file format.

External resources

 * Free Software Foundation Europe - Infrastructure living the ideals of software freedom
 * Preventing the Collapse of Civilization / Jonathan Blow (Thekla, Inc) - Technology will (and does) degrade
 * Keep a knowledge log